From 3b7d89ca69f439595880eab85b106bfecaaa7967 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Fri, 26 Jul 2019 19:15:52 -0700 Subject: [PATCH 01/53] add message (#791) (#792) --- .../resolved-issues-windows-10-1903.yml | 2 ++ .../status-windows-10-1607-and-windows-server-2016.yml | 6 ++++-- windows/release-information/status-windows-10-1703.yml | 4 ++-- windows/release-information/status-windows-10-1709.yml | 4 ++-- windows/release-information/status-windows-10-1803.yml | 4 ++-- .../status-windows-10-1809-and-windows-server-2019.yml | 4 ++-- windows/release-information/status-windows-10-1903.yml | 10 +++++----- windows/release-information/windows-message-center.yml | 8 ++++---- 8 files changed, 23 insertions(+), 19 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index e791545b58..ad580c30ce 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -55,6 +56,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		July 26, 2019
02:00 PM PT
Loss of functionality in Dynabook Smartphone Link app
After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
July 11, 2019
01:54 PM PT
Error attempting to update with external USB device or memory card attached
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Audio not working with Dolby Atmos headphones and home theater
Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
+
DetailsOriginating updateStatusHistory
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. You may also receive an error in the Application section of Windows Logs in Event Viewer with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.

This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.

Affected platforms
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		Resolved:
July 26, 2019
02:00 PM PT

Opened:
June 28, 2019
05:01 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4501375.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved
KB4501375		Resolved:
June 27, 2019
10:00 AM PT

Opened:
June 12, 2019
11:11 AM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 31c6e06ec3..f0ba7ea7a3 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + @@ -84,7 +85,8 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
July 25, 2019
06:10 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Mitigated
July 26, 2019
04:58 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
July 26, 2019
04:08 PM PT
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
July 10, 2019
07:09 PM PT
- + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
Last updated:
July 25, 2019
06:10 PM PT

Opened:
July 25, 2019
06:10 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

Affected platforms:
  • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server 2016
Workaround: To mitigate this issue, you need to Enable Script Debugging using one of the following ways.

You can configure the below registry key:
Registry setting: HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main
Value: Disable Script Debugger
Type: REG_SZ
Data: no

Or you can Enable Script Debugging in Internet Settings. You can open Internet Setting by either typing Internet Settings into the search box on Windows or by selecting Internet Options in Internet Explorer. Once open, select Advanced then Browsing and finally, select Enable Script Debugging.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3085

July 09, 2019
KB4507460		Mitigated
Last updated:
July 26, 2019
04:58 PM PT

Opened:
July 26, 2019
04:58 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 1055bb156e..b682373dce 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
July 26, 2019
04:08 PM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 15063.1805

May 14, 2019
KB4499181		Resolved
KB4507450		July 09, 2019
10:00 AM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 15063.1839

May 28, 2019
KB4499162		Resolved
KB4509476		June 26, 2019
04:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
Last updated:
July 25, 2019
06:10 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 4667f66e88..fcd770b784 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
July 26, 2019
04:08 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4509477		June 26, 2019
04:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
Last updated:
July 25, 2019
06:10 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 166d39fa83..d829da6310 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
July 26, 2019
04:08 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 17134.799

May 21, 2019
KB4499183		Resolved
KB4509478		June 26, 2019
04:00 PM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
June 14, 2019
04:41 PM PT
- +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
Last updated:
July 25, 2019
06:10 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index a8d6b78e6b..65bd34e1b5 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
July 26, 2019
04:08 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
July 10, 2019
07:09 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 17763.529

May 21, 2019
KB4497934		Resolved
KB4509479		June 26, 2019
04:00 PM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
June 14, 2019
04:41 PM PT
- +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
Last updated:
July 25, 2019
06:10 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index a1ebf8f433..bfe5a1a1d9 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -22,7 +22,7 @@ sections:
Current status as of July 16, 2019:
-
We are initiating the Windows 10 May 2019 Update for customers with devices that are at or nearing end of service and have not yet updated their device. Keeping these devices both supported and receiving monthly updates is critical to device security and ecosystem health. Based on the large number of devices running the April 2018 Update, that will reach the end of 18 months of service on November 12, 2019, we are starting the update process now for Home and Pro editions to help ensure adequate time for a smooth update process.

Our update rollout process takes into consideration the scale and complexity of the Windows 10 ecosystem, with the many hardware, software, and app configuration options users have, to provide a seamless update experience for all users. We closely monitor update feedback to allow us to prioritize those devices likely to have a good update experience and quickly put safeguards on other devices while we address known issues. Windows 10 Home and Pro edition users will have the ability to pause the update for up to 35 days so they can choose a convenient time.

The Windows 10 May 2019 Update is available for any user who manually selects “Check for updates” via Windows Update on a device that does not have a safeguard hold for issues already detected. If you are not offered the update, please check below for any known issues that may affect your device.

We recommend commercial customers running earlier versions of Windows 10 begin targeted deployments of Windows 10, version 1903 to validate that the apps, devices, and infrastructure used by their organizations work as expected with the new release and features.

Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
+
We are initiating the Windows 10 May 2019 Update for customers with devices that are at or nearing end of service and have not yet updated their device. Keeping these devices both supported and receiving monthly updates is critical to device security and ecosystem health. Based on the large number of devices running the April 2018 Update, that will reach the end of 18 months of service on November 12, 2019, we are starting the update process now for Home and Pro editions to help ensure adequate time for a smooth update process.

Our update rollout process takes into consideration the scale and complexity of the Windows 10 ecosystem, with the many hardware, software, and app configuration options users have, to provide a seamless update experience for all users. We closely monitor update feedback to allow us to prioritize those devices likely to have a good update experience and quickly put safeguards on other devices while we address known issues. Windows 10 Home and Pro edition users will have the ability to pause the update for up to 35 days so they can choose a convenient time.

The Windows 10 May 2019 Update is available for any user who manually selects “Check for updates” via Windows Update on a device that does not have a safeguard hold for issues already detected. If you are not offered the update, please check below for any known issues that may affect your device.

We recommend commercial customers running earlier versions of Windows 10 begin targeted deployments of Windows 10, version 1903 to validate that the apps, devices, and infrastructure used by their organizations work as expected with the new release and features.

Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
" @@ -65,7 +65,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + @@ -73,7 +74,6 @@ sections: - @@ -97,7 +97,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 25, 2019
06:10 PM PT
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		July 26, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 26, 2019
04:08 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
July 25, 2019
06:10 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Some apps or games that needs to perform graphics intensive operations may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 16, 2019
09:04 AM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 12, 2019
04:42 PM PT
Error attempting to update with external USB device or memory card attached
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Audio not working with Dolby Atmos headphones and home theater
Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Mitigated
July 10, 2019
07:09 PM PT
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated
July 01, 2019
05:04 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved
KB4501375		June 27, 2019
10:00 AM PT
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language was changed between updates

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Investigating
June 10, 2019
06:06 PM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
May 24, 2019
11:02 AM PT
- + @@ -110,7 +110,7 @@ sections: - type: markdown text: "
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms may not start up
Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 25, 2019
06:10 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST driver version between 15.1.0.1002 and 15.5.2.1053 installed from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.6.1044.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: To resolve this issue, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for the May 2019 Update.

Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
Last updated:
July 25, 2019
06:10 PM PT

Opened:
July 25, 2019
06:10 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 16, 2019
09:04 AM PT

Opened:
July 12, 2019
04:20 PM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution that will be made available in upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 12, 2019
04:42 PM PT

Opened:
July 12, 2019
04:42 PM PT
- +
DetailsOriginating updateStatusHistory
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. You may also receive an error in the Application section of Windows Logs in Event Viewer with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.

This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.

Affected platforms
  • Client: Windows 10, version 1903
Workaround: To mitigate this issue, use one of the steps below, either the group policy step or the registry step, to configure one of the default telemetry settings:

Set the value for the following group policy settings:
  1. Group Policy Path: Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\Allow Telemetry
  2. Safe Policy Setting: Enabled and set to 1 (Basic) or 2 (Enhanced) or 3 (Full)

Or set the following registry value:

SubKey: HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection

Setting: AllowTelemetry

Type: REG_DWORD

Value: 1, 2 or 3


Note If the Remote Access Connection Manager service is not running after setting the Group Policy or registry key, you will need to manually start the service or restart the device.

Next Steps: We are working on a resolution and estimate a solution will be available in late July.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated
Last updated:
July 01, 2019
05:04 PM PT

Opened:
June 28, 2019
05:01 PM PT
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. You may also receive an error in the Application section of Windows Logs in Event Viewer with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.

This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.

Affected platforms
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		Resolved:
July 26, 2019
02:00 PM PT

Opened:
June 28, 2019
05:01 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4501375.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved
KB4501375		Resolved:
June 27, 2019
10:00 AM PT

Opened:
June 12, 2019
11:11 AM PT
" diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 9d2980d85a..037d852171 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -49,12 +49,12 @@ sections: - type: markdown text: " - - + + - - + + From 4bb1d48d65f13f72190ea8df72945b2321d85fc3 Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Wed, 31 Jul 2019 21:01:07 -0700 Subject: [PATCH 02/53] New announcement added (#809) (#810) --- windows/release-information/windows-message-center.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 037d852171..ed6e185ffc 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,7 @@ sections: text: "
MessageDate
Status update: Windows 10, version 1903 “D” release
The optional monthly “D” release for Windows 10, version 1903 will be available in the near term. Follow @WindowsUpdate for the latest on the availability of this release.
July 24, 2019
12:00 AM PT
Status update: Windows 10, version 1903 “D” release now available
The optional monthly “D” release for Windows 10, version 1903 is now available. Follow @WindowsUpdate for the latest on the availability of this release.
July 26, 2019
02:00 PM PT
Plan for change: Microsoft Silverlight will reach end of support on October 12, 2021
After this date, Silverlight will not receive any future quality or security updates. Microsoft will continue to ship updates to the Silverlight 5 Developer Runtime for supported browsers and versions (Internet Explorer 10 and Internet Explorer 11); however, please note that support for Internet Explorer 10 will end on 31 January 2020. See the Silverlight end of support FAQ for more details.
July 19, 2019
12:00 AM PT
Evolving Windows 10 servicing and quality
Find out how we plan to further optimize the delivery of the next Windows 10 feature update for devices running Windows 10, version 1903. If you're a commercial customer, please see the Windows IT Pro Blog for more details on how to plan for this new update option in your environment.
July 01, 2019
02:00 PM PT
Windows 10, version 1903 starting to roll out to devices running Windows 10, version 1803 and earlier
We are now beginning to build and train the machine learning (ML) based rollout process to update devices running Windows 10, version 1803 (the April 2018 Update) and earlier versions of Windows 10, to ensure we can continue to service these devices and provide the latest updates, security updates, and improvements.
June 18, 2019
02:00 PM PT
Windows 10, version 1903 available by selecting “Check for updates”
Windows 10, version 1903 is now available for any user who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel.
June 06, 2019
06:00 PM PT
Windows 10, version 1903 starting to roll out to devices running Windows 10, version 1803 and earlier
We are now beginning to build and train the machine learning (ML) based rollout process to update devices running Windows 10, version 1803 (the April 2018 Update) and earlier versions of Windows 10, to ensure we can continue to service these devices and provide the latest updates, security updates, and improvements.
June 18, 2019
02:00 PM PT
Windows 10, version 1903 available by selecting “Check for updates”
Windows 10, version 1903 is now available for any user who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel.
June 06, 2019
06:00 PM PT
Windows 10, version 1903 rollout begins
The Windows 10 May 2019 Update (Windows 10, version 1903) is available today to commercial customers via Windows Server Update Services (WSUS), Windows Update for Business, and the Volume Licensing Service Center (VLSC)—and to end users who manually select “Check for updates.” We are slowly throttling up availability while we carefully monitor data and feedback.		May 21, 2019
10:00 AM PT
What’s new in Windows Update for Business
We are enhancing and expanding the capabilities of Windows Update for Business to make the move to the cloud even easier. From simplified branch readiness options to better control over deadlines and reboots, read about the enhancements to Windows Update for Business as a part of Windows 10, version 1903. 		May 21, 2019
10:00 AM PT
What’s new for businesses and IT pros in Windows 10
Explore the newest capabilities for businesses and IT in the latest feature update in the areas of intelligent security, simplified updates, flexible management, and enhanced productivity. 		May 21, 2019
10:00 AM PT
+ From 3524dcf82ed53dc46672dab0b412c22531b1530e Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Thu, 1 Aug 2019 22:18:53 -0700 Subject: [PATCH 03/53] new issues (#819) (#820) --- ...indows-10-1809-and-windows-server-2019.yml | 2 -- .../resolved-issues-windows-10-1903.yml | 2 ++ ...indows-10-1607-and-windows-server-2016.yml | 6 ++--- .../status-windows-10-1703.yml | 14 ++---------- .../status-windows-10-1709.yml | 14 ++---------- .../status-windows-10-1803.yml | 6 ++--- ...indows-10-1809-and-windows-server-2019.yml | 6 ++--- .../status-windows-10-1903.yml | 22 +++++++++---------- .../windows-message-center.yml | 2 +- 9 files changed, 23 insertions(+), 51 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index c8dd852476..0d43d708e8 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -55,7 +55,6 @@ sections: - @@ -151,7 +150,6 @@ sections:
MessageDate
Microsoft Store users may encounter blank screens when clicking on certain buttons
Some customers running the version of the Microsoft Store app released on July 29, 2019 may encounter a blank screen when selecting “Switch out of S mode,” “Get Genuine,” or some “Upgrade to [version]” OS upgrade options. We are working on the issue and expect to release a fix that should resolve the issue later this week.		July 31, 2019
02:00 PM PT
Status update: Windows 10, version 1903 “D” release now available
The optional monthly “D” release for Windows 10, version 1903 is now available. Follow @WindowsUpdate for the latest on the availability of this release.
July 26, 2019
02:00 PM PT
Plan for change: Microsoft Silverlight will reach end of support on October 12, 2021
After this date, Silverlight will not receive any future quality or security updates. Microsoft will continue to ship updates to the Silverlight 5 Developer Runtime for supported browsers and versions (Internet Explorer 10 and Internet Explorer 11); however, please note that support for Internet Explorer 10 will end on 31 January 2020. See the Silverlight end of support FAQ for more details.
July 19, 2019
12:00 AM PT
Evolving Windows 10 servicing and quality
Find out how we plan to further optimize the delivery of the next Windows 10 feature update for devices running Windows 10, version 1903. If you're a commercial customer, please see the Windows IT Pro Blog for more details on how to plan for this new update option in your environment.
July 01, 2019
02:00 PM PT
First character of the Japanese era name not recognized
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 9 file format may randomly stop working.

See details >		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
Upgrade block: Devices utilizing AMD Radeon HD2000 or HD4000 series video cards may experience issues with the lock screen and Microsoft Edge tabs.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4487044		February 12, 2019
10:00 AM PT
Trend Micro OfficeScan and Worry-Free Business Security AV software not compatible
Upgrade block: Microsoft and Trend Micro identified a compatibility issue with the Trend Micro business endpoint security solutions OfficeScan and Worry-Free Business Security.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
February 01, 2019
09:00 AM PT
Shared albums may not sync with iCloud for Windows
Upgrade block: Apple has identified an incompatibility with iCloud for Windows (version 7.7.0.27) where users may experience issues updating or synching Shared Albums.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
Upgrade block: Users may see an Intel Audio Display (intcdaud.sys) notification during setup for devices with certain Intel Display Audio Drivers.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		March 01, 2019
10:00 AM PT
F5 VPN clients losing network connectivity
Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		March 01, 2019
10:00 AM PT
- diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index ad580c30ce..4e7aae8a05 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: "
DetailsOriginating updateStatusHistory
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
 
As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.
Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019 
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article.

Resolution: Microsoft has removed the safeguard hold.



Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
Resolved:
May 21, 2019
07:42 AM PT

Opened:
November 13, 2018
10:00 AM PT
Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
Note: AMD no longer supports Radeon HD2000 and HD4000 series graphic processor units (GPUs).
 
Upgrade block: After updating to Windows 10, version 1809, Microsoft Edge tabs may stop working when a device is configured with AMD Radeon HD2000 or HD4000 series video cards. Customers may get the following error code: \"INVALID_POINTER_READ_c0000005_atidxx64.dll\". 
 
Some users may also experience performance issues with the lock screen or the ShellExperienceHost. (The lock screen hosts widgets, and the ShellExperienceHost is responsible for assorted shell functionality.) 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4487044, and the block was removed.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4487044		Resolved:
February 12, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Trend Micro OfficeScan and Worry-Free Business Security AV software not compatible
Upgrade block: Microsoft and Trend Micro have identified a compatibility issue with Trend Micro's OfficeScan and Worry-Free Business Security software when attempting to update to Windows 10, version 1809.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019 
Resolution: Trend Micro has released a new version of these products that resolves the issue. To download them, please visit the Trend Micro Business Support Portal.

Once you have updated your version of Trend Micro's OfficeScan or Worry-Free Business Security software, you will be offered Windows 10, version 1809 automatically. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
Resolved:
February 01, 2019
09:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Shared albums may not sync with iCloud for Windows
Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Windows 10, version 1809 until this issue has been resolved. 

We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. 
 
Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
Upgrade block: Microsoft and Intel have identified a compatibility issue with a range of Intel Display Audio device drivers (intcdaud.sys, versions 10.25.0.3 - 10.25.0.8) that may result in excessive processor demand and reduced battery life. As a result, the update process to the Windows 10 October 2018 Update (Windows 10, version 1809) will fail and affected devices will automatically revert to the previous working configuration. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
If you see a \"What needs your attention\" notification during installation of the October 2018 Update, you have one of these affected drivers on your system. On the notification, click Back to remain on your current version of Windows 10. 
 
To ensure a seamless experience, we are blocking devices from being offered the October 2018 Update until updated Intel device drivers are installed on your current operating system. We recommend that you do not attempt to manually update to Windows 10, version 1809, using the Update Now button or the Media Creation Tool from the Microsoft Software Download Center until newer Intel device drivers are available with the update. You can either wait for newer drivers to be installed automatically through Windows Update or check with your computer manufacturer for the latest device driver software availability and installation procedures. For more information about this issue, see Intel's customer support guidance.
 
Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
F5 VPN clients losing network connectivity
Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
+ @@ -66,6 +67,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		July 26, 2019
02:00 PM PT
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		July 26, 2019
02:00 PM PT
Loss of functionality in Dynabook Smartphone Link app
After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
July 11, 2019
01:54 PM PT
Error attempting to update with external USB device or memory card attached
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
+ diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index f0ba7ea7a3..4bfa74c40c 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,13 +60,12 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		Resolved:
July 26, 2019
02:00 PM PT

Opened:
May 21, 2019
07:56 AM PT
Loss of functionality in Dynabook Smartphone Link app
Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:54 PM PT

Opened:
May 24, 2019
03:10 PM PT
Error attempting to update with external USB device or memory card attached
If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:38 AM PT
Audio not working with Dolby Atmos headphones and home theater
After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
 
This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
 
To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:16 AM PT
+ - - @@ -85,8 +84,8 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
August 01, 2019
06:12 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Mitigated
July 26, 2019
04:58 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
July 26, 2019
04:08 PM PT
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
July 10, 2019
07:09 PM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 14393.2969

May 14, 2019
KB4494440		Resolved
KB4507460		July 09, 2019
10:00 AM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 14393.2999

May 23, 2019
KB4499177		Resolved
KB4509475		June 27, 2019
02:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
April 25, 2019
02:00 PM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Mitigated
February 19, 2019
10:00 AM PT
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
April 25, 2019
02:00 PM PT
+ -
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
Last updated:
August 01, 2019
06:12 PM PT

Opened:
July 25, 2019
06:10 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

Affected platforms:
  • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server 2016
Workaround: To mitigate this issue, you need to Enable Script Debugging using one of the following ways.

You can configure the below registry key:
Registry setting: HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main
Value: Disable Script Debugger
Type: REG_SZ
Data: no

Or you can Enable Script Debugging in Internet Settings. You can open Internet Setting by either typing Internet Settings into the search box on Windows or by selecting Internet Options in Internet Explorer. Once open, select Advanced then Browsing and finally, select Enable Script Debugging.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3085

July 09, 2019
KB4507460		Mitigated
Last updated:
July 26, 2019
04:58 PM PT

Opened:
July 26, 2019
04:58 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" @@ -97,7 +96,6 @@ sections: text: " -
DetailsOriginating updateStatusHistory
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

Affected platforms:
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4507459.

Back to top		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		Resolved:
July 16, 2019
10:00 AM PT

Opened:
June 04, 2019
05:55 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499177. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509475.

Back to top		OS Build 14393.2999

May 23, 2019
KB4499177		Resolved
KB4509475		Resolved:
June 27, 2019
02:00 PM PT

Opened:
June 20, 2019
04:46 PM PT
" diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index b682373dce..4dbe8ada26 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,9 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + -
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
July 26, 2019
04:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
August 01, 2019
06:12 PM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 15063.1805

May 14, 2019
KB4499181		Resolved
KB4507450		July 09, 2019
10:00 AM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 15063.1839

May 28, 2019
KB4499162		Resolved
KB4509476		June 26, 2019
04:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
" @@ -79,16 +78,7 @@ sections: - type: markdown text: " - -
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
- " - -- title: June 2019 -- items: - - type: markdown - text: " - - +
DetailsOriginating updateStatusHistory
Difficulty connecting to some iSCSI-based SANs
Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499162. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509476.

Back to top		OS Build 15063.1839

May 28, 2019
KB4499162		Resolved
KB4509476		Resolved:
June 26, 2019
04:00 PM PT

Opened:
June 20, 2019
04:46 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
Last updated:
August 01, 2019
06:12 PM PT

Opened:
July 25, 2019
06:10 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index fcd770b784..cee8270547 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,9 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + -
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
July 26, 2019
04:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
August 01, 2019
06:12 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4509477		June 26, 2019
04:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Mitigated
April 25, 2019
02:00 PM PT
" @@ -79,20 +78,11 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
Last updated:
August 01, 2019
06:12 PM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" -- title: June 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Difficulty connecting to some iSCSI-based SANs
Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499147. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509477.

Back to top		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4509477		Resolved:
June 26, 2019
04:00 PM PT

Opened:
June 20, 2019
04:46 PM PT
- " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index d829da6310..fccb71eca1 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -60,9 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + -
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
July 26, 2019
04:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
August 01, 2019
06:12 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 17134.799

May 21, 2019
KB4499183		Resolved
KB4509478		June 26, 2019
04:00 PM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
June 14, 2019
04:41 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Mitigated
April 25, 2019
02:00 PM PT
@@ -80,7 +79,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
Last updated:
August 01, 2019
06:12 PM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" @@ -90,7 +89,6 @@ sections: - type: markdown text: " -
DetailsOriginating updateStatusHistory
Difficulty connecting to some iSCSI-based SANs
Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499183. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509478.

Back to top		OS Build 17134.799

May 21, 2019
KB4499183		Resolved
KB4509478		Resolved:
June 26, 2019
04:00 PM PT

Opened:
June 20, 2019
04:46 PM PT
Startup to a black screen after installing updates
We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.


Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803
  • Server: Windows Server 2019
Workaround: To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
Last updated:
June 14, 2019
04:41 PM PT

Opened:
June 14, 2019
04:41 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 65bd34e1b5..de3ecd7333 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,9 +64,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + - @@ -85,7 +84,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
July 26, 2019
04:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
August 01, 2019
06:12 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
July 10, 2019
07:09 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 17763.529

May 21, 2019
KB4497934		Resolved
KB4509479		June 26, 2019
04:00 PM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
June 14, 2019
04:41 PM PT
Devices with some Asian language packs installed may receive an error
After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F

See details >		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
May 03, 2019
10:59 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Mitigated
April 09, 2019
10:00 AM PT
- +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
Last updated:
August 01, 2019
06:12 PM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" @@ -95,7 +94,6 @@ sections: - type: markdown text: " -
DetailsOriginating updateStatusHistory
Difficulty connecting to some iSCSI-based SANs
Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4497934. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509479.

Back to top		OS Build 17763.529

May 21, 2019
KB4497934		Resolved
KB4509479		Resolved:
June 26, 2019
04:00 PM PT

Opened:
June 20, 2019
04:46 PM PT
Startup to a black screen after installing updates
We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.


Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803
  • Server: Windows Server 2019
Workaround: To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
Last updated:
June 14, 2019
04:41 PM PT

Opened:
June 14, 2019
04:41 PM PT
" diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index bfe5a1a1d9..b2ca8f3142 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,23 +65,22 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ + + + + - - - - - -
SummaryOriginating updateStatusLast updated
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated External
August 01, 2019
08:44 PM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
August 01, 2019
06:27 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 01, 2019
06:12 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 01, 2019
05:58 PM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		July 26, 2019
02:00 PM PT
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		July 26, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 26, 2019
04:08 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
July 25, 2019
06:10 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Some apps or games that needs to perform graphics intensive operations may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 16, 2019
09:04 AM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 12, 2019
04:42 PM PT
Loss of functionality in Dynabook Smartphone Link app
After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
July 11, 2019
01:54 PM PT
Error attempting to update with external USB device or memory card attached
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Audio not working with Dolby Atmos headphones and home theater
Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Mitigated
July 10, 2019
07:09 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved
KB4501375		June 27, 2019
10:00 AM PT
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language was changed between updates

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Investigating
June 10, 2019
06:06 PM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
May 24, 2019
11:02 AM PT
Unable to discover or connect to Bluetooth devices
Microsoft has identified compatibility issues with some versions of Realtek and Qualcomm Bluetooth radio drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
May 21, 2019
04:48 PM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Investigating
May 21, 2019
04:47 PM PT
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in battery drain.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
May 21, 2019
04:47 PM PT
Cannot launch Camera app
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
May 21, 2019
04:47 PM PT
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
May 21, 2019
04:46 PM PT
" @@ -97,8 +96,8 @@ sections: - type: markdown text: " - - + + @@ -111,7 +110,6 @@ sections: text: "
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 26, 2019
04:08 PM PT

Opened:
July 25, 2019
06:10 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST driver version between 15.1.0.1002 and 15.5.2.1053 installed from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.6.1044.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: To resolve this issue, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for the May 2019 Update.

Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
Last updated:
July 25, 2019
06:10 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 01, 2019
06:12 PM PT

Opened:
July 25, 2019
06:10 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.6.1044.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: To resolve this issue, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for the May 2019 Update. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
Last updated:
August 01, 2019
05:58 PM PT

Opened:
July 25, 2019
06:10 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 16, 2019
09:04 AM PT

Opened:
July 12, 2019
04:20 PM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution that will be made available in upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 12, 2019
04:42 PM PT

Opened:
July 12, 2019
04:42 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503293 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
-
DetailsOriginating updateStatusHistory
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. You may also receive an error in the Application section of Windows Logs in Event Viewer with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.

This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.

Affected platforms
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		Resolved:
July 26, 2019
02:00 PM PT

Opened:
June 28, 2019
05:01 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4501375.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved
KB4501375		Resolved:
June 27, 2019
10:00 AM PT

Opened:
June 12, 2019
11:11 AM PT
" @@ -120,15 +118,15 @@ sections: - type: markdown text: " + + + - - -
DetailsOriginating updateStatusHistory
Intermittent loss of Wi-Fi connectivity
Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Before updating to Windows 10, version 1903, you will need to download and install an updated Wi-Fi driver from your device manufacturer (OEM).
 
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated External
Last updated:
August 01, 2019
08:44 PM PT

Opened:
May 21, 2019
07:13 AM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
  • Connecting to (or disconnecting from) an external monitor, dock, or projector
  • Rotating the screen
  • Updating display drivers or making other display mode changes
  • Closing full screen applications
  • Applying custom color profiles
  • Running applications that rely on custom gamma ramps
Affected platforms:
  • Client: Windows 10, version 1903
Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
August 01, 2019
06:27 PM PT

Opened:
May 21, 2019
07:28 AM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		Resolved:
July 26, 2019
02:00 PM PT

Opened:
May 21, 2019
07:56 AM PT
Loss of functionality in Dynabook Smartphone Link app
Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:54 PM PT

Opened:
May 24, 2019
03:10 PM PT
Error attempting to update with external USB device or memory card attached
If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:38 AM PT
Audio not working with Dolby Atmos headphones and home theater
After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
 
This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
 
To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:16 AM PT
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

Affected platforms:
  • Client: Windows 10, version 1903
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Investigating
Last updated:
June 10, 2019
06:06 PM PT

Opened:
May 24, 2019
04:20 PM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios where night light settings may stop working, for example:
  • Connecting to (or disconnecting from) an external monitor, dock, or projector
  • Rotating the screen
  • Updating display drivers or making other display mode changes
  • Closing full screen applications
  • Applying custom color profiles
  • Running applications that rely on custom gamma ramps
Affected platforms:
  • Client: Windows 10, version 1903
Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 24, 2019
11:02 AM PT

Opened:
May 21, 2019
07:28 AM PT
Unable to discover or connect to Bluetooth devices
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek and Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek or Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it.

  • For Qualcomm drivers, you will need to install a driver version greater than 10.0.1.11.
  • For Realtek drivers, you will need to install a driver version greater than 1.5.1011.0.
Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next steps: Microsoft is working with Realtek and Qualcomm to release new drivers for all affected system via Windows Update.  


Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:48 PM PT

Opened:
May 21, 2019
07:29 AM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Restart your device to apply changes to brightness.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution that will be made available in upcoming release.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Investigating
Last updated:
May 21, 2019
04:47 PM PT

Opened:
May 21, 2019
07:56 AM PT
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
  
To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809
Workaround:
On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration.

For more information, see Intel's customer support guidance and the Microsoft knowledge base article KB4465877.

Note We recommend you do not attempt to update your devices until newer device drivers are installed.

Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:47 PM PT

Opened:
May 21, 2019
07:22 AM PT
Cannot launch Camera app
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating:

\"Close other apps, error code: 0XA00F4243.”


To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: To temporarily resolve this issue, perform one of the following:

  • Unplug your camera and plug it back in.

or

  • Disable and re-enable the driver in Device Manager. In the Search box, type \"Device Manager\" and press Enter. In the Device Manager dialog box, expand Cameras, then right-click on any RealSense driver listed and select Disable device. Right click on the driver again and select Enable device.

or

  • Restart the RealSense service. In the Search box, type \"Task Manager\" and hit Enter. In the Task Manager dialog box, click on the Services tab, right-click on RealSense, and select Restart
Note This workaround will only resolve the issue until your next system restart.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:47 PM PT

Opened:
May 21, 2019
07:20 AM PT
Intermittent loss of Wi-Fi connectivity
Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Download and install an updated Wi-Fi driver from your device manufacturer (OEM).
 
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:46 PM PT

Opened:
May 21, 2019
07:13 AM PT
" diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index ed6e185ffc..503cd5fa79 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,7 +50,7 @@ sections: text: " - + From 67d39ab200de014247eccd5744327f760f7dcb6e Mon Sep 17 00:00:00 2001 From: huypub <38988242+huypub@users.noreply.github.com> Date: Tue, 6 Aug 2019 10:20:02 -0700 Subject: [PATCH 04/53] 8/6 AM Publish (#843) * updated description of how wdav screens apps * Added new content for auto-enrollment * Updated format * revised to emphasize cfa * Multiple updates * Updated image * refined wording per sccm, intune, security center * corrected link * moved paragraph about ransomeware lower * addtl updates to change name from Definition Update to Security Intelligence Update * More updates * Fixed typo * Update microsoft-recommended-block-rules.md (#838) * Update microsoft-recommended-block-rules.md adding blocks .NET binaries for WDAC work arounds * added in missing 'audience' attribute * pre-release and typos * linted and rfined wording * New Anouncement added in august (#842) --- ...device-automatically-using-group-policy.md | 113 ++++++++++++++++-- ...t-activation-verification-less-entries.png | Bin 0 -> 35275 bytes ...uto-enrollment-activation-verification.png | Bin 0 -> 30890 bytes ...to-enrollment-azure-ad-device-settings.png | Bin 0 -> 31357 bytes ...uto-enrollment-azureadprt-verification.png | Bin 0 -> 18037 bytes .../auto-enrollment-device-status-result.png | Bin 0 -> 25438 bytes ...rollment-enrollment-of-windows-devices.png | Bin 0 -> 45286 bytes .../images/auto-enrollment-event-id-102.png | Bin 0 -> 31984 bytes .../images/auto-enrollment-event-id-107.png | Bin 0 -> 27099 bytes ...enrollment-intune-license-verification.png | Bin 0 -> 43801 bytes .../auto-enrollment-mdm-discovery-url.png | Bin 0 -> 30679 bytes ...to-enrollment-microsoft-intune-setting.png | Bin 0 -> 131724 bytes ...enrollment-outdated-enrollment-entries.png | Bin 0 -> 93206 bytes .../images/auto-enrollment-task-scheduler.png | Bin 0 -> 114125 bytes ...enrollment-troubleshooting-event-id-75.png | Bin 0 -> 24048 bytes ...enrollment-troubleshooting-event-id-76.png | Bin 0 -> 29339 bytes .../mdm/images/azure-ad-device-list.png | Bin 0 -> 84823 bytes ...ew-in-windows-mdm-enrollment-management.md | 7 ++ .../windows-message-center.yml | 1 + windows/security/threat-protection/TOC.md | 2 +- .../data-storage-privacy.md | 4 +- .../microsoft-defender-atp/evaluation-lab.md | 2 + ...nformation-protection-in-windows-config.md | 2 + .../microsoft-defender-atp/preview.md | 1 + ...ased-updates-windows-defender-antivirus.md | 10 +- ...ed-endpoints-windows-defender-antivirus.md | 8 +- ...ate-schedule-windows-defender-antivirus.md | 14 +-- ...tion-updates-windows-defender-antivirus.md | 4 +- ...-devices-vms-windows-defender-antivirus.md | 6 +- .../microsoft-defender-atp-mac-resources.md | 2 +- ...troubleshoot-windows-defender-antivirus.md | 10 +- ...group-policy-windows-defender-antivirus.md | 20 ++-- ...dows-defender-security-center-antivirus.md | 2 +- .../microsoft-recommended-block-rules.md | 13 +- .../controlled-folders-exploit-guard.md | 41 ++++--- 35 files changed, 187 insertions(+), 75 deletions(-) create mode 100644 windows/client-management/mdm/images/auto-enrollment-activation-verification-less-entries.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-activation-verification.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-azure-ad-device-settings.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-azureadprt-verification.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-device-status-result.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-enrollment-of-windows-devices.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-event-id-102.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-event-id-107.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-intune-license-verification.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-mdm-discovery-url.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-microsoft-intune-setting.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-outdated-enrollment-entries.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-task-scheduler.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-75.png create mode 100644 windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-76.png create mode 100644 windows/client-management/mdm/images/azure-ad-device-list.png diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index f374eaec31..9f3f924a14 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 10/04/2017 +ms.date: 07/29/2019 ms.reviewer: manager: dansimp --- @@ -15,6 +15,8 @@ manager: dansimp Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices. +The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account. + Requirements: - AD-joined PC running Windows 10, version 1709 or later - The enterprise has configured a mobile device management (MDM) service @@ -22,25 +24,66 @@ Requirements: - The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`) > [!TIP] -> [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup) +> For additional information, see the following topics: +> - [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup) +> - [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan) +> - [Azure Active Directory integration with MDM](https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-active-directory-integration-with-mdm) -To verify if the device is Azure AD registered, run `dsregcmd /status` from the command line. - -Here is a partial screenshot of the result: - -![device status result](images/autoenrollment-device-status.png) - -The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered. +The auto-enrollment relies on the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered. > [!NOTE] > In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation. -When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page. +When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page. -In Windows 10, version 1709, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM. See [Windows 10 Group Policy vs. Intune MDM Policy who wins?](https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/) to learn more. +In Windows 10, version 1709, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM. For additional information, see [Windows 10 Group Policy vs. Intune MDM Policy who wins?](https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/). For this policy to work, you must verify that the MDM service provider allows the GP triggered MDM enrollment for domain joined devices. +## Verify auto-enrollment requirements and settings +To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly. +The following steps demonstrate required settings using the Intune service: +1. Verify that the user who is going to enroll the device has a valid Intune license. + + ![Intune license verification](images/auto-enrollment-intune-license-verification.png) + +2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal). +Also verify that the **MAM user scope** is set to **None**. Otherwise, it will have precedence over the MDM scope that will lead to issues. + + ![Auto-enrollment activation verification](images/auto-enrollment-activation-verification.png) + +3. Verify that the device OS version is Windows 10, version 1709 or later. +4. Auto-enrollment into Intune via Group Policy is valid only for devices which are hybrid Azure AD joined. This means that the device must be joined into both local Active Directory and Azure Active Directory. To verify that the device is hybrid Azure AD joined, run `dsregcmd /status` from the command line. + + You can confirm that the device is properly hybrid-joined if both **AzureAdJoined** and **DomainJoined** are set to **YES**. + + ![Auto-enrollment device status result](images/auto-enrollment-device-status-result.png) + + Additionally, verify that the SSO State section displays **AzureAdPrt** as **YES**. + + ![Auto-enrollment azure AD prt verification](images/auto-enrollment-azureadprt-verification.png) + + This information can also be found on the Azure AD device list. + + ![Azure AD device list](images/azure-ad-device-list.png) + +5. Verify that the MDM discovery URL during auto-enrollment is https://enrollment.manage.microsoft.com/enrollmentserver/discovery. + + ![MDM discovery URL](images/auto-enrollment-mdm-discovery-url.png) + +6. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**. + + ![Mobility setting MDM intune](images/auto-enrollment-microsoft-intune-setting.png) + +7. Verify that the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM) is properly deployed to all devices which should be enrolled into Intune. +You may contact your domain administrators to verify if the group policy has been deployed successfully. + +8. Verify that the device is not enrolled with the old Intune client used on the Intune Silverlight Portal (this is the Intune portal used before the Azure portal). +9. Verify that Azure AD allows the logon user to enroll devices. + ![Azure AD device settings](images/auto-enrollment-azure-ad-device-settings.png) +10. Verify that Microsoft Intune should allow enrollment of Windows devices. + ![Enrollment of Windows devices](images/auto-enrollment-enrollment-of-windows-devices.png) + ## Configure the auto-enrollment Group Policy for a single PC This procedure is only for illustration purposes to show how the new auto-enrollment policy works. It is not recommended for the production environment in the enterprise. For bulk deployment, you should use the [Group Policy Management Console process](#configure-the-auto-enrollment-for-a-group-of-devices). @@ -131,6 +174,50 @@ Requirements: > [!NOTE] > Version 1903 (March 2019) is actually on the Insider program and doesn't yet contain a downloadable version of Templates (version 1903). +## Troubleshoot auto-enrollment of devices +Investigate the log file if you have issues even after performing all the mandatory verification steps. The first log file to investigate is the event log on the target Windows 10 device. + +To collect Event Viewer logs: + +1. Open Event Viewer. +2. Navigate to Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin. + + > [!Tip] + > For guidance on how to collect event logs for Intune, see [Collect MDM Event Viewer Log YouTube video](https://www.youtube.com/watch?v=U_oCe2RmQEc). + +3. Search for event ID 75, which represents a successful auto-enrollment. Here is an example screenshot that shows the auto-enrollment completed successfully: + ![Event ID 75](images/auto-enrollment-troubleshooting-event-id-75.png) + + If you cannot find event ID 75 in the logs, it indicates that the auto-enrollment failed. This can happen because of the following reasons: + - The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here is an example screenshot that shows that the auto-enrollment failed: + ![Event ID 76](images/auto-enrollment-troubleshooting-event-id-76.png) + To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information. + - The auto-enrollment did not trigger at all. In this case, you will not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section. + + The auto-enrollment process is triggered by a task (Microsoft > Windows > EnterpriseMgmt) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (Computer Configuration > Policies > Administrative Templates > Windows Components > MDM) is successfully deployed to the target machine as shown in the following screenshot: + ![Task scheduler](images/auto-enrollment-task-scheduler.png) + + This task runs every 5 minutes for the duration of 1 day. To confirm if the task succeeded, check the task scheduler event logs: + Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational. + Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107. + + ![Event ID 107](images/auto-enrollment-event-id-107.png) + + When the task is completed, a new event ID 102 is logged. + ![Event ID 102](images/auto-enrollment-event-id-102.png) + + Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment. + + If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required. + One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (HKLM > Software > Microsoft > Enrollments). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen: + + ![Outdated enrollment entries](images/auto-enrollment-outdated-enrollment-entries.png) + + By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational event log file under event ID 7016. + A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display less entries as shown in the following screenshot: + + ![Manually deleted entries](images/auto-enrollment-activation-verification-less-entries.png) + ### Related topics - [Group Policy Management Console](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx) @@ -140,6 +227,6 @@ Requirements: - [Enforce a Group Policy Object Link](https://technet.microsoft.com/library/cc753909(v=ws.11).aspx) ### Useful Links -- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880) + - [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576) - +- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880) diff --git a/windows/client-management/mdm/images/auto-enrollment-activation-verification-less-entries.png b/windows/client-management/mdm/images/auto-enrollment-activation-verification-less-entries.png new file mode 100644 index 0000000000000000000000000000000000000000..ef727d0fcd792add9c7340a7b57d2546580a0cdb GIT binary patch literal 35275 zcmbTe2Q-{t-!42vB8eU?geXZ6QG@72)aZifMu;B0w;3T3y+n{`6TO8&^fr2l=w`&1V)^RS|Z3Ihc(s*$<0DW}le0kC-Kj)tt z(OvEBa?%{hr!dgQUyp!6mUAfVEhQ-_NQC1YVvVK4cy%=?!Oo8Jj*xnnQK{GuCl!W7 z*IzXQFZ^78cx>qFdXDr9K3W$(4{rWQMrJJAjz$8|F*cF%b;;+zH<~w)$Zz*onwIIu{^@D6$Yav*`-HD{W0gQ5%A>hz1jN@Rmnz~) zmae@}af$_9+JVX0);8yw10wF(muN{EW!qNgD!veRODV7wQkuFjF3ufmSg+(WDO^2b zb8Pta(!);c3HMsh3#a~bH#gBT^=Mb~0HAiw8iU%39c#{a|E|gctLLbi)@Yf%v^)^; z`F>x4&vmVQ>S5lak%I>Z*qk?4**`qIr#Z?n=yQqyVm_LlCVMkvvr zkp{64M~Aqnj*VDD*6S~dsQwKIm#Tk#WbJhHWq|2Hs(Prs-tz>5ybb+LLCgGyx4#mk z&le7Uz3VFCeaAs6FZ<8dXn|D$H|6xnpSo7H5F3?KTjMrmC1VVD zS7kSwSng_nyZmyrf<4!0{HUHwm>a*GOrQCOOL~S`qn9yVsi;ZZJa$adyvg6aTEHnW ze6erzl;w_Hz55ecq641^pX8@EAG(sa_rafg6k5}8#hi?zsrF^5MHa$+jBj);q*@y} z2(zHI3fTUcUuU>lXhxSBob3_{JYgzjc6QJjbw`4?G?4TlS0mqGnwciaM}w&;KP!LS zhe;D$_n(kn&o~mQF%+AuLTzW6XY<{+Ky${w?=T)(1uJ2-?DUXP_-~03S^{0i>N!mWd^;>`^WzfIId6b;$pHayO z`PY4HcRA;?aNu9P3zQ|1p}4-pV0SzG`ptr-tmZ#0{X+kLDvFv)$kx$3h^>Of zXy=|s(YLhjdocHL7hufP!X+ZvE-uECxXI!{)LN>TlZjh2+o_r7J8;kak|D<_N(4g{ zRs?09>Tz8muD^)&GxZo>NoyP3H*y7cD}A|_lIjOw*wuz)hb8faTU4&6ZV7t>Pb?vh)w&5LnVWS)a`MnDA;h0e5Aa*JOm2@6y}&=vXE`P+zv8kkxv=fW zw_`%(%OK|Qu-Hi&`>$H> z{GAR>WkB?M)@wc4RG)j4@O#W!zKa3~-BKL6RJpQ4;l zhD+oIuCcR~Uhf@L-FE1yc~3@`zUO;`@&W>h;i2{)gIZpJ6bO_YwVTpB7}nhcHo5Ibk0cTvx8Allzd&pgGyHs7hLn%%S7D&KdjoMD(7#NQo>L{{XVB_+ znLa5McBT|F%t=b&jQ~fyk0yK7KR;X5D-$~LVqgSbFcPI~Pgt{||8ca;ef`YMuIctO z1O&!ruU0pv;$G}McjvYOCl}f2BC&B1Dw6n3=deG|eq%Qt)c4L+=fBK3%V=%B6H_^+ z5d0C*jIQ>s9TpRP-m=%m#Y)#CWZKXmur`dEv(3Y#41?*bg3jP zfYGVheh5GQy$NxbW96BphR< zErp9+1v`qGLM<)rqV@vM56^mE$`P>bR!IaDgSbuOE8eXjHhk({+De63my8%dbCqI+ z^gIe79!xYXsTQ!@1NT=aT|;QH9|VUJv4p1DO?Q-mgF$5`lqgdPMQf;dr5F7$}?2L;6OZU*I?BSm=C8^D*u zZ8x6IMj-Ya-v3W53zS`%D6>%4JkkRn>;322>HaeA8XPgYnaGK&~Ysl@HU!AJwR<5&ibQorhKorR(JlP4>^;hDl zDiA|D#sk1gwCz=MQeryBYG~~3_F7Z(v<}ZO<(&>jn!n}WNYt`kt0W})7MJaKt)S?b zj989hG=Y1*bh{){Rrp$Mk|q6A4s~1YwQL_Tzml}S0X_2`=nNlrEvOHI+$k)r zQCPYpqdDu`rqe#;{r6c?gJHAFGx;ga(a22^l{(Whq$kFfS)|r-v6j(~`YD$_xH7w2v z?n0ixVjgdm;WeAG24_xv`22i{ED##Vd{@#kz!$RkGKbNWGdv2m%Bd-f`B+NsQ^|an zF=Ch9)Gdtj$7hzikqoLXG8()ea`PK92~Et??!$}xd=m0SG!Eqts4Kq2^?b@6GS2dS z?LS!bI>`sNA1z+66jak6(UOc`Kj@eBTc&uM%7-P?%h;u)hkRI@^>pGWI^~dCo7&dV zeMa>0Z`V37Wk*x)8J&yCRE4ck$HAqNYa_CRYlA<_kqU_oek>?0LOwv#Q`;fpYsV_4N=SuA*Bq>*kh3 zn0Ca3X}p*k9kMYluK_*z2(k5Qw>b3TF6CcJpMFzKKJV>ZiLj~uF7MQ;LlXY>vni4} zfgAo{vSGnhE8}*d7%*=wF)G&m-^hyVG_&C!aB$0v8^+rB3Qf2!K3 z>6eyTOgjBqe)!6eAp6JNKDOGycc@#0_ljfPmyF}z?VVI8_s=V_&*$cLFzHk;C^Amj zSgu#-fs~xpY5|MXR>WM$7;m`vX*%^5u^`Kx2KH6E+<~v9J3gKh=a&PYjf-ELioO$t z$!r?iz3X%Pni?FYEIp3MHaqiwAfW&@6@kRD_|PRXHTjjkw)fbPqV3|VFMHWLVkf3F zW8u)4$YF=UyCa=-s{dQvL9g_dkcXITaZQegK@I6y>mR-K-C--E)x4yEAZ}RewrBeH zc2V{DGy2Dp^BgUHY;UjvgP=aeZ%#LYAT7!ID2nM~iyMKn3xbdl7z-2g<$7+K(P^+LGKT+(9vE@eu=jm@gGwr0m$Pncf@Bju z7M6Bywgo=<>Xf7wo zh^zW@Q=%Osv905KHO#!1sXedCkYv-P_aRpcNtOnJb~Slr5Na6;eKmso154g1ygMYti3?t>mSb?AJ&+gI+4+~ z>I!IsG{Q5mCPA0!75<6cQ)3Edej`_NaqKF(;>OyK2Kr$SE=b~>8X&O)#rg=dC&Mwv zqPAGvgmlIZbPqNV_mc5D$(%$T6Zc4ZYj8ru8Vov+MvcJxx?y>XWk;A;|wzR-rUnHkQ zK7KIz%fLLB(ytLdYR{t`4EXVT>9}wXzR$O``RSma$5Y!p8wv92K!%L6;ip7}f8NYU z-&}lu_+U)6xRweO9fyt*+4Y9AMRMGK@jS#$&=@-CCrcgjUPcd{^$?Lv5Iw6m$G3M* z?E?5F%6-T!*#TtpBy6IKYRa|4E=@FADWpI4SqOD&l)U%?(|s-&F*FxnHE_>SU7wf0 zPBl}?k5#S-dyIm9N79(dN>!Vu1t%y;_aol7BT~-p3%&E{2|8;Ldh?r8ld|n^vfF@{ z{cqN06MkXr>Q=E3S+ucqyE8;-mO*fYrIp$T$`c=?;Dh*< zY!+DSiT&UB3tVdGz}f9#ZTo1%31ZntIpX;a@j*zWoB!svEkM4gNr4gVhUpe7Fk#Wak|ynaD?~* zYi3LQ!yM2LhUPpQwbSJ&mXwUD?)BDsw=hR+03IZVXicHHCye{i_%dnL@lGMFP=Dz! z1ZAx2Hu^!+krOW7ps+^|C!mrV=VVO!d2|#2w<(u{$L{s9ZZ96@@htfpTpUKN!K^=s zFvrDx=Vj(MJ$$$OqzH#pLOqzG&L;q7)jdD+8dfALhnc)D-v1_1My7ydMty#4hb62#`1xF3q?%(}d6MN`X|%P>Tod>N*!oey1}fr%Bzz@Pca2(j745VbWPMY!QV39{bjrpeM8vXEc>_836~#=<}t*9rLXMgo-C1FbO?W;{Q+U+z4S6Z$?R_TK1B?QXIJ*? z(u`u3)C<6bhx(zY)~QztaqYZ~>fd{6y<{f)cu?N>o!R98aX}81A0&urmCKXA=tt~C zX6hdecn&4m1b9<;yVo9<3+^z)d>@j23w$abNc5ph+?Z@BNd8e4_^_Z_gVa4%y*-u` z7;&q>>Yjx2@@jMS+r+IWSZ5L{^V%uXF@Gi5^c(Qb_iZV!JEow=QV%|U({5X~7S+Sd zbwhGVoEj^(;}=(baHCDd4wmb*#dw^8Xde|zYc<#xx~2E){D^WHn3`is+}dHEgKf>A zGO_8zU=>3tl@;V?k;9QW%EGVyCj`>$-##8bIG9649vt$iwhjnCb>7YJDLCCdv)rW8 zds;jmb)2nM?k*Mc^vrscRn4PfP2X61v61Pl@&2)mH#fIW--QZTjG%TV2OO*wqT(cbzo*l&3Ofmc$-bZ`SlX(@ur zSUL%%IqK|BQ-k|zYhcYBFoTDmF|MiCxlh*Te{(yP{Dl9II{-f-Lizq+n(MygU0-NsIrsuT{enxaFxcOle{md1pnf`f_xEPP@@J;Td{aC?Gw1+@?Y(<`#U4HO z*dVMN{JFk_`eTP<%}*jsklIHxZUY5+ZIj698-V7y-;IrpS$L#S*hMc)2fD!AdMr7k zsV#^PX*yQxmy3%(09$Xb6`Uk1DoSC=)vQ1qd3XS`3s3q9Rdw~u-1XR{SBFT<9J1i4 zh>ddq8Sf~Sd}zHSp=4Lnfgq#bPo;P=i6wGwTPIiK{Ml(U9nYnOEh_x0aW-0XC%z5fprl>RZ9HDW?Y{$O4N zZz%0PzgGO(sh&qAi{4hD1b0uVs>5I zcmKwvD=s<71%=yd=6)q55Su#qhnXg=E&t}g8$uwZW>{D;YJc4*=ZxHLR!=ppnLwq6 zXllx{728_voDTtNME-(jbevi#FDjWi;#mwE8A5Tit`2WPdmR8^_NG8*^cju?RMpge zANK*h9%vI9+8vjiYhI;p|4xg7P<)bAEpN1fPYCw%$Dgk>avlX$6S0er1(prnK85)LJNAD@cA&!i8Pbu2okc2@sh8jMGei|BMM=X6 zp-)Q|r6||u_)h0m?TvrdO}8q}-d;qy)J)@MW6{xxzW)6TB?bBZg%J$%DH`Jc$4IbwgA3g_lJ__?))#(~Dk#`!_C)xJnYnpVrjA z&HD=Xm95WZbQ$nL5tJ-~1W)JsMxMhwjZV45pNJm%G3>HkO~#z*%!C$Ba5*D!URg)1 zOsH=O2$m^nFGXd~DY6_0@=7bpCY!Gy3X-{p@TUZB0Pg?5|2az%Dfg}*F5}Oe?&@~q zcxGwr*#oOI4*lZ%)(Zavo5XNOYc0&{>{+#aWwiL4d~N%za-yDbBKOv32dlRA zVh-P|dK{O2UMQzZfFIN6wm9Gc7I+qUOM=Ku7TC0JW`^vCVI}=%e2j zyF3`S-JC1teltDco28QCaQvoKXy))}m&9eh{*hlyTmIFW1F6NKW1cYIv#3oL#x09B zZu!*&&Pt-G>W(xL9OJG8+UFuNc6EGSF!GJ!X=d%%TwF5Gy<(oBVa{qBxNPQItk=!e zW1b=6E-74hUjFoxok8t#%q^EbyIPa^xg4y_u89$GS4GQeNbxD63%}dPs|6+*ZhM3#D$&4V6cAl>l%b?*Sl^;P>gvSs>RwZvVLP81JT zHGC=>x~PP!-~n6v;IiH1Y_kxz_#M@g-V^K@wpVf9d+SUP9guO&r zW93S4+rx5YV`H%?iM6ZiS02nyg@FK+fl$|eYm8}j#Qd|Ory`-32fWy?AS4Q;q4uOr zgTW|e2z~o7zNf}4%4)~2L%oD|+v)ir^|A@k75RTcPax0tD}$(SCgy#jO$W+i>vs6n zwJ)@U^6T2~%SLu^F>!&<4U}gS#01@uvLpqZJRYTrYR+>Ca4RiHg@=@2|68Ef)FxS2p5?CZUG{UbZ` z9}0@EgQyvA^9Vvg<}Ja#^u>Eop+sG|kNoKp*HmID;%BZ6L8=J5`b&3q1=V&&UiQ)D zhiNRr{qs-vK$btgh`I<~mqGZzF8tNwU5k#QuG^uhJ`#*iRK`f9r&7M$vOM*=+qsV> zXaXA0$XbWLprF1A`ptM>k~0JC;Uz=%&_)HXU1xI27)rUD_!*`DisT~F3yH5D(}$X-FSz;y8D?f0eBz}}7jF1sj^UIy6`rq$-3|>24P_{> z<+R$WV9R24G)>9^MTi9$N}g*Af!#QhMh~o_T&FG^xe>((p@H53%>vyF1E8BEyBbiQ zTDYuttoVEuyg2c>Cw)%} z-_t*@S!4<-7DU^xZ17mBc#+9)nB;q1EuoM+ ziwNJJRabXpBkE7{`uXveU6{NMN!<6jrhPU>QC}tp7$$%}Es$91xw{zWiBf{C$+pvH zE3dh4YT1=<`U>eYCHnNHD>#CRucb-b3r=CcOMFKM--$t=P2?XL)G`zHzK{X{VDTwA zliXOKqNz!}+Hv-)kb-r8s+LM?7|iwpdjBsT#Q^MhT4VjRM{#}p#K_##SS?vak7Goi zCgYCEh)$LK14hvnhspdB(>h$F+YAlNorPY8`HJT^4R%o$UK zSt%WREScdn2ZiM@_Vm~`ix{cGwNsA{ME#-Ma0|q_`>h4&VZAggwz%*ziZ>p;L zHRGUV5zSjrMQrcu>E{_nIlr1DHtRlJ_=hy`9tqC8Q=E@|rHREPeLIuh3+F5+KYAv7T1FrzvF1b&!+=R;n6AwK>M1=)V_TSo8q*5!ziW3!ul1UH zNc!;zHMe)zGjQ^Y228FcHrqoIaBophQXnfxpi^yU^ikUwXn&FjU^b3n2M;_5nxTJm z`Je?H(d51T-7u5lGs609#OVGdM`{+L65=f4$I`DM6548zp`H^mk*iB5(+7isf! zqH>$W{e&^?BWfNbP}sa})`ZZ~&R!&oYsZUY{-1WAFN`)!c8wnNp$-SVnAP51^MJ}| zDHvj$%f;81zG|bnDZt5h3~sX!+zca;^1}n%s)fV>jWBMae58@y>AljxCWgTP9KY&4 zN8TMeu-t#>&NHqdlA0x;h0*zvnE9vUxBI(|Sg;BkdfPP1>(|W=9$iT7OX~;Rg*LQ8 zyq8rEu&JIUBV%sX6_9~^O-nON;l0Z28)1|4;4hOc-UC^=N^L@n?CPmXROGJ@Vra1z zcS76sOV*-r`y$`Mz(xA0cyn8Q2UdoZCmk^ijF47jsayHh!zEun>cg4t25yzv6Y5L(~gke9NXr=Or8U~w;(MAE1hLXG!>#c9C@U>}W%P=U zH&8@(Z$ZTR4;KckZEC{cH!~5d7Uu8Vk5EkT$WIr>J@N=&GAzja9df#qpdI6GGGpPI zcF&}7;j-bb(?Dg69U3>i#m%Vr#l}rLo}tgbTOb}`m&Bq61JaSspuvC%n!?Gzq!O1P)r&Oe+7=3; z6zm`jBe2gqfaFzC5Q^Grl7$}yd1t8WK_7&3nL>0fZ+TM%*K8_t-`&4!~CIqY3MoPu-rt)4f0?a_YMa7%FtY zvt4$tFTUDpwT*Al|H!M)8;>Q8N3?OoS?WFi5Qf03prEh-#kR3wqTKAdFa6F_M6GME zOePsi{r*wHUqQs9bM1{bLU&rkj`7)W$hY#Vz^LzHE(;n4);>5KOH`6Hj>T_a~pNNeo za&i{2I1xFjwsuLV8akvjr@=p0oyE4BlQ;oaIf^6>Jpbr9V=;-n8h3+jcR$=lOQFwy9-II2DkhScz>>A zba;k-L|;;AB5d8wZ&n%;-(b}IbRi+BLCewC3#nDNZgi^Bg@u(u0{41GR9`cGNs*!@ z9+2|yCPHv7_;h0WSTKgi;+?&0ZX}sO$pdO7C6mdpRi@l6Q!(2~vQOv`Aw)$#($vuW zcKsUPr&tt|^n~1sFXq>Y+mlXIeE-Q@_*s*XYZbyO!PRJzJs&H#^bu94f;C7Ya*VYW zOAJ0sNAwFwmXJ=97>|_4H@}B{7{D7UgGz9lx=0-aQ;mMlyFq4La|QvavR^9hZ{RSR zSI5aom9J20PtWVRqhNYT)U5RwLl=>>ZyXN@`YX3}Y^xvDG9V@XtP3@V7IjMRHR-%u zk4eN7)704Z3&`Pg3$U zF4bPI{;UUv0>!tc_P+cq%+!%B8HX0GKG1+9*8I_a3!JJxP9)Q5JGfxD86TBnlr>X2 zjSpaW#Q@l!r}c8a!P*IRt7T|B8isvs3qZ~0B_8#xz4fcvV_{N^#9zL>_vl+C>8|U` zm+sX&$Ef*PXU(}o9QLO0^NV&jCy?uxNRR%SQ;3@Azh%j3%NyG>@GZY`5zLV3kFy8{ z_cs(jQknF8x93F?l5j1C{*l#7+GS?G0T2lk;p0qDp2IDldNQG_ZXf`U-@bfo+7%w= zUlVVXP`>+nZ$ujde-l3*sX=|`LlG5i;i&1af@mB7#J#RSE!S5ECPs1+3JOu2M)tR` z>)9rhPP(%!Tk`lZM~#$9k}ZpNhJoxcvGCAg@F>aSgj|o`8GYmLr!`$t5A-UxBFxjM5@?m@V%qp?=RdnHY&>JNd5wc% z&Q-t+T_E95i+gROAl9|o?tpzd>wIMWUv@de(R4$K-oX-jzzHG9`_c)zr)!_nDup+t@1bKtl%IBE6m+GOtK`{{?;@#>Do$%anv#3 zR9}|)4k!iV7&Xaqh-T{IXn{5kT$8cz;REgq;No4)bV{d`mXMseFS;|uePunM0&{}u zaL1qRt(f{VXe&&!z~)k+oRnhT4EDu0e(wrj$1 zCds!u>>@^a)Y<(MVEiV4z~H{KC9ZT{(0+vLU$8YfjwFjD`xgU~bcpJ|T2uck&$0S~ zeIzBqg;Fe2IpfuP67|-qv7G#d*1nO7yZY`eJO zl5AVu?qdI?g{SIuQmG*mf9wm`g9_xAgCFA(PQttm=a|b~ZAPct{cgbDOxV+|e12Tt zAN|8+T(Csk4fXyD-iyA*rUis#-MLl~f@2$6d;3U+pYLT;zREjo;jD?_rVeeDiaHsB zPSW)HLxtA5&Hm@=cvjq@RtSBoEMy^x+~WcrfU&y`f6kg0)e(gY=vX zulW*%x(pi;J>b1$Lby$*ks9isA#HtqlOOsWX$f_8kfmrrqU`p@j*$2BAUTB+T$p2% z1)=J-cQ6V4F3$kg5|e6Wg8-i@JD*qEW`+hkul8l5E>QB_l}Dg?&HdGC>BdsbWPdMg z2QO@p<7!;mQ5VbVy!@v)7W!Ct(2Kuzcu$p zLcW@fKW^HG{#_417r6a$h&F~%8|sc&_d!;#vo;+~3FCkEBqeWH8#iB1&G35P^DNt$ ziF4PtUZ!5^K;>2APum(#|E2??=F4l)jg@a@mMp%N*0_L`l*P0tjRt%v8PYWjsD-f1 zdX)^-3Kah4r*$NPR~%jCl7x3_Tn2iL9guwxyX@`@~iQ`KVi@mcv3i+q-Yp|v_2!as1KtG%ZA6j20> zhtATormvmxVC|2W_%@C6iV*!rSkG)uoynLMCh4C_pB^FgiNZ1i&;H&No3_!CN4N6A zQnNqHr6-CHjEEvp!~=u1_DF9bHJod1WBYJ`(!{In7f+ahj>LdC6&j|K_tgpew6Njv zIIMIfoA$jVw7HDoaTDZa&qzZztK{Gje{ns0?Xc1@%yr`+(%8He64Lj$`FcogPNnO#8x-NotLqbj5NWKvZR01M8GF*qD=)ZF#}yUT)m z=tqDNF@prj>U~N=zkDKpe{ke^wpQeXx}jE?2^-bh5Jpe$zbF@tNDDd0$Xa`a8Y4Q2L_R~r9($MUqmUO{pP5E@mV?%7S$ihhveD0rO&MiilmBD~ z1DXxFx?e3#sR3!CSiZDl`~*@Hm~Z04ME>XBqL@XEFTGe#pHnbCgqE? zK3b$9gAPX(!`D0OrD?(U{ahtnj)?5qf)(sp*$Izs;sXX@cl=g1P%GsAeK;S+?o92Y zFEWLt(wa52htL5LNMqDJljDG1a6(C%&+7oTh@UKdLX?|sb%zor&)RM6*oI*^gQ7A7 z9W5oBYUK=0Z5pTgCF9!~iV*_!Iu; ztj3ma+K17KOgpEeZ|KyN21O^VMd?GC4nZf-$SJ-KTR_|Cj0`jqU2m({Eo|v)@Nz1B zIX3;$s-JEbtEjhrsR$jMUs^1C=6+D7w{m*94aw)mWp&Mz{BhdONJ7OHxTEt?FBt8$ za*D)ir|&{X@=)`GFzWvM`% zfRN@$h9iVTZVfN}Y=@$fzHSZ{-$I7r%aY4Xs|-L6rA3-M)Rr3hml^LB8AR@VUyAJt z;I2~$hZ$7g`oiC165kXi^c|wR@h(5T@ zBb4ibnz|TL(JZPUyyA3sPp$-|^WzkaK`3_V&eYoC0OTjkcez2};y@zczlou?f zHoXJRsKUqPD8Y{yB>(KgE`Ng$t5=J_djoSx7S_JBnXCr4;b5W?DV8MO9Wwm&Z=y?753rBTxyM4T+zA{H7=;78A~+xrl#k z|3QRllXg7_I`}7TIanj!Z8!^okhPcGMo_zQ5#A(BHsv;mPn4q(ZOO5F(Y5n@)?e@{ zc65FHdGf{HGOCXsC57Wn0pKn7?PnSzWrX2^XU*E?r=*PFz1RHyM#S@(ylMB^f;9${ zG}7{>VUur+aJt;PQXCHjzUbopvk1g8Rj+GckLPK?!b;Jz@bd~Or`S1O%kT3ydwTPN zUE&3QbasP@`d>^w)IIvbv_%KO7-;1F46BV7o7RJ0D8_`qwZcj z(9YOO9}(2{1GvxXgSd1fPjHJ$sR<%5>gC#P32vK`7^v{?h9Z)9b#3>PW+J zV*mF{LVX~~8j_Y^ak3QgY%@U?c%lfdh|HY6O4~Pk@C>&~kb8d&(^%e5*`*YB_w1GdSLXu~}LHP1QM77v4`9@A9T}cV)hiBlN zLiyH;vi46ySt==*qaT0#{7pwzEsCgwlXbmIC0G4_07f>$iKZm2&5yBe)? zTF#QXZWLVF7reI5RWCn?%X65D93sX^zb7GA>5pk21wJbva34pi|96J^g-IysfAQ0^ zz`}9U-wQFN8{P(0N+akRPRgq!z^pn0$5H88$4H*sPm}O@ZeZ44rv59in-M7&o*Q9c zSF{OPGn_?};44OO?rNLW{FwFinU}hGeVo9I0XHzt1Cpr6q>-s>Zswu4Lw&tK?7$O8 zFk5c?pW$!5dwzDwkSOmTbxW{5PjJ&C72UI<5yN-4?z4qlK}^qGnz0gh5$4o=PlkcQUu zFu=)OUbd@koEk~}n}d~(RE!4kbTTOw17rQ$PZprEZj^PuPN6md;jhxyidemqiwl5h zINhoKqcqCrv|hubfkk8>pbvDh%#_u68(gt?zkyk=ZygCaYCW+Qhc<%KJYV+absq{A`&F+A)c(cZXg)_fm<6a+CzI4#<4dzK zlsl=x`}pi1ZTwv@7l&RWiKUiwUwtrP;ghM*1pK(!T!>gf0I!gwn}|=JZo|F#Gh;% z_+IRHEfdNGQLaqfV70Ej?_+^e__=BZ_x~HH#XsRayRivhXS9E(NyYaMbv$g*bWuJR zBXSqpjXremN5`QA+;^wMP1UqftGZ(7i$gj1EMJj|ISuu|A!)}Y?^wagG&r1-H|&^~ zOLXI=!N4vd`AKJyReO6UIDTkU5T3)-hJN<_2lvV1I=e2?v~j%Ky%+^X#R?N3HlXnsIy*5T z?y*uUf&TK^+F#$HO|xWzW8s%?fI0KqPF>U8YdD;ySG1rqU#!K)_-KGvGp%I!=B|pp z#C^oH?Yw!(Vr<{vTQR)n-kpI&`KByGKd;~}cN`LN>r33#NuJ%9h6s3tayi#8{GS2{ zrrh7AKZi56^ah68p0hpQ2IgAd_Rs8BkxsnPu2;{N{ZL9p4+`T#svtqysQ3TC-B}1z zj3@APU8dqQvdMnf(4-!U|MA@Pb8;rd>Hh=BTiDV=OB@{ex!!KF+7%?b7=-N2cWbw_ zy~G3lg-JcaFG~L~=RStw#_HC2u01J>v}ck7#H}UYaa>{zx#FM)o$9Rq1$kkn-+x+% zju7w0jKGtFaP+uO*cZk}sLx}`J#^DI4yyYut==7U_42+Qt%gtShqT_}>3>nrMx^{2PfKkmt# zjpegtcroEpInO#t+=kI5SN@Xcmfl|F0|v~&{3WC4B^vuJ550A?fe}7pdux8#kWBv{ zbQ=(yQaC6N{SguM|AlU~ap?BG_XB8E)@yrsI=isw{Qd^wy=40A&k_wA%IB3_-a8eo z=7q!edPS5NIz?Td-Dv>HGXT;8^w(6*BS*e*>Zklf&O;&Tn14)yDrL--cEcb73 zKTzl1&Jkdo(t=5r#04k>@Uw*c5NfnaN?Cj251YUF|AXc&CATCHt@+wC2UIT1s-{;s z5xl+o$VF}Z$h|0OJsIA`lCP3E1Dz~hE+hXqsj{hGeEQ%hyXD>eNn&;M3!sqRl9llj zYP`ID+OQJXw$oipyGh!K#ORmk0mYmLt-PvTPPQ19t_ntK5cP>GShGsk+ z#SV4#SLUk=7Qg=oT)Egn5&dxW6o{RKolPH%NuOFHd&>kGiL~OlKG}a>a7^IYaKL&g z=fI5AM&Gx9Ji-!hor~CL=#8Lzwh#6vvN>t{G!73$(iVBMy@ugE4)+R#^_DIfY4e>w zo(sK5r9CEcZ_yLc?YkFn4U`9Sb+rBslMU5Yzjm`C9_sY1)i~s)#N>J)$Nl5i?wN@A z4WVLVWcKZR-oLCmFNZsYrd0dl{qVmXT<~LU?qhPMRxG&slnGRxN`L6i%hwr?zzHmA z$HyM$*X%m>99ts~K8IqfF0@-LP?b`}0}rxMDt9C_nQ0IkX7Ib5B$M-2-)`!&2e`z} z@heEDPx`z`kbvfU)Y{HWij5K8bw#XiA6t)#ZhSs?7j3Ph(|j0-PLW-NtH1aW-v^zs zoT*;U2@NVtAAce?az`p%QXUb3kgHlJlUwkodDJLP(aTG=4g9vpEksy#cvn2}#;X}W zZeGZH1dB^lO>W0d#PaBSn$tz5D=>V&&HqNp>w6Ss`bluFkd^@|-06_K34>5{zP52r zg>v4@s7uMwT6H~Lf&Ruwh||b&ax~5&B80Pu?4F#sxWtQ=u()0ZP2y*YA3?C%@t5bw z2=Vd!g7o&0q+(B-S&aN!PxD>cI z-%v@{xX=d{uH|#&1>iTw&Ro8dl{9N}$gHlOhcI+!_ordW+p96mUc% zaK!Z#Sw@&rLtH^Dss`nF<=`^hXN6o=rEzLmR;}q;;scszbvY9_l6reyb~Ab>Ber_~ zYCyzSYHA@!JR(9mLO+btUfMhMzHLCrx57acVjdI`Id?5-&MOt_bbLN47wgtV z=Hp=0z$wn_uzOQRVy_|s=w@~_tb$c0Ma_Ca3|%KgHM+m{VP^9FGI}o|VHd7COr&N& z#tGW@0s|~l@@q*Q0reVF+L<_*%p@Z0G?z^#bsA_2#vFf|AC@PSGbc2c_%td={oAl> zLg&X@xpt{%m(H#!eK#gOX>n6=_m*1oD0Cgwn!Mn=7nth?C>6+mI_x}lWDz5&z^;+5 zN^{@kU-rGO%9lTAw8n-*ei|8N`{FSAsqD33(F|u<2=v>nWp^=K5rk06%Do(|KNLSJ z_d*Nsr|Bf-R#?*=@RDgir5v`-m#03a`i?vLOtSOwpHuRDx38@gOD|?obAC|b$Pyr| zBvD^(j67^(=Yi93To!8RWO|-<SUyxH|!QN_=m32RA+0_7=L+Q%3c5*xqk zvdC}ZimI^+1?w&S&nTJ>C5LkxV8?N1g_hZwGK{93!hBrz$ue{~mN9FulI$WJ3QL?x zG{gTq)3rl`+)1vo4#3x!YFYq7Trw4HABwXt%-o$D-|2} zx^|xKbV2J9I1i%N%e~Qyn7;*aUr{Hu8 zpigqNq-J&xVfwu`ul3Vljqt^3^HZ9Djc@lK`Uf@nZ%WKw_9aeTIhk9=Gd1`Qdz;3e90|O9XOW=IwH7$tmAs$Gms>;5rfC)>6MSrHYoC zMBABEhT`-_OE+@|QSA>|Fq+<5!yY(iEqCAJtRW>c9Q zbWf?!u`Pg?Jl+bC*}ImI{BGc^E+r=Q3ed(A`q|nx8C3~&a_ZZkTJc%;4NK~7%=Q+^ zb@(Ln-YYhJp-5G5fS+Jk^jL4>gXS}Fd0T4=-t6*+Hnz`y#JZ>8thr$?Rn_Xg{=(%; zxEx&XDg|!o>q`;d2qu&I2?v5Dwagv|r-ugGbWu=vyzZ16d8(||o8Mhxo-eHNV8^10h8H|6A^@sMQk0^|w9%^a*F1%3%%r9xA8v*t8(| zC;99Y>)3BQlRqP_P}z<#_s9k2>(iXITkB{Ba%&R`Ku(8owWwLJO<5vM*T~PW(=!A1 zOdS1waW?WLdYOr|&Mx%Se*|^t({S!dLoA!aWVlFB-Hd__kJb~Mx<(NUrMo`o8yNIo zA*cPOBi;XK?>(cU+O{r06QY0ul0*>@B`HXdEICUQNfIO@ITj!pMafY>LXiZdkXV33 z$r1&LMb0@$rU;UIpW@#4y?fvLdc4;?`bYO@ehOCYv(Gtet~J+Ob02{>yy{6!B#T?A z5D|*YH96Io(3K|v0Yl9;P%uunrnW{?h2R&M<|a@aLo9a5a8kzNi!>nM%DR-*^)BZ;ETqD-6G{Z-;fWtby=Y!m`d zi$3-t%PyCvQAw$mRg*|N%u{d$1dc1$gYC;H#@yDc*jc}M9)Hs`AXF8*k0`aNd@2<> zE;VA~r7K52$6xzN)y~{4p*BN8MOV3)k%>Qci|~A-4Ch0xui_Hc%qo#ozq;^wL>o0r zd%apN;?HCi5-xmuv|B3rmCd{bx;>NmqTtK&$Tf9!Gqg&rf80uYY|`e$ z@878dS$`_M@Z9Ik*O+FzQq0vXs$bDui1swTx+iO{e-!a2PYSUJF{h=P3v< zxxw@s|M(ue_75L#AA!~iC5-wkVk)dF&+^-T0?OhQ;jTLQMH+LD7bhH6&P(aWLh(C= z0=+3ml~>ASiU^7+zvjhf81K7pcwUP^>tU^heeQT%h|~P^UHtKnRbwjJQaU*%i>NPo z(e2L*CfpSct>~;3ZZ2zMHl-_$;2lGn6iE+0b_cd6#p~2J(q;QW7ZQ0IB^+SF4Kw(q zI_ZZs2iHuF7D?EEnz6~s%}uN7R>$n@{g($KA<$%kc_=iQAWc@IuBHs$Kiv(oMFNq6>{Plo*C$Fn{y@sYqC?%}KQ--Q)@9}|cke~WeQ@@47%vf^Ji!b!eL{c@MxG*f% zn~G~5Kq@==3^U{2m7=Kh9>a)(Pjv%jkK`n(wE9OJ!y(R(gxP}ljA0APJNrjs9C7<8 z34piR6q5(hd=aGRG!)wuhpi}wmA5qVf*VmctHqkB+@Ir3kk*$j%4RfdOcHI+DK9MT z+LZJH6aqi_WRpvMD*0(i0;ur1Mcs0nqYqA z2u+R~37(%KN$-zyNmT#*2j@Ev z=`iorn*t~ny^D|Mw&}s9au-I{oVcdeN?#TrJm1|xL!*j%9*>6i%~hI{nGB6;EBs6* zQWgc1?&9(rDhKT+PL=YdO=g$(=zsU9A97G)YI_j=g7(v_@G-Of`S+k3eD|cFnKCVs zUXczrn5RF0grIze;eqo87KPl;iP#TyT1cf-HRB(pIReEr(ag$8@4_8?*st|nLMo>_ z-BmzwemJ4&4wQi^W{qi%cZW0E>Y0mNn-&DjuApW%Op0!lp)J*ztTR3PO6*GjFM!N7 zso^al_Br<7K&$&d?4;GUpajKiS;LVF=f`A15y^P2Dq(ur#-%89VFhC}h(u$ostBLw zL0o+1!_uE?p3}tz%IV4~PbACf;*R1tn!5yygo67Hfwsth7Le9o)0($@lE3!l7=w`> zIGAM0)Wajudh8pmMQ}#~Z(8*GNIOMw;RdwL@h%ac=N93&;^XMp(xB&6*B$Ga2!+s{2_5vCCn~OBo?9H6wAUr7Z))c^QZ*+s zP~WgVNfoA7uxru3?(cjw)t~Kfs$Me{OjSiQ55|SctZZzu)$8LD55b}C%DwH5Nt11PfWV%Zrzha7*pi9PN=&khZmzf2 zX&)aTc!N>4kH3f0gzVYAKZkOU`N}T|0Aq(*=;U;k08!2Ay$YU@!mSbJ^((MxgCGJ>Ktz!0=Ox~ zjdbL$8NXzb?k7H=CMHGC)j4EF!%C?fiA126;LY!6%J+{-Pj@F4S4$@lr@yIA?=dqm zIlmu=l^wLpFUWr~~_ zXWg<&=1YH+gZ$?j>7vvgBpID)G*A2F3C}T@E|)*LB_5iKwC zl^+}lI}Nt1@GDR>tMvq%GS%|op2JcP?ZNTHsRs)yU=DU_T!Fw_S6e%3*=I_$>aY5C zv)fgQgxI`~*t~S)=S;-IyAkp%T|b`N@y%7PSO?Mq!z^w&P<`~KhJ?boZY&|Ao+4;a z13kTa^r(RgrJ{+NI@2YFy`M7}v{-&yoC&PfF7y&JdaWXlImv&Qy;UlBv5h4z6-KFQ zaqC~}ufvxCx7baU#d@+R3BTk9t*V)lp7}pb=81y9e36Qq^|rvbJ&`x=O3&L_DO zo}$f)f}*7*6F1OKN|4c(f`#>`?%ZyJm)X3-j2}H~evEEFDs`2wz1MRUFj0Qc1Hh#1 z#Wb&z&eL+s=VTgU4WpCIHwZRkEmY0~Ilv|C0zQvFtzugt)dv}|-P7*)snw{+Y98tJ zn~8q(gR^Fc&mBPnR=ZS9;dw@;DLL>Z=rKGOJoNsiIJrPp_;oIBFQrdJ89cMB*y8*r zwm{f$nmu9L6sALn26KX=C8ec(*;8OtuqU0Wcd>k3FngXy=XZCI!={@tCwOoVvAmvw zj+jz7TRLdY6lk~K#vo#?4qyT9OdK7l~;LZ&0oHz z15R}B+8ltBUC|D3zwwJJQRMS_RvL}kC2I1LgZ(m^bJ9HMsC6NsfVeO9kqK7_NCD*YbrChy(;5)Qmm5HSbr5!L*qxT-LogAm2 z!3Q^1Z(UgaL*omJz%!v@i4xWtXKDm|h5)NdG#*4F=~R)p)*LnA_N@K2LJs-G^jZ)- zh|Gpx*bWfZ<8&L_ka!$Y=Ef*ro%dT&H1Bzyo~{$`uvp|K2NfU+1hEg0Zille%I(if z_!M2rLp&z5pXnz2`ZBjXd#6xo(9Zm@D^xbHrS112eofM5XO&c&Jza)aZ#dd}&*$l6 zLL;wLN7>Q=iZwB8pC4QRlZ&-B>7KyU{6~w8BUk_$a_ZW>0dy_Fxd>@ugaMZLbg_2d z1E951;?YV{Ldk$?1WaGHvA+Tk$UMB*LVMmtlN75NjC7JvNQ850rO4fT#wzzQbLAn! z^@n9bQl%x*DkSJWhcf=TF+=G@M6l~pGu9v;^Lt6MIuCBM+?VMju>0)PTRd}i#b(N+ z5oufObti@|6-UY+wsU61yb{M@Qben!_OW;uA@VOvYsSo!Q2HKkeoF-mxf*UHxL(p1;&kf9`G7-Dlz27m`bw5E<2A| zCia{}ZxGq-(9`?MbBXuK;u?s61T`&mG_Lm~|s$GqrMk>jNbL%#*n6ql*Xpt9EibZzSBoHTL zC7$FW9Vg$4H8h#?@I2c(n~^xJu5ZVe#U6j9o5!Y zWyColV%*O-kaTAzu(d7rFa~Wo@OXQ4XPJ{+X>Y+%kCE1BB|@@pm8)C|TLuI{a6x_|f8t-)Lsv2Gb_U z^(zs$Vf2`#?^0{OoS91HG4Gv0tU!BlB*btDJWT=!m;WL;mvj#ndsQ3TxLS zY_ql-RrEA@E~n?omN~?jTVL2PfbAW$00We4Szy99hCz0-#sCWWe`NxHw0vLxWsK|^ z*UmmXh}h;dQy~7$uA`g^N?~#R0)m`?FG^PT-$qo|@H4w%*|FK09022nWn<*zFVrly zd_|d}zYeUnJytsYIuXyn5#GmNL0P_U{5tF*4U6Hr&@a~}-q*AO zb8cM?&wXaz=Z}^oz<{TcKBql+c5RcUy!TAsfcLA&cyoe?X`a)jLn-BDdTg!`6y(C7 zAU9Y-=9BXUA|P)*fzsxLo7|g>dCxVuHsd~B;4HG)**PH!Dn$Arhav|1U7`vqLT|nb zK=?iSEwRFqw@t_Vt@+;J`^7M)e!io_!QFO6PS|1WX9u>Tfo2N@xdeIteiRoTLR zf)a$F$AS6G{KIF;Mc5GGxlhwlExIMMF<3?SxB7Y(jGF?Q6qpFyRF}v9Z(Rg1SPO<+ z4I@cJj_`#v6he$il=On>JI`_!3eeSTQd7Qv8bU-c7C=SBxnOEw5DGW%*~>mOkA;!7 zIwratuwfBJ zi(Tyg1r7G(O%+HgNb9YW%fd*Jlo*48qL2ryd4wN(6RIJj0vC6FrUjQIhAtomx7T?G zOjeNu6GNs-nNxW+a`ui-75z$|Vqds%xHX01Tm(LJiwrvoLT~eBY_~aiHpWvn%rzqgEo>z`Zq>ZPT%e zMQ}m+R6zJ|5W9-}3va9KA4ozFFkr8m4d%op>MUI(<)ttdooP6eE^s7ZaGhjbHQ+MY zF_I7-qbxm`pRqdnFjGl<^Z1kI{nh*^wu2c=>XO-gHhYk*1E1G&um}=YwM#IEax(Z5}MQ#?nrn{nQS1(w;cacDch2);PHn!wfgzvExK`;}0qHj7{I7Id&m;*ji60D1RP-*}~BC@&}Xe@E3OmbQOtj z{`f>sLmfy+NZUVVsjT)eAVb0AOK~?L@>|i6wG!=}G~Q?C@W3Iy+&G!S>bZMz>c1j_ z0}#pvj^rc(yygL$qYfC$uyR)&aYGshE+zVs895*gn!}Sx@S>rq)65!a*SuHGarGoCs-5#6la~$26HCF=- z4zy;G?SJ83^mlN_K6t2&+H^ObT#m zGbVIP!q-TH06Gc-&~DyCjO^-{8av4}ZX%g7mzzaW`c;1B+aQyF4&&`?o8Mh#i!v-jpSjSzL4|R z!fZ)@@tBgyL+vssJ$eI89}xF#KeTl5b}*iZ3IAT8EPr1VCz>XYDT}F*@k8JRn~o)~ zne|gbb|IsQv0XKh_-Kp#PHxTafqBZK@*N5`a1v-)XwzY{@v$1fA`u8wP zhwL)&fV+ugxpwGU)t(Od&6l9sWiIf~x_bjP!ae@^p458UYH1A%Lh9b&C5Az9=@_I#q$8ItA%X5mz!-=rEzn|3fWvhGf)b@mU}9Vthw#x%kKYTjx+m zAffKx`+<)=IrD-=`GJsF`nN-3e!}}q{h9Z1`xzeq6KtI;9Jx1Kp5b1m?RURw3c)h% zkipNQ^;gPs=Pi2RF;3ow>>oseWjdq0?AF*An>bBU77WYj%-f9;s?Dn{2oCx6kZz!r z>qiMS1VORf$T|WpL4Ll>*B|g=GR>S)YN-TdB%sK}bpvWVg;2kl^*!n*Xqc7oI~8T7 zHR@@>CJo|eeXd8jZcXu>+YY40RHR<8yCYkPpO*);vz7ZT_!g$=95k|EDn>lqC%(Gk z7tDn~iKP!u#uF0BmCoMc@1c=4-R`_wlS6rTOwr3A+EnvV>6~nMNgh9Q>7>ozYu8B9 zu^o?r7x|Qt0ZxfM*(xi8=sx$bg8O?BGM!F>_lUMWU0XhjFYG;gkR(9kopU~ zPAl^7==BKKnGo*Y?AhwwVr2I}bL@G4=h$-rf=hoBFj)*BqQ8M99ufR>71)ZLsqw&L zA*rwaF13CzWAQIDzW*i(aB|CIlM%lpMpg6LN6_<>gze<2N70V*!D3Z%x1Sb&r3`n8 zPTKAD6YU030p28@1FYh^;Nw9qP7E0k)uwn00#~C?V#%pjUc0$regn}G!xsfTmgC(C zjdbt2&^oW^5Up~Cg}R^Ih5tNyrf?B6#Rc+W(D|eR$;oxsP>(q?zFpxDbX3kVcoQiz z_=1eSHbGNb+v&;%&Kp+`wldKUhum7`4>4bG6N}%Y!@zQ+Es*-eFPSN$sSp_5VH76d z*OCzC8fG&_oHkwcUuy^qfWy|1$BNJL`c+{SDs4Lpot%A^VP5;i5|i*n9r%4Uxd=9ojbYohJ7Viku58PnmL>jY!_%uC=~&) z74f1X<+og`fYRb?7WHrn3fJ5-LuS=mt&C`7maeC0>d}I}&thSzD4+;8te)Ive!w}p z8qLVEkoCqeO}f(`jP3O~yAzXNJ`9<*K)283+Tg3SB+ zy`R%%WUHL^!`$NVebJ9+U)&^XBFo@2KXxokK!|-V9(<$(R2KLQ!2`VfR6m#TZ>{n9 z%)TS=te)EQ+q{_;Dqu!QJ|EvXVvD&BJ?J_tIVDohkv^opft<_Y%4Gkj`ZkI|URh)3 zIq~Y&+EK4r>zA0+_tM2fIL6}PQ=~?;x_r0FtpFka-6R^(^DCVmD%bP1LAkEaQ`^!d zYNSFyXOxU7r&a0%&dO=mt8q(*9CLmeP=THsST*9vf(+alr4|*6rpqnPE{d2;FxG^c z!Tn43!c0vS9uC69cL=c@ zF*R@FPh7dWVjOmyp zKuI~!EV)|v`zNimp%5(1BsEn1+m_w`o~KVOzVmn44lleN4`6U1H5X2v1>uB zV!HHqH}`+ZHQ!7~<_|lPm9ML7@iV8u%MaY# z4@6onakp=ks7`zeGQ_d!H|k9vHqat9IxO<=uN!SPaX93dZ$6hNua!RSKFD`q_e6ff zi2Auk1QPfzWNSuNxW*$?9)FcYh<+`3xA5j;;C*~vPG+6l9^ttdg31o1X=L&&-?jO7 zQM2xx2t$h4ntFbmWGW|UdA8wTtiwQi%igIRW0;{YzEFB6Z&`2~{a}6Eph?QbTR*=$ieAt3Y*QZ57$p#VtirUH_zP-7-04 zpRlmg+A3Nt=%Me4(1Bg{i99fPQyEbSH~ZNmDQS^B*H;+O_ew^AIdqCY@s&P`2G59b zIxxI7A_;eDV2H`cLyNMxO5wS*V17Qjm_1SX_t6x(CE|6;0>rUnL$_M8xXNsW=wEus z@wWOlz%*wo|ALaKjlZ5~wBr8A4q#f`)Ae!7tB1M7=_KQs9<{uhE*g*ph9o4_9$2gA z#!d3$UgVR2_@X^f0Nxuj8-g&Z$MBx>$?B8%rdV3srw;kW* z3o^5o_J}VYU1zKNVvA?j@fJC%$^tH=O&PcFq{$1jw?L-fVxR(MM;|Fs&UrQJfmY04 zDPTOftjg8H=!zfsDo&hcxod(s)WER{h^ODuS&ZH4`+kA;gtUre>(j-8lhhbQ2nzeY zYt_wd4@3sTGKp__{>t`ayZ0-oSSk@0&0X)yAW}rNt7U%GQ7a}Q1g3+g>Q755A^Vy& z!MpOrKgpI=*h#9(g|4qlO}s{msdB&Jd}*RA7~9W%tIkozzWS&0I(!~KPO881=F~Bi zC>>sg-l&o)hMy8xz?wvK;zL?;q#;orIRRnlUOO-Tmi{GR#kW0g*G#=?*R^lF^WxVD z7tvR7l+M2DGE0O`x+AUo$(p=l}HQzTc6=MSRE{u$t6e94HL~x zE*tNhg4xZu-`qH_mLZ*Oe_X^6%YCGHgyIMBOR8oIbGK(I9rqC%9a<}~o;>3hN914fVS@y^A1 zW=fs(+gix(kk?+13{w8bkpisT3Fq(a?20N#xC;OnOep;iwH^NdG`0OVk_dkQhw2~U~JEOj{gkgJ($}L zZ-eXE#r~7#PW^-CrUSLH`YqsEq*g`jQ&sHrQ4LQCLty6yPG|RweRcv0L;D^6_9)Gw z?hmp@P>csh5eX@_Us1q{wv%Y${@IN@$yHJrDI`F`5{E&9!b;EJwZ~o^hI%IYATfuNA+C&!b zbO`2I3v;CIt{v8Hc(Urm_#cjYCSi(wa2feX2;wS7q_D-i36-AtacPqCG0)&DnRZ%s zMT}HR+3fb^cCR#DU{=gFi-sd;awC-2h_I$z172;5X2@Q?h)c-Hf2+WAggJOPl<~S? z6NuK8U%to|{(K-)lxe16zLP=blq6!;L4Q9H@|@QU;DPM2yBMC6*;Oh<%vULX_s~N2 zUGFrc{}y9bY+S~TZMu$4wCrK?r1OzgiI&RKC;LSGE0FjQQ?&+LxrI7{{a)iqn%7RD zdXtYqPXvUX3QuUV+Vh^<3BJgZQ*x0Y#y7qjHbTDC{`SB}$mBzHZiyV;NxzkWZjhD6 zm+kkIsPM8kOo2u0F1l0EaUGFE9rP{H9n|C$s?jP|q-0sebg%noILYbO#pdz9+MtR9 z<=UJSgN2;}r&YQZ*Rj!#1*3cYXcbNk8XM90F~DxsCV}p6ke$`~-xZ@)_i)yDGft&y zbOS#1J(x9-DWpr&icjyGZq>88xK|!atNFpFlCnK#$w#9~w~d(jfN$*ZFzk2hiuRYE zm(00DL!Yi`k$g&flCu}j#48_yJ6n+)}lO|^#1G16hfY970z_c6o7_P#v&OgIUR)wRW+n6k!-| z74OSa5h4uH&9h3*-29L`u;bk&mvwG$4>y{gVJmk0ZMrCt`8}~g$4zX(1CQh*{={WW z=6L?kbmGPw`-wUp2=xmS2dnfBN3-`FEDo93I>8AoAN8#8&ajkCmY5h|DO>|#jNEv5 z+0#~}L?&^EeXcwlxf5ra*XQB!il3b|097}-6gH*BvK>3Ec8|kM;Sw!*sSDAb%aq|j zXU0HE78C12$O7*(%i^Rk+QjXs-7f4$!muH}a93C;&gz37(csx}R0|`1vVPHbsB}p) zWSZaUzQi0BVHxp-_N{N6S(`;m$DdGnL6&M{P80OJiUsS9e3Zbu^jv=OS;iT3K}`h+ zN*?*&;XUBx<(j&Mqa?ar-9BHpwB4>~0XvidM0bI{O;baAP+)eHni=tz6c1G14&hTk zdlT(2SdsSs5SU`yKR__Go-nT+6mDdB)UQv{DQN7-*R-=P5Y-kxy!O1kpo}Fj-gozj zfPD#(|2415Cqn&GyLUWuoub$8(X6R1Y|cK=b&jQllQx@p3cc4QLqX4srYrjks%c74 z8@{P{C5o3CZ1u>fey!q6k(TcEf2(AUfuE7yz zKXeL-N5)aLnt>Dq)UQxMEwA+6&Z<+S6Bzi&H&Zh7%wALsn0n%HR7c;qVa4ViRP7*x zhc76iE9jVHefmn)>P#h)_9mlK1H>^6!iLk0$hlsO!LIWb1@z^$K<hD>@HApK==5USB^NxH zL9X+x%kLW-kD2j1fslYp&8wFs`4F0*kSI4K3z>D~feQ;&GjWlYU z5kbvpT@fVaw32o{hvAnsKvX7z?@$Psocx3Zmn`9Lk}46)4b-6)XQVm5KPz+TY{>fH z<n{$q3 z6qs=&v|P9w-S|znp{r9&8B+Dt>Oc`0^!5Y3E9U^)$>{9i&#fxEI0k0$)~uLRy|Vti z9+~`eqkkZ?(;qEqES31&X9z-u!Tp{E`xzRg;s=4=d7%9~2W(iBSlS_U#cG)&=e(2q z=Q$w&p{sk4M%vat{10lQK;qrk9Ks6`pr8ZAN?pq zGLUB=jF$#@@fCaRW1_i5w#vwuin&Bv%3uG{gbwv$@9mLYmFpxzab7k2rtq{!+MIq* zk|5(_E(%UY(paT%3$-adza2b4+wJmVjSQ@Ba1UZOOICT$w1v)a7?!!)L>cZ5mwYBd zAVkjRm9f?*;*aX$N{`!p%&iTJMsJ46_(VhORJ?uKfLIYMiu|lw+{X5adJffo1!T4>CHArc7%SbjYoCv zL|guzBwqCL{ddu=5qvt=okr;bqh|tK#;_as@t2RM+v*8NXTVxnouIw^H=Sv&)UG7h zLEP_yAk$*1{kVvOl1j;Ps8!8M)%+8#R%>DP>{C)bD!0AI+>W-0i&j-9#%$+Rzj)m< zFXuPo6QU2hd_Q;yT*i%2Aj&jT;(x_BE%UbZdCekuv33q&68AxYBf_*>U@d$mKM`8J z+yHpGOO}bFeT`bz!#!D^?wOTy|16wU8+?IO_Kf4}<06?YfC}wmt*;b{+m77+{9!lu zf^HtzS$n%dQDPSl$~?{8P=oYYzS43w6V8#L6jfm*6DQTNTvMV6OuU+WU3>eukqRl_ zI;;|YkL>1*k3L=C*Zb6%xKKU`KSS>PrD%pxt_#P42AEQs=g_CE*0V8u9{Y~7hiYnc z^UvEZYro2{L+jnwh)o}nS(eZ?{)h~RaqDC#JuOsRuF|KD&nj>4OwA*r3dNyu!$7zH zwRRUhMV7(f?uthr7Cx+0L3-aqvVS17vC#jD&~nmVu~4^pO}SiL-=;tzJ+4w&ulGO~ zl#yA~$*Ei33=X8*2oWHGEq;|0U3H=8W*LzO2D{VY@<_clpT1((8YjKxvQxZ2O5{?# z+vTI-+#-eNZ1}9($}=*G{I1%HB(`lBm>~Gsv?E!YmZPXcKKoX1_gW;=wFgYH&2YUA z`lj%0o`Pgpbvin*X(m9X)8S=m$Gx>F(U`P}?&vvkmRoqDsadijqKHZPNY={{A{W`aRXwFO|Rht=j4YcdzglL8* z@b9g>er0KN_eD0Nt*vrqP7a&Drgg_{#2qbQ*?DJVrr=sxNxDeZP>j=B(;o{rk~K8h zulnjHHnEqwf}W*R?{%E6Z9J@^ihD^jIjf4-Oca;2^o_O6WpJG=^3FUjSp6sokpY3R zCG75Pr-^o5;>8BWM{ID=hxRJlc`$a`XTviih4kM)cP_m5woPS<4((ns(j$b9o_?tZ z-+X)Yb+Rh#4$IM^#JAs7g>cYaKK8C@5eL-&Z}Y%WFJR;PPqg-V53o(eRsTGx4Zi;- z7WC925nrVKKT2c!2YdtEwU?4tUgmti{dnaGtCV@c{ed5S;y9u6+FoNPENE`Cju>Av zD(m6-oyO~xE_R;#HD3I@_G(meZq$ig9u0#XqMh`xYF}Nye2={t^4Kj#no}cB@*7k? zW#7f_FHD4-j_$a%>T3u>b#(=z5?_bq^tkhA>B^H9L$JkzLQpjBho{~=|KV|1h83TK zYYKh*><&0`i!8xgH>+~(r?OZEJl)bUX{$q06w{a11WjvL)5{u+s?53Lc`-`SLW8yk z)8X#W?eDp+rAzF9YsD!PdqVxl{gHyB%B^J;g-opKBHl!Yn(zl5ch#xQo!jIV2nIV^ zlNIOPuhm??ZZ&bS?SkBbo&dK9(^)l6(V`C1xjdAo^jm;B%z{S#_F6d_oRKypAhK*f zuA8vjm*zMjg1z=qc07JviByh$nzDEnnhslGfr7S{{0D|ljX3@d7Ufy0Nn6%WSsdZ) zztXA5PS}e+kuX&hOQf2s5(|7(iEGsfV3SuKzYq_(=eIG8$(x%5aWLcG1#Bm&mBVZV z0mdG=QQK90tB47wZs-8cbm=vqu3`2UYk;9~fEtV6N1fx5A-vhhuq32i-aG1;Vl&jU zFICW=L z))pl2+`R+6q<_}fgB{D<1zchR6Y5(zvc-)hOg~*vU$a#bxIY?6*xBY0Fs$t1Mjv~U zGd@68v`2W$hu|$E{b@21I;{}i@^Ke_S;3#TXWRk@cr}?K@8kA;q%9VD)bL9_Eh4Zr zL$5lJw`uv)oFBg9Gt(n8F4gffW;(JcVNOmS{$cp*W7;A6yv=Do zo;9!I`kAbZQisoFt%`=$B`Jzh>&ET#EqVk3e1A#mw1$A?C&Z(2EHsIiGy=Yj>Rfj}C~wls2$;vI7`#fkg1E9KWIhb$GDA172SQG8#(4pqf7 z^K=$g@yZPMxQ+Y}z)vPi)Zjl?H*a4z@8H=zAYM3E70x@xhCp#7orb&Mxm`Xzx10~2 za099Wj>1nBO3W}uQZrrl z92EWo!~vP!>)z0x+ns7t^Umn}i)FuV?d*8mT5!%s-x$5S-D7ZSt?0#Y0Mw#ZbUBPV zm`dBH)bpz)y~ftlNBHyEdR5nNkp~Zsn19- zy=+}fFFT|szUWJJmD7R9VwiR)y7m&bmn@46a-4gLfBOmI@bEPcT0(Cs@8Lx}kD9y7 zFf?-dL3&^11x_Z;=SL1ar8ZKUmn^QWE*ZNH18tj}SDcd^`@>Oc-=PxO2lsVz2Si3* z1JqCSZ#Jk{`rUEYy_%`aqWJc8>+z4O#S|r#c=CeOUVl@HOP&W!-kI$G#NMvpnPMn?sHcb(#1o%8_rwS4SKEI1 z1dZ)3c4aVp9~-B{{Kg54hwZ*moH(GjQt#g&KVnF<_1H0isVg{++;Hg(;hLir= zkzL92ipgKWEr(9OnWAsYEXbk33ErHA@~3leK8S&QXV5%ww#E+l1QZygf$l{@u8x>AxGcGtR&dMh zS^YlZaTycpxHA?hrp*nOG#LLEz+dHq+R(0r8al{QIhUlN-0u0{CrE(omNk0Xrpm=c zK<@I}LYy{f`$yK!m{reP(X^6EP?gs)8X;Pj&2O75s(g*g?Re7M+`#szL{`O|l@3Ep6#uTi!VJB1nBz!(3M;8 zWfBp1#b&TiwJko=c+93g8*6i_snh)JWB}hsWMl1LA~)cGKp$?h6>Qq^>&j&gENbA* zHe>TM|4P#8FWgJ^Y=28TZSDtavvCJKiWB(ORLDGxenSsu4B7CIOdQao{8i*u?=S(M zzuj1#Of(wVvZK9 zS^$VMJunA{Wfy(wlVdRO)H;>ap(thY3Vi;`Tr*m@G2w3Tw7ca$@`QGXB>$)<1dj7G z_IIB?Hir7zlw4gaEWS#gr*PWD#%imkde*e4P)F}0Mk6ack|AdL1!iCW>|%5Mx@}jG zl&PTz%lkxf(s1xF)tUYsgZ27n_{gfX5Cbd%4>5@8U~>sjyznzqb{5TCTM9xobBazgEQr}NJdvnt<*nJ^FQ8KQf4@JQS!yQ3$!KBp zfMa=#_@G>BJA)m;*5a-c%^xMYcCFECV)t4{n45s()Ab)?&J$qwYR4eq+`l2v@A#o| zGA34}h>z?QY6y_)(qIho&+=Te68jonPyEW#u?fPIZICe;H=f)}J^&?Wrb*1H5%@c3 zA8-N$f|9DHdpPBPP~_-WX7|#D72`UZi>g2Gi7f5a;jDedBnUFj*Ay+@t>k9lxfnbN zt38>s)Dj#r zp~nJgo4=HBhj^r#`!{UwhHx*nbRU`?uC50y{bnzGNk~R*%-Es+W}ECN;k&g!(VYY= zG6wnfnBTW|b82d^)*sJUSj;+nv)R0OTScG0J#k~qQznx=H~V{rPRr`+2;B^F^B?G< zM8&}a$%}`06o%hKbJcu$MuX*&(o**IVuh35Q>riWO3k9a+}wJS2}qMz^fRl+&NlBS zO6T|MpSmiB&UygEKIaB?h%t@$8*`HXt}bWs1->H7S(h^af&SKJQljo-Jg=DtEjZky z^*Vog9pWi0)i$1ulPcnTq)yQ6Hfm$l`!L%myLS_3n&08eE$*%}ZJG54l4bXzof**E z@^nA4y(&1rQ^;^L0~|q!)952?^|s|yb8r)XHsFS%cKy7vr>~6T-jW$j?28;_MlU?h^4jFQj7D4O z`ml?A%=J<|D}Ji_gNPd4_GdM`_jZ^0%`1{S8ko9^VptIT1$Sa5Z1)>}UwvzR8dG$I z?iL&66Ur!#klzb^+|D+!Yg#kMOte)=Vxy5_RhS0@2?ulBh9fvb`6GX7$x;7Twd8gG zZ_|exRsYd%QyN&d9YKJ~*PVrTt-lR(GN)D*BY? zG71$o6sb31U&Fpi!K*>+Srsu`yv`xI7W1X@4nLjoWTo6;sLOHv7UQfl2(x-#kQDMC zlUrP}9|w$K{IAb2Rau9bEM4x*h+~_KCQ~eftk((Bd0U@wEeEB>t&W@nXo0JTa zxwgj>eRvpi)STcjLE+8>YW3me-prxqVHipoOBRwvdNu?3Kk+6cLkP@ zA>2B=1`%68mXD)WfbsUYb(`${V^CRdRm7+V1fn@~?`u}u8Ry~Yi|u;7{Hk~=-Y z54z^fs((#%L?tDxlf1_+MYnhW)Rn@LIp)8%F!eZ=u`p z5Nkd-FLQKyW|1p7tMkvNyJMfBR=IC0i>%J_fZ((sY|$((l+h*WV9reAk_71q$NHiI2Ua(=}_ zm-n+lHp%mza`qz{c1>tR< A^8f$< literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/images/auto-enrollment-activation-verification.png b/windows/client-management/mdm/images/auto-enrollment-activation-verification.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1667a307435a3bf602c93243dd06accb583376 GIT binary patch literal 30890 zcmb50bySn2pETTYl4pYjqz1R*Y(k(cQk)Lk7d=U zPai!3h{#HaY55U36N-@6Vo!Q2bnDJR zzdAdGBLz_x@IF*EuVdbE?iHpQVH)~hZ}E%0pa_XyjXxh|st#doJLD+IrHy!vx=6># zX*DjPriS<9+4JY(rKP1RB4Z4HD`$=V`t?hPvMb=>eu5^|;K{{w7A2~s!65|~ms%S5 z^H(G<#?si)_KW!>|2{e~J≪5bqlLaDSDD#n%2BRp6d~i!0KM{BSytvvyKJdYh3- z7C?AG5by#z$ccgfJ4eXpqtB&1J~8%lSaMeYK2F-4@f%vRMX2xZKT2Yko!|3)Vm}~H zru>e>X0;JHXO!2m`KQR#bu-#N(bNawd)@Jdj!2OMKCG_tW*HH*hn?Tg&tWjQf&+Oc zpLoneE_rMlj*H?@^(e!bhCQrNe*qC}R&sBO;4Gi?^Lm~O6Y$KJnU8w{?KlX20ll$p z=$gLbO9Vk)-wScxW|1u(mm)NEbe&UNVZ?~Kqhd*e15g5$^m&_D3PNf`UW8ua^5KpR zA1RpO|1h>|W%Wkz3`CHx<46CnzCz2qtPu_M-?~Caxih|Gl;fA{6n+A2}t_X8JC z!?t%4D+M{KE+#Kg5Sp+x)y(1-JDeljQWO|M(Abf1S6W&v!Pht-zn`@YA8#U`$x zMUyQVYdfK${fJ2r`wL*d?oG;hCe?17;8j%boFEPSzCET9s?bNE2JQZC44B?v-q}bs zDF-$9ubodT4-_e8o~}o+-Q-;1+yQ>=ikY7n#faRl;n3c`HS+oerE|*4d%*RrI}pBY zVmuhiJaaxv4EVj^o9p}XWwCXQZ1ms&;F@kO0mNf3hC>aWMoB; z%DQ011F!Cc22LmK*!r090Zeb~$K+`ZG(X^n;H=1Dlfbg{TJ2K_N-0z@5 z>SO;Qi6J(>VY@ORhLfMdVt_@X7p0vH&X>QkFQ;&CeTMlEO55{@W308r9KZ;}X$zRm zcNLBNH>u}RAo&Ag0EXqKPwM!v%iZp-97xyksA-8~1fSd?Ex(^NXD2RjZRRES{xTPs zvRc@8e~a8EPeGMj<|@?VDRH?`&+}nL#Qllj-rd|BcZl+?>pr4y`gHW_s680a&v536 zsP*d@vVw3K(6h3F#R5(`u5NO0u-H07rHiv-p2YnQ3)8u)S-9QeRwlmS8wz;TbcD6m z=;Q-$!fv$yAmRB!uke;SyWoH>x-L(J^_TnipLLxBlDW|1?r*{~S1xHC<%OQ_Jr~RI z*&^LZJ&hPRy508|LswqRcAYvdqiClb*zYW#|E84caUkfT*vr1E9X9KJhX}way9e}- z?|Yhe#jfrhGazd43`of($>9H5??oKt6APB-qUL^0c-P0S^xE`J>I zF@;wriLVOi>Gl`qL__Y$A7JFL0`j{Tetv$PUhQk?xs?M)5HECL%Jy2^sBymMJ87qd zR)Tv`-0SHvQKK!AbBIXUhrvojADd&JwA%vHT=QU7;z7>!4|On~@xpFS;yIhp2KXSN zD}P_7-kGZNS2b`7Rmvb9DoJeYTy6G+7b7T!qkkr{{zV^zbNAEdxZ|S zi|eL|(*`uar-NXCmD%@K%G9L&Tq6D>9UjOxg7iBn*?A-LDK_vif$v=WP>PDyEm8xk zs(_txtBuL9s|^b$;_nzyGhz2fP0;?84j(^|fXS{hLULGR6fVGHDpIuC`K&F5z_gD| z^S<*;^*#n?J+OWn_FG%?#$hO}_CPah`6IeAYNji-VfBm~dq>gqZu1TeURsG+Xr%9&-aHy{2z5KIL2-1+p0M~D|1XM zs?t`ofqV7#EFLpOp{3vE^BIU1tp2@}*J zRfdoev~mR-`E~X6Xv{B-aV^tnW4>F&eJ^nL4$dpOA8_P1%bM%j zd)XUVt>Zz6c@FE_-y-gLI7~I$E5M`$$v?l}94Z!*Vl3P42+I{VyJ*_ZONC7sxhjPQ zLW-L=s7$)ud~r@pi|OJ*QptSgiHI?vLT@~j7JfQ*+%O!~?#nH-k$ZM=W1|ylkzK@b zjmw2U%ti;OO?l~f9O;%^$0X790N(lgFZOLO^&xuJ834^lmV>NmY5C7#BA4}4dn|{( z{+Rd2jGhJsXPE#&zmMHM_UP_+g;whvNS)zvUh)8|xGhen^)rT@5@i0A&=nJN$qnY{ zdt>AX^)39{>{X4G&T#v=GC($&(CcK=t7W0dzO8yE@52b$v^Ze3*lL~Mk4?}FHY!k( zPIpva#iF9s<{luW8+#i)tDIY7Ht?z=;R3AhbRl%|-R)Pvxo-Q%Rn!UzB=~kB5@NCE zq4(JFPWUu9n{AJ`>Ry;kFQqDO8cWXkg3Z`P*tiU~P4xEAGmY_N{;g-**4w4X6Jv*Q zS=tjW6X()>Eza1oSmP&Lxq|psISgw7YvehkMK~{CCVrfw@75-FJNObEWGD-0m1DQr zZr{lo?a|Dav4%XVX`iq(*xEti=}Mx5M>K8xjBt9>!T#vlIs;WSJ{LQCsiZC#z; zSx6|K6{XcF>BZC)ACJAr5<#)wcueNOD4+YA6i}uo7<;eGSWbfHa&5F$8^~EfA|NB! z`tm@Jle@{7#AAF>31}2>eRel@4L$i#{87_~B@3<~+-2w90ngpZ`jd?;2om1eyvmA` zN&UH)_s3>L z#_bOA-1VsHExc7^8q}Osx1W)}aLqaaEAkfJBvf4!jUb-|4O<6&vfhZW8j|3Q|2jQ>T~j)&l3)=ep!>Xl~c*(`a>sCteMYZPwc3y)>1KI=Nz-*) z>`2EaxszGS<_y|xi8vVqy@OIAj;DopzGEm0T_jPR`lHO2zGio4y!(4%H0z6BO;xFg z)4TWwjeOT};;Tz%Fpbsf%5$Nu6EAE{QY#bZ&Il%^id%icIpGt-+v5Ebi=i?h?CLd1 zfrn|Q)e{Qjv%_2GXV=R9<9s-UW#qYtJwnH952Sfk^0(Up&hdah-|1HR9>(e`JgIdZ zYR5_ccm`yIsLckny<}S6ul75{Hrbns^^*pQhVV~cz5)ajoybE6qI?8xE-!j7DBwDw z1P>cDqpDs_W{f*Cfr;8-cPAV3@}Q47-$e2+u0{BED9`kr zfkm?&$ZJtL!<c=R$N{vGxq`wC@&mH9z*0xvg!HDQhMq zHmW~sTECB^PI^14Hqd%aYZ$~s=0C2Krm0di+y=c9Y*>klw5oJf(_ZP&&vvcUKXE^4 zyUP{k!P?^k<*(ms;ah#-y$*_Dx-yH<_kXViZ;`8KRnhA6&${&VanlLGIz7kU*{@TD z+@x@!JzUPZo{nIHFZh>u;B05O1RdeG)-qjdnC)FJb<80JJpq>E65TR)DhSUlgNxed z_xHvMnFON}C+-7F@P{q>`{Qyo;R%;qSx$?G#V6%Li|Q+4-?IbIYVPzIWFQuCPl}z( z$V1f=JeNaTm52}AHhE75aB5j6k6!=y_*QoLvV|wU{tz?CN@pjZpL{5&PIVskz4cgf z=1MLodW8MQGMl2z- zeMl-g!8&r7zv;O5@vU-X+awKRS41)NBN{Y7@y5PkLnIL-nqxeV>EzPgz-S!1Um(=T zEdcHB;Irj0&F4l>SD(DRH90TcXdcEjO?n$~8-(pVshr6@_Un)MWAL2~jvUXp2TKgc zYNHER&)ybbyOcy@w2>v=F8+LmGhTfll(9PRGPSwC%Id&iW}!=3G#lx?)iK^uDVuzM zrKMWqh+`Yz6=RbaA~0b(j_bma@J20sznq*lB0eJTB#bRzA>xoTCqnIg2l5mc_U-#d z`b@k@0>&12bbkCPD{uW53pM;m@dK%>->>mLNi5=<4dHXxzFNJn{Jf{h{?uqtrW=A9 z`*|Fk%%>c*hlc}P$nl6ZQNEVFa^sl&VN*;&K8rjWWm*#8s+E%;dGeNMJ@pWRG6gB7 zk@+6JU*oCGCnU0&BvGGDsf=RWr>|QNFi@!bNIZe=FLPr`=AZ}~gI<=c{ZwrCFIeB$ z{6N)v?ZR=kh7*uReDW8JfA++9qH4>0%NxW;arNWSe?9BXzc^im9{#uR^M5W(`r@a2 z-vNP*3h}IQLht#W;Sj8Lr}_t-pZGt;vi$*D9)IO~FP9jHYM#*QxD)Akd-8DCr8t`V zaDVd9Z|J#fVM-^}6F@lbQ+>56a-hAj2wjfdc~;r=*xzwqFiB)CBmik%8yiRCcX7sU z=S4i_*i67hvtzn23)!exu=jPjW1jKk+Hk$~NksLIHaz!slMZpvb#I4%R@~6=_WJso z*29$gJaz5%n80&`&C>sA?#=K9g8Y_7PP?+FOw;&x{*3r8@om8nS4w*rLEFL%DD!l= z^)2F{kY^*2oF9k$VcUr04ho>R$k)Vo9)E+0Fb##eMOS%nJRQP^d?gz=*&EOtvzmayWhy7i|J;c zUBu>HN)$z$EpyV@*}>#ahZbeV)#(i<^iM--PVs@j$&_+I(SdWtxj_M@#GP-8BaNQh zl2{7bW=66{ewFrC+l7zyr=tuf#vlH((5#p!&<~gK-a^PdXU@4tBx<5$KVrPTHgdZ^ zeDrZcE6INyq@efG9}*-Wk`WA=y`(shk6VwRBkP0Quj3%*wS^c6h=6qHRXcKdk_bZ?|b9riUl~L>%&Pv zXQ=YFAG-2Gw}Cin?NSrX1FZa`aRtPZ%LF%PLoYLubk3KMJ7veEd6|u591K0>dD4+H z7lT-{=}$Z~o|x0+PMTPcPBn# z0c2pyhuTAarlUU{?sw;l3OKYU0L$DILR#^Tj)+J zvQHWY!)d#onsz-0p@m7;MVvGtH0y5IPh54<)>tXC60QTj#_$QVM&9FajO8s>J0O+{ z*UOrEuA|7oR>n&KpC71Es|`=_iNt-t+QXYN@;19uglnP$_6Ht#>r7K_9U81vgsQC+{@ zW__LbAaa_hb+V5x)&bSS%ax370{$+_Ea;UlzH z?@f?L11X;3Z3mcQ>J}YD>f)TW_q6Asn&o2UTFKvq`RIf+Zhz|92V6*_U{KSms3@!o z*#i=o2Su=HMoJ=DTTP@39X)dr--9yR%UsTk^^fF`=DWmk!noe& z#E{S_k((V{J2)ehO0xB~RQKU^na?duWm&{LbUd41vskinNC4w|2hMlQqB6H)W91OC zYNX4q(=eIG@ZVh(FJf0ytW)fHR$w%oZUPE>;rOsw_!}#3qsTm&?@bsq@=7Svi zD0h&>o!^o`5f9_N0e*LN&6f+H^+m(I62K+_;5c^&8#&vyLE}F3>^8sZr7IM{*9o6D z)wsU}!G6a*7|&$*?qfp-Kwa&Rb~;Xln7e>a;tZPKiIm@$@CiKG$I@f;{7_%@n;H)_({yb4M;Nu6%Csxu zS8?DyV{i3Omzj_LssP5uOx2bd;fZz?F zVMSGa^s}qSZ#cpi)Qgy5G48+Ic}5XH;Itp@#@q~Z^xY`uSuG%N-4Q_5{PNZI9~E)I z{ID?2<%Q}1^-t>0n^&vAwv>&)V#S%79bns6h?&pK+(-5@p)zRNqaT@f35WUEE3{J!@awmq=lX0{9L zM6o+WsCLZZ3E#N9aAmIzYZ#eZi6J1Zu;E(&)!%*lAMkU#$cCq&v4oyc6H%HEANgm~ zlX?VTe1bto)y6^NcLW>bZJd*S5YLHr^u2v>ODM z;8)0F17BIr3{By3QkR7)o_5y1eWjGy&G6mMS7={hxvarkFaFkYoNMC>xCt!&3d?pc zQP;X!_U3*>)99+|d3BL?ckV&+$8+D+-IK8!dSCC5fA9%c3$dB*cemWkpdWJSsNoM& zdSgkjK5io6X?%8&R$kRr_f;gv+a5>w{yL#rm0<0nMa_!hQiMk9VcOQkCB`N!szNSoUmOyBm|p^8T@)_IVVMNIyuR*8E?T3V-Mk1$ zrxyC|5Mrd=fGvKhm_oxQ+D7f)1^|7M-N`PX})vibMb{U-LGO}Bq5jK03w#32`s z&V9Ju;dR@MmyL*1_J=1TCc=cxO;Hbf!H0_nANlHkmI+;*x5}Lzm@Za^P`pE49`&NU zz0!Wn*HvBj-hRHd@CCc-HSMmOncRE1bZvuCzoWh_ z`suaJE8*xso<`>!tjK+m&jXGS0iGqeZ(M}#Y)+>vA4KD ztYLYBcDzPwFZ5+LR+)v;Xy$|VvvGmmXNw~!iQh!Xl+YM!X>sQtTmT2irh^C;e*|C% z*ya9l#Lqm7z+`S-lAtAA>BO2UF0bxf0G^@~;>eB+4o*0W7%k{V(H*_A+g`kH5WLY6*MTrxD|!1+FtE!{N{2bV@yy)mMG zbpsbboIa}Kr?rOvJF!8e|EwR;-N?7%oxs2*Zo<%((ghnTz|~Hzv8k`Ge<4+`BRYl*p zxS-l+de~EqT?l(PXW-jj!2==$KYPH4QVo=|(+U`-42d6-KmkB(xPHZJob`;(`$z&< zTDw7qzYfrm)Uy%j!uIfD+so(_P)gpmGx}$X@>C!YUCDoS2ngGgGHKhT!i|&M+-}2{ zx+p)G5HxVQv1mD^O646TYOrc=CkqS)bws59=v;N7F^yYm*~|TS{q7OlcZZj}d#_bd zn`>O}Me}-J_W09*ei6{tzV7wY?cI*o;O2hycc|To8;=o=LJ04(<*yWEz+C^?;`5OU ze83ddIa#^7M=7bddZB{!!dtn_=;5xJfEQ=NE_|n9JkF=9u3(Ao#DIzjgJ6Poa2xbm z)p_!o7er!PlpD7<#dZ?1HSsNDdo*+#~-^X;7!Vqv7#%Omi;0%X0iZ(}3to<6L7cL1Z2@k8!MXXWpPayf2_AaaO z&kCla+IQXFFP$t2M^JO!Jh++eSlW)K0d%SUoY5iT5bKbaaavkF8UgH9{%!Gts_VT~ z^B4f;vU|;X_)e9_84Jj(X>56E2b*LyPoI$3!Xjt$spv_#!`VJH-!6o%^35eu%sZU4 z>@Z3=mBi7-y>=27dyy_ky=3^X;&YPM)ny#U10|`vxW)7Mu3OrO&KTr|JI-Tylov>_ zwmW@Z9?x|rdArTSX6g;rOqt8}6lPsmPFA@pJ7f!g1MqQJae~|pB5@5Wsv{Mzbmnox znT!HTgw5z3H6^Qvse}X$s`4 z9KjGTtj*3Su7Iy0W09~;-1RZ(7Ziz6za;#Xjr=#3lNi)bcMIb75n&>?CccMe6XXdlIh5KnIZ=utk@)%_MH&10@bdpfbN;g+$xZ!@nYY4+nezNI zs8KqGioXv!rENL2|08CY0UIc>c#ZevKf4QPY!&Z4ZR#$RQ8#Ri77J%~eT!DuCoO{lk+l{e&_%dlVtt zIcUDS%+w8?f$?&|k#z1PU`VLTIJ)X( zh(SsY`UyMjWb<(yiU$)zC@3F_!-A0x*gkmpo5Hk0?mAeG@wj=Yq7OaG7a{Q`7_Gmt zip9u>O0iIyjh8rKY-}DIG*UVt?Xv$@um5ZZO^=Cw<9mA}qoj)(fcP}(yUm|`n5_Tt z9!>I((%oAcyHtGcvf+bGVCKH53@!Y#iN$bDdF?!)w)8}^+?M`6#)_SuorWHEzC5r> z-{P%U(CE0oLQ5$*3$3m5BTrv1@*9Oi^Wv>eA@9`ASBXGla{dt#>iEMqFNJ;i{C_yC zXGEQr2LQpt@>=83ygdEU(&QNFAMnhFiYXjw1mu4DwDGfliDhw71=`?qr>g|&F&oa7 zm@iSXIJ{n-4E@R39xsR_RH}@sDptYs32|PR%@?(`wWlac zMYR|eu~^OVIi4I4{Y7i zn?3_@Lt{2|)k}cCFrd=IQ=FI=sl8nX_MMpC@^IcXy|^H7i)_rH#qi2rm2JGYZZ;J zEW&)XrQr8iO6aY|uzs^~F)H$p^BB9|WhK#gRB7@2obF3<9+pb)F1!{d8IZWO$yboV`n*LG=hO9ILvTp670RB$uf z^l?$ArLL*-WIOk@260#6AHc;PBEuFm;P$Y71kr7VPn9BWu)$8Y@;czIwCvY!dAP0!>-Skt{htISl&0j_&Xa(6+4CJ!$2O<&fF7Sa=W_ABq#umdUqg-ME} zn9p_lXLIx1A7)BP5$o_-{RQ_&7ygd1lOI8K&#HPjrKsuNa7B1Y=^mO*iI}`ZrkzV2 z(uCsgQ2MeU-OO3I9SkdI8Sz(ZmF-bWQU_(N3@1sd+R|~`6H9n#CHavAR_JS+$lKz! z=eV%cNS5v{)nEtD>rQGlrgkg2rKg(Pou!;A`j@fTmCJpg^^tO6d?qN5;hfm@B$LsF zop+|3?qfJT6^CL9{epU;V&>wqVo2@bL{8M`?Mv$7S0(aNjzje})1wI@Ha5o`(jQgd z9gbO0}c5$BD79VXdB7Q;`kE5GfYxC`Os2n0cWU+{}q2Hp@%_h0_GTHse zN^OULQlIC`z-B1wh+O=d(m zK77##<4a~ltK9GE#2j)^3G%tfIhC`CAZ}l_NT6i3sLxV%jC8Z1YpQWX!kJJzWqA5E#MQJ z{i3aTcdJ<8k@>)#xwwSXQjMtO4c*h$xTdbBPnWa(y7v&%eyN#*h;C07*}qSqBji~D zP#w1(u-={Rmsf+=?~j}UeAF-nF`nI`afM_psca6Q&o_ITYPH8ybg=2w%V7B#8Lfod zU4&%4F77G%&x%YVXb=*egCJqe@8Mn*|{FO^4W_`?e6W2a?@(ri-QwcyV>;elQ#<%lC$cbX_ zw-1<$ja>3aWZ1ne|Iev&F12I*6a6hE6~8>Y*auGx5;kAR4+*LTC6sK&V|+W&`(fSO z_D_`J<9}(B$Qk?-q@X54_1p}DXXUTE^1s3Fhy?)3+CwG!k)!JVN5FQ2B!&QOrfFRz zPz;~IY}h(O(h}aNzA4-DI^oLa6m?HDDR8CXf3!+aGLJ7mA~#xn!ime~SCZR>$3pwP z(|go-?~hXayNWF1YTKHKk^_nGd2$>^P@22Nk4bG2a@mb#J}+)_0w5}C;HR`Me$(!< zEN4gOs`I|UYM<9y*QUY5LjF%(RZfR-Ey zCUs*-TZJ}!nFgt;MN@o;E~R*&(aQexqQnL*$T3$eofAPJv~1Qt^0YNl2#lf_mVMw#;wrHdQUM$Mj+w_e1;nIZ~Q*XtwzWyc;X|+n7nO z^fdgeZ3eqDT(n>5W$>$bW_lA7F-m$?{$i_uhZ9Hj(A z0+f23Ps;U+c*Y2+?np{JGJLGuXJ<(HSXmTzOWIf((~yD%YAI)$^am5)g?7i39wSgJ)4yNgvhmOXgMAW?xRV?nd7z5qNG)T(f}wzKO}6~z2; znbc@ateG)R2eEMqHrN1mW`9ziH)`KGI-ss>Bt`AD8hZ7Gh8u*$5VW-m$7YB%D7@)# zgBB(FFi`v-TLKe;cPx4#P65cp8=XH7_sA27$UsozmJmHS1!OeiUZF*P>y~t)HsF;! zM*$wR8Ufllk-{1K_<@yFT#v08!Qe<8Wxf&lS@-=uRoe=F*`~3y_Lejo(o#=(ETW!@ z%XgpLlk$FpeJ@<>8Mz@RgWYg7ue@O_8ww4x3b)ym*wCtQ4W38Dnm1Jeekz9Q5$&xV z{bfo1X?7aKKz^|gJt|_eW*1gYx@eX(T)JkI?(>ksa_0$)(w|Xv^5s%!+!=1O+ZS3R z^_mXw6P3p7@hYSG!eMxlbMm>Vdu8bPrV6+ zUCwu5n$BLRbP%na4tG)=YX(L+;^Am6`wCSW>N-Ii0hg46OIdPHjqN<8CJil-N-U`bxW#xce&9LCOG;d4nhI3nKI~uEG3COVevwxJIjEEHA%Xmlid<1GQ6_2L{(o!4#{M;8g+tAmb)(9D zeA?8ak8+pn9B(TVn1A)TOxw=MmVMtPg==HA3S??;S>YpW74K6@51_^9K4 z|7FjFbe@PjzBIAa#RV9i85$bea?Dtprc5m2f5WE%0Yj!#RZ$;OMDTPdK^v_lq0vE8?TeU4aT*>ygcHiko4>yvXkNkP${*_hTqN?=pTZXzd zV+TZfU55`#mBk``(>h5d9TOFRTVj`G`{pS_GNLZ{Ovu9~xynjx!Jd@CU_`#caA*aR zKhtOC_3lmP(v_&AWneFtD|8eJz9s9t#$2z{K26D)Vw z+agv4f5eh4-)Y^E6_Z`h+4+wuJjFV>_y+L2s+ z1A6DA*zciN9+et>vVsVkDL_t}+NSy-&03>0qmD4_d% z9CpfuUNo&2u9rj)Wsfa{?S|xy5A@C~LPu)f!csSPJ^ka}Kt%f&ZP4<8j&v^pUCN5> zD3?)82TbF*f+lly)T5tx<1vHdR1ls!F&zeFBp;Qa;6nKZ;q(UC)Dzt^=!>MX9eypXOu%hz{_8kvie1R^P!A*)lN~Z`g%8b8Qa5EtRSA-MAXPM@U zNxiFm-o(JPQ>OAr&#PY+qnDj4exWnbk47SvPfrLVmdG! zXb>nbuIF_XWAhcMIk@i?=$sc6k2w}7SXL~VGBk1xRz1T4#&a>6Dd{&e=~3l`Z>Y`> zvY$~Hwi$xM;+lkvf?h1X8fgWmR9LkXSlqdMsj7Q{j|MXj*B$@>dWi7Ti)baw%d=sm z>F+9>=%X$*025|Md(a586yQ$@fnzH*LEPE#sn~PilmI)fa%#rM$RV=wj&-3Q(m$)K z(Y!9xnm+Mi2@xstWi&pkZ|0G2n8`4>noTVOEg5w%<93ip;E9T%oK@xY4fw>3*pvcx zzp|}r$qYkTO3BJ~5(8=e9Zblud;uIk)RWNPg;V-*N$C)h(!xL({)?1 zI`pB_arN8xhldyDt2>M8pYzdK4@E^SIEvdSkH1Lqee9UX z<+z-xc0QNPw3g()rOPjbp;#sKOn1cnrlcoAcLLXJyAD?=L=5#D;?#kY%F9sFw~qk}oU z6v>Db-SpS9kgU2+l!%WPQJL1O!xRs-ly0er;h{6DWG`5Dm6{Q{p?$Zbr@y9eS7Tc; z@rTBV^9O{8iTg0?d1<*V)-xBT^M#fULXemTy!vyboSl-9UB%6*3r&|#)mtvE-;r+_ zOpcPc9_Zt~*`Jm>@Zgr`m@JmYkGX+qTId;6gR1sfNZ|F5^KRP$tE?p6j)#*_S~iQ164v8{T*8Lh%+sKB5exV7I)$bgH@Qm-nHQ{R1+5Hv4XW0=`uU**l|QpcpZJwtw74Dl_5%}|5ew3KV{ zDB#q*^$iVcd0}K6>{z;)U9f&)c87&eiR++Wc-H{lw-QD-^qEBp8sIN}ET&?y#F4iE zRQ?pc*t!IYOTx##Qs&P6o7?pLzah$mp)%h0=6Do1P?J^t6Vxky{ePo}zd-W8^RfO* z()phYA23l|cB@_&@|r{VRC(-&v$Vv@NjC~}I6VG%L*U9|f1~^V4H)GOCPoxm&}>7l z(!*1QXF$dg@9@Qqg|@5ROzC8>w8pEox#lEhxWFZi)t~$h%Z)Lh$FaC9OgnV-w-J)d zO}}6##>RKP9f7hr(=c-AQ{l|wbyva-q4j#@aXOk)!;g=tB{uc#QcP_W%OkvY9sZOR zmQT!;Q&}4n!dWh!o^VxiF;+gCEYyKi)?yNV*P5xY)o3YP(7ZoN*JwU+k7xgQ1UB1` zP8Rx(NjNPFZ5opNKPkn$R_&X6o*})b;}T#Z=mOhfju_Jfg3z+>wsKXl(d{DP>+6lS z^yc#j1*6-x%M` zI9*_+IDgg-Q25TuEB%#X*j~*|rR&WCZhzmA6IKTQ{ugX3fS=+``_JJ9r=Y9*>%#d9 zv?UOb$ zN^q{3%2a|_thsw~Y~SM1TK)xwtQt1CSND?bmf!JIt92M zV(nN7WU;jfmELS%K9m~K2kw*kQjIcET;H|7asH7Tu@p#g$TdanO`4uMbekd&a9ProZ8Pk*B z({ge%R_uw|0D|3aVzah%s);melt{Hv*l-~-yiWpTWjFQEy^u+dNB&IoJE*O&Wn!ss zdWo%-PZS)wTf%8psmolu-$}~ z(P?GF?O8r0hN*%4YIEoweCR-HuQax2_q_ej3v@QhLrhY3S{5~9&j;&C`E-nIu`=-5 z$vE#Vux+2190R@k1+*5uLL>w;&0q$@fMkA|{W)vA)EFByy(*{f3hu=T%O6ZJDB?pl#-Fu3CP+Po7mA?}#7L zOK(kpD{!a7FhapU2fS#@CV%E$86qInB|E>5N^;V&USQx|i@q#0r*xOEqcZP^S^Sny zBg5?+z!9IEZ5gY{AkHwT;4Wz#;z}G@^QS4^=#%4I&!)4?dafE|KJR34MI>L z_wnr0pTmib9Acj5?(XN~Xt@OW8*M=OEV$TLSG$9^UzqISOByXZNV!e_JE+*> zYHJf{H|7-^SB2HS7v%JJ?n)UVywf6b^! zR?h18(|NHOETuC%Kfj}Za0+~sDekjh;A zFyLUg>Y&0bRVH6xq$BJXrx138<{@Qt?;A!Zk4bWpOPaI{#1JO0fT-zJkNLy^-dB2t^I20GY zQCRTo5ajM_%s49!d;Y!CM2|D=*5sOr!Z+N>fTg;sar|O*vD9|&471SuE_;ni>Kh%3@9$fYc z!!90xtz}jPl(_^Gy2pmh*h!_tZM7@uFy(}M2fx9uEiq*KKqkxWkhW>A~Rh}hHcT|9SnEOfu%k`uo_<&R3iB z+4y!+6ePgeLg z$_?vswy;sN%RSLuXa5Ng!-sodwdK>*JZbetH}jB9InN3_8d0f{ZzFsNiK|)DR4nPa)lp_omRpw6_t!tnKWB zik_6&-RaSru*ym9e0NCMvR5k@l#$y1OxJ1;!%uDGi>3@f=hoab{W{pZN(H{7n%2u~ z;^o8{p{y3=iEcB19O$ZrN2Gt4d5;=icUe&vy*4ZIV4^sOqrn)s!KRs{W+PGDDL2jl z3K>Tyhe9p_!Nez6SgunSuKYEuhfkpQAGoBdCWH$GCdsVFE{cw{c%G`z93zDP#e%Fn*5>oxYc)ZZHV&X441!(KtTtpF9S<;&udmWsx7UL(ne`&lzv zdreY1#9|4hJVf*H+6M|s?HjnN7?*&Z4(r%3?XbI$pv0wAHvNzouUb_c_jbKDU^g$U zegbuVMRB07hoCzZK$)gNsoal#aG*w;57G6CdqIeOX;tDPeT!tJhvTD?dfHZkBg7<( zJQhbnkE!Ljls3{ zE~?f4E%H1 zFsG$qy7~DmNO}t3sg#2~FUfr6rjVP6h!>VmZatZL^|rqP19mRGrAr7KZK%*VdcW6N zW2Naw`(xYem-H1P0bU85q&Pg|0hfTz~bQ_@_r0W zV{@oQdu3h}i8=^zZQxlprQJnDYJo1p<6K`c0M9aglSa?yKQ-b>QSaz0U2EZoHhlU0 z^@8T{%CvI<`a$Z>&*q=Xq?MCUHO!+*ap`G<(x)C9QFV7RIKNh$SUpw^YdzLh#QV=e z82T|SE^+^>y0eaos^QwcC@7^!OT*CJAgR(F(kj`w}ye!g$5cYS|+|FH&GbLJe_XYYOeuIrfj(nLbrn6&v{jrFck{i(|!H~)(+ zLqeBqZT)^LnhiO9Iaq<^lDX1)563Kdt7kRZT4RvX=9W&6^NyzAb6kwXXV(1G+NvK4 zpq?ZT9)QW;jzs9Q5rXt0BIh9@-JRMxR0;M$8^^88Q%0Uftmb40k9=ki(}OY6MAK9liM@)2Ie+sHeNPN~)E)o42N_EiLwr13p92@*vU?Er;q z8v9>k)NAX88?_!6oM<1T1+F&h(P!J6FYBh}g-S~D_XnJ;t;M7l?BzgHGn>5%4p%-g zYApTT!Uf^jh#yvrqQnyv2fUmjQq77aRaKZ)R!1A#+|c6dvqBrSwHh0}j&RRD+AE@? z0$|Oywj0Lz4%H`rVUwYJ>^(8`@{HBN$9KOe!O=&cD`qj&nPST%Rc^s&RiaGxL(cS(UHfANSv0EPVjL5!)(u zHnu+C7F7G0UUv%)x%i|#c6gDkq(`w6+$2x7sbLZ-XLK>=y!(1q)o}euqGftjBhWP$ zebs*W$3SGLp4V3#?+VWzNsCCCjlEK7_(U~gqot`VO@zKn7~`GAho6SOm`bzqRN@}?VR51Z#uGy zv&k|B=Wg3Jq^>$lTPwSh#S_0p(HYcvwaswZYoy%>y(twud(Er?DTpk|B`mRJ&Ha$C zgl6llLVSkff|x_170%P_Xme|ph)nTYfShQ^Mh<3-{zZYmu1z=tI<% zN{%p8a{nJV5_N61!QTu+$ZvlQLr<}{bs4y4Js)aPzThe=Mt)ycj?n^0ICR_iFZU)N z+lJM3b%yvd@io4Hm5PcC#a!UZ%4{0> zvsXO9r^af){p2i?ps|@U5y9bYXacKa)@*sDe=$_*VdT6Myz?J)n~@vBY~3NQ!3l;e zF8thr%|_EW!+QrY&)L|zXs3q^aMldEOo8BWhV2g%$!z3k{ra3oj_+1B#oc{P-|7Xop7aKLI_5Gt znu4aLgX|P(1?SUjSjJM4OX$+vJJOGErsV^8cYOobX`M6WI}Ze+8XPDjtWHI6l#{M8 zn?32uyh%yk5S>82Ml0OdpF{@>UB2xuPfq8k<;jA^?%SbHy@hMHANk=zxavkawQIiP5Mg>G7cJl>#QEAS9Q zZB^i+zflS0sMX^cqdV?Nwa^<-TR+fKF&`>~aebl_Jc2Fr?b&ph7<3>FSMrqxe)U8# z+}hchBxnPMuF#Q*wZ7Cc!W>!AFx8qX)RKkPgxj)6&X$%PFn_J#p^PR~LP1O*n7huV<+gO8ans={oFF#*sB>l7?3hATS6jZn{nXT&Gb8s30jbwQhKJ2~9QZa1Zno$Dt zx`t9|ah>mWWHX988a7!*$%(x-uixlEqSG{?NjWT-xE~|~uwc$T))nKBY9+U$T2}Ha zA6Sej(~M@YXt?AHZ`dy1kXhdltEOriG`NJtENUn@r-y0?!S<(?^Qt92sfEo_Wbxb+ zt=d|SF-1Gp#8|^;zP5TaqG=SQfZ5}WTM>P97{p7*r3n7KV`J$nosWVb83GC8gJ?2t z(TF=XPoE<+SI3uGM8M|dSi;Yk=iLJkl=8@2eJhe-&7VV8ZT0Nr4TX^emKS*$)nry_l(_bqR&BLDG-p1}<%1C_gC-j{HQMZnz>Hp81IG9d6u-cWzqokY&ZS*mgk<84~0>P~w?c7M4(T0yCh zF2oQgl~lSV_1U0z!Gbit(nw(RGwu#W)$R4KTeTD1i(HqS*0c8N7Yx}8)fT&mC(+(Y zER)0h%@<-Q+j^cb7T#qzNryRI8r%duoUmil70=D*ntE7b^cl}~cK5hEjiGYl8*qyP z5BlsL$5{$E>_VrG%T~!s|7JX%cMe9mF3W)85I>ghy9>VGrg~&5|*4| z6K5uxV&vWB$WRoS(6}8({BTcQ;uaxNtM+l(8uigr=<#vz zusTW4MDyF=c4(Yxl9_O>pl9xrTopw`GU&nfC1$D;m(=R{zf3K1m~4Qb(Mt}uS?ISxJ>jOF zh_VK;VF>Hg@;TfQYJF$--p?I8vhq5ekp42EUBj=Qq(uZXHgT%T;Yuh_APoh~wXH*8 zI5(5`qq!2q3$&B^fAh@jSoKtry^-+GS2hMF1W7nBBZP>%H{U5%H4GGXW(Gfg(Y-6h zFFX%Fxvvf%l{G91+SnRGNX#5Rf2Ah4_Rjrqc2%Gq1I%KGpb>~{^r>n)#5}vY@A=9@ zM(2+-TLQEMtjwH%nk3p0u6>}p=k#d+tDBMTIM7!^iEjb?Eds+x%y9AOG6k3Z&i`)5 zaBL>_3Gm0utPm-!;kFz_-}%6BAO2zCx+Bb}*zTx!aH#Fw&krynLx1_X{@IHE*I4r( z%wGQp-v4J^=pQ{~ceBbq{5>Q8+%k~Hkc#W%@&_``Vtl&a-4F2FAkG-!$q%Xxn;bg_ zH5K3m3K30z`|&fFX~ED{wTA+A`P^K^j}`U)4Sg7dJ~~_d>bMLqH?6j6oo8*&M@UZi zI^#t+pNkzQzVe`F>LK1DYMSSofj6d}M{1bjfw7(M4C#l!*50IKZ?>1Cvk&??W$$z? zBAM0}|IWEW-?L{|ZaucK&6-)Zml45?n(HKm{%5Qs(Z+*s7{ge6YLhYPM^-G+F3O5#ObEl={ss!3GGGh}2l!Cor6%qUy z+Eu#ups@qNGCj(zN`dasfn4W_ago;Sj6Q~v+D)(K9a!yI3?{?kuJl~I_FU%0J?j*r zTfU_O4sn9UaLuDVYRAhm=OtNv7{{Vr>BLOIsx6LIw$EcW4#+A#!&vgW05t-$^}NkD zAEJld0GM=mso4(hjTu3EdrtIYJv0ls;YaeSxs{CQhW4;OG=J$WN=B+>D^9U5SkL~c zysjepO7+{EYur)JQ@=yInSv#u_&8DQo32>lN1NG{2p$(qSIqR_UdHmR;k8v;CS|W` zFa_bG%Cn{-?bgo{)T(X?MS}z6+;l$)m??lU8x0U(97~O=4x7hj?^~mV(EEMSvw~lc zU-e7|>_-*4nG(udwfn!XR_En@i!gaUYreRGafS@CxV-xKO8I%hAyJlM#}3QdcFyzi znJ^89b!?1)=NKNYGMRQB*T%K3>EwFap;_NxF5?sSigrBKAP!a+RXfCgU%Le~;eu0KLo9vf-Z&o=c=YG~HsjIY9TH+w5?Jc+h- zoi-`@68kVJEvsxLKcH|eZ$0(69$hjug@`y2JxRg5r{zB`fr7o@$F&G)`8k`68@x=< zaGrXjcCrW%CSeka$?bW4)F<{LjGyjEQ#wL4cPKNGkskryPLzk`@{qh~L`Y-Tg(r(E zp$_4>VF9w8ZBV0i2)ofq=Tz*)$Ckk_3-bj1b zPD`s=kjUXLHgWZRi#=QR?{|jPHW0x$JDhguKxOO8%#8stGNSE-%Ko0V8ExgW!g^<6 z4N^e;Ust!t@3!^ENy-BNsN4yy@%%&$DxEDOX2wLnd6%1!=?|o z6EE7e20cIjZsPqLrTyOlywD!rvO=9^yydyuNfvJsE#vKCsUUo++SxZ6o}JBP{^l|9 z!GLEc)N)meKe=!@?Wgmdj|W6ABy@e&$Ijduc2)T3TKyZxPDksbKPz$t1*`LT3zmn( zN9v#+=|GlCp4`Xo%tcQMeqZ)v)sgI3TR)p8pqh`HCDXXyESMwr-25MRI`e4o21kB@ z`vc4e_aZD;(&&g;o_ve;{>I1~8@sR&;QbxQ_eoYOz-bGu!Y)A43vdJrQkjj�(T< z7ovV8u+VA9ZsI1PZKAWW+9Q`3tTrEzqHk`UQ;SduvR~E=u;mu4k$K82^%||5 zo=UKcFsj66oMADL;X}8Kd86S2$JEt{r|cnu=gi^;St5jj3uE%ePdSq)O**V5KxD|+ z{%G&kZcIJ1Pk4N{jo7%*u;)3ZP;-%exZXbTcV1GsFz8QWC3xdw2Hik2;I1cm@rJLOiz_D2uq)j#k%ClA&Vs3)M~L<_6R0() z(W>kfD^n%Fl;h8ufU6-rdrRqzPH2+PU~eL9TT&fZT#f~L7`heVLHL)k)*1{%rEW=> zFxv$|X7wf4bgrr`seDFLwTY*E5~FN*4<0-)Cb$L+6|R+N)x1BA5QfrImxNMHd$H+( zoxPtMqMrRw{A%`w$@#FE)>Usw`lz7v)bYn~?`LtTdr&fQ>(aq)&zRW2kly~cQ8vS5 zhEBN4=i1+WXg;7eZ;+XvjgD_CFF#iBLbZzVT`$O4L1R|VOhvZ)QcKUZxe^?Do~4|b z5=km058c*oy~i-{F?`3NB{L|dit-)F!Lh0~7wYgTo5Q)f851^UP8|tgBYDdDrBZzn zwT!Am1)S@2ec_(P&8wE^O}b_Y(n2e3v2bjlzJ07hIkE^in{~R-e!wz_xV1W$+KxaqrL+yRT zArz}ESY8woh!YP=U`Z~{ND=>TiMv$2&(S>kVros*q;a3sFNlKtRg!2UD%8+jFkFim zN#E;<=+;{1vq{HBvAT5}{kc*)GNbw)Z5BP2_NOSC1c{sa>ia%psAuZF2ED;4g9TaD z94Om3I&b-y+=|0Ct_#cgaZ}P3U!Ilpk5`N-iuGt@I@ix=ZFjpkPMIqYJOfNY4MBPp zb+-II#z8M5%*&DO}}o1yu>e@Y6tq!&1u=YA8I7+ z(J70|CRSy*X>)cVcU44kg36FJl!VmZTHLR??4cKZcjsg8Q9=^DSjJ#i>h(zE$b5G2 z9MbWm;h>wq#bV_-;rh~R0-sscgs8!XHB%}ru=+LH5m!3Q_$Ubdq8Qx8u@M)?Enusf z-fUNw>2jYxAs~_ukAXEI!E5!FXs%-8B5U2p zi2WU@>+3c{ys)?+rILwU@Q`zJN&z>@;&RVJ2-RrlAs1+>6s%xVZSC38LZk{|hq-Xa zX2wQNzhiw?#7Jns^Uh&iwhQ7`k+T{eq3YcZKJa}skg;D{l2j^8sN>i!6lv8F^^QM3 z`!t9i9ZY*$T+_vub;h_{p(M~<{Z)ERKewRupmCp`|5po>5f#c*D*A}*OT3rYyO{Wh zp72&shf0y5jq3NSdNFqx^E$NL`_UfGhxx=ztdcO=WiM(~-0(Us*+MRd119rJEh0o~ zU7wsj(U!1wIxeWHQwZ_&+xwFA()60f}NG3lJ1@m;N z@wkrQ;ZN8Suo`s@>wUW!_`Y#3vC`;Gw#mY;yOv zA}sr?cI`b9>t$8wfd&`(c-%jjaPLMKr{YG$;2_q*8BN%oKL(A;?Bnv??eL%2w*K{U z;8(fo0SvB>_}?dv{m}?SHvT>+(NoO-^5*=VwnTCu)AhC1I$i*1DdJ=xYz8*b`Vw%) zV;bYIfol=ZyS5`5n9}y|-uM3yoFOMB(Ozf42$`)-O%7d@D%EX9k7}bUx0d`enTI;I zpJXusI7{WVctNG82Ia-vEE2QaoLlF`=cRIQOmm|Tt9B$;nSd@*TW~eIPiZr(nT}67 zn)DTbZ`3<3MFY-QQen^WkATyeD@8VjHZ!EQ(}9+K`PALb*M!uP>|ka zbB^3gElYK@mwh;;3$UCatc3Vio_Fq-6I`iZp4dECjXQ`WUNaj`X;f1vvtWX= zYI?E1@O?6=J?Q$NgCdRJu}>UJBzF~b4t#JregJ(@$HPa0ca>_%AIdo^PLBiZLY(<< zOq7zVS4{yy7Am}}>}b}))gp;9JIwe{yQ=<-T{A#2r`olwwxB25zE%W@cL%*Hu*_B; z0avU!mdI%%bT@!WKx}O$L@QA=m{^AaCJkh_8j=7si&r=b5RWMvQz5Umi({n$q0M=0J+ob zIPP*A-@k37jp2H$cUF*eD>3al6%I(YG*k3<1Dywu5_0Fz zr+ezr?y~ zd@<`G5xa(ihI;`xGBWJy?MMnY(B}hj5|MvcKateB7ghrsvl5T>9Guf`6xQmc_lL$p zHG-Uq`V~br)f3-T&N{34u&z$5EMRIyY_$Uxm3-)OnXrcUt-oi%yT;R*p!^}G8lfhM zgU92DgZzxVy6T@VHE6o@xwhDZzI)+-P6}OW-3*Fj1 z^LoW{1xWoV&+g_^Q~xGIq&O_kP zfteBuaE_YIWB*UDBk&4PQ2svh(JauqbLjGHi<^@jNMNk0?v+rFzPe=A*ssbmU-zB% zVR~G_Oi)}Vy9|xx%mw85_`ZGe{!n2pS((WTH@nQL?;K+t`z^KILC-S56M*hLDO^#U z5litF=Oqw|SjH<~RhvK4BYetdGBc@Rwae?I$ZP{)lk{}&;E7o5)6i}%#x|BjE#vj} z$RcSyJI!`V4DgCa0~V_!c?<3@N;#dbHi_PEAqFZ733qm)xqxL;qc>9donP@jZj>z2 zY_NOQd{cBJBe1Q-*Da9pBDL1}5K`TSsyObq2PA7oSKr?%X7<=}6xgmTnU|wpL;kCl z%m1fZ{=}MA-IC+g~ws9Omr4abfk4f>&-VH zwB}E{@lCCX!n}ZD#twO zYP{fRj#@rTuHxBqI#6t^+Xj%&&3sG*@z^cD7mu-hEw10OTzl}0m7b`4-a;VYUhL~q zF|{*7By1}RmHQNAgaN`n5C;^-Fx<45<}lf{uXXx8UM=ab*ay(`pOSV~ozGL+VaO|4 zu74d6gI*BHSJs0F_biUbb=6Gi$jBqUR)w(2znFjUO;ImgLr}H6ZWvpAo~?UTw(^)5 zqeZoqP+nE1Zc>(T?IXXa?lHFuCy+DHBegLQOWnAc;Zs`}a1>$GbGki6HgUHd9^`#h z%POs0W!`zG_}ZL>$gwZwMV}-%IIn&)^RU~7;t?}Q`|MY52di^!-J3iM>W8t5u3Z4&j+3B?t zf8DD0F;3vBHTF`ja%(R|s)%?DJf^|; z_v;91L~Q+Oa`o^y2Q!+YxA07|TPYv=jVo_RK6weK#9z|wJ)>UUCX10HIMJ~sp)r9? zI(i;gmK~z08+K36O-}oL#_I-Ok^*v#MX?g`WjF7bV}jxgy>+ksCPs0hX1Of_F_EX5 zTc_42&4Ex8k*~8gp>G+>Tp?!vfB{`gpv#D3g4KB4sc-emX6-3~Uzb zuGa;_3Q7+Vd#*<>3(-bclrw2F$AD`bj|{${40+8J+nhIt-Lu$d|8fF{CaqDDx%p8| zY+~%YQoB!6CCBf@Wd;>`Ar=M5+LA#@94wb9sKE*&+nJ^ z;v_!H(9F83egzH?<#K^9KYym%!kL^NjHwd>+{eB6v#ex}b#;C*xMj`7$VKS}qq*57 zYKlR**{ivC$Y;t?3tehzYV9}%Xn!hSajHM?W17nG&f7GvsXW32s(wMz*dem=FhV@7 z?6LwQBP{b2ue16$>6>|F3pGPF{Hk6$6@A3R8fk{Vah-lLB0IlWdlTxd!&h6VWgdXV z;gLVOPg~)Tv$~S#eIhtb(;ZHHtYRq$$;ik#PV>$qSEeV6&?uDyB97(yyV3--6y5E{ z#9vhj;zsGY3p#&1QjmV-DJdmEklp-cr{G&cnVd@Z*3%g_Y}&?)A^Ql0kCD*cg1hU- zn=(|wV@j@C5S;MHa<}!lxkSAr+Igy6N`h?WI`*MAg~>Ya5q1n(rcLDa2m@$pav1t) zvgzm1LJQB29XqJ`v##`B29=ACCNF8rJ-Uc_95ASHeNH0n$p2iht`F5^*;N6yLRl6yL>R^_7it@Buz=-VY zFzQP1!01pVgzAsR<>e;6^Gr`4lceI)*HH~Cp4VJJ_jm`-PW%DSzS7$VlC!xuzX2hi z{L)CDwLkSLg7`8B+d2VvCd}<1`3&@w%*w|4U3HV{C&OX^xp`0pk$jJdfe6%-JRvy6 zaG*N_!tQk8o8EVA9eM$A+%PB8KW*8J$`ey~`t6?#n=J;@Fc2Aoh##zf}R zfL>P_6jqnk#vwM{!{w;etYHo|ogpwcmI7vS;s2h=F{BwIsuwd;?IdPnI>dC~!@oT) zR_b`{OC1{56ixy#7b*v)4~d%fOPwOJ{~922*!-mGa<%rx7itXEv@@ z!+vxd?xmX0?;VlwNLwQ-z`SBZ_nRyBlMky=6N}ZtUuw>7iNOIVF2Hv!@O-s`WVn?h< z4tXzBeyR5CerijwFU3X1^e?U7tJwkDN2)7AoH0?J8pY>SySNxa4I(B#Uz+JMr#9Rh zWOTMu6mGU{Hg2H{QFnD?1NfqW5FsDS znkel9xe1ox1)Ma#v#A5~k4aPSUl){Qh2Z*Fu=aCC(y=R$LPeJJB80Qhzs z)w;AbR^o+e>Z!9`09R00_XcZdR z@yivbMeV$grPYZ8?p&LI>t-7(-AV?$?Q(QHU5PFYGTxTiq;*^3zt|+OM&M*QzzVwg zC_dblHRij)ok6+YSUYdqtGDlV(s(A{=H9&E?g+CKK4Z>R#$J~v*=u!QSl+9TxyrfT zThWS^H0$sPxdl1vfj+l?4LgLfn;S%+t{=w)W6~lBr7$cbY!5opS6j~-3S0CUk3$H(^7>{DE zHU-k*M_}{(i+@<@CWR1pQ&hU9zJ4UoDsQh=NwsoU6ZYGy4*rdV-Af5G{L+ zr5EvpRdMUK7Idjvp>4I#&{Ez4nr@wCDCmXgfYwHFJ?2*3bscWj;lnwdpKI~TD}a+$ zOjA=+%-{_Cs~aZ3^WvhqYintaFzJuM3%{p)puPVigR>a{d#i<$6%kzeMz4%(G$kxfd{pAZH@$99zqf z>_+3XEtV@`CYy!=w(WvEA8)X}zfBAGfVao;mx;@eLe(N}h%ucg(X(VC*o zMr#>3#fHQ&aX-W_`dUpjn>&yR;DM`u_OKW8E?5sAnnc}2`VPtkN{Hf1N`9{AD5=8# zl0L^U$g3)DdqF7&VHM{SoLK*op&JCU!)Um=i%T*H3qjfdj=8 z7t6>HU=VzQX`Bg;?g8RK+@7i$)mmY1jHJ9@Xz{R}NXi5*s}lMD0OF)aB!X1`ZVQo! z58F++R}yxJ!_w3BsJezrVLk%YgH^?t1zwDUIok|^mzV41vl@PK-+l-#^u;%}m-b<8 z=KgXN=nKqDUsJZ;sf?_x@*6%^1C#eHM8Hh?1eoe$BhxF1t9L%)(Q6>TUat0Kj30X z#3CHK5li^``|hESUekEMjp0?6pD|!nSTB|hD`L=66h57%q$RR$lGM(oz8pAh#&BlV z$Lb7&R3RSUFNzez5rO^}~s~`8Q1+6ZJZj2M@5>d}up#<{&e0 zSSgF4bP@I7OXrVW=B9`8@8917oF7I`Jm1MRg`V~T0lJ8ljA3FPm~_1Wu8BB)H7pY6tmfU zXgB5H7r!O$pVheB4IMt)zldZpGmSv-9oYBOpR3bgscGWv?bC_rxQFfi*zX;GLma18 zs%`7h;`S8d2wft)(i2Y#XCu-qm&taCtXPxB@kp^7 z1I))5HD`3qGN$Ulo>`+>f1OYF6y&kK+0E3|IAcmBG%q=B$6trOkW#%W@<1Lki2OMh z!F#B>AEfortAViw*f?u&E-V$7gLqXr?YGVsKwFaFN(H-JzTrNh?NI(N9yys|4F$^b z=3||(LeAO3V~Dv&_7KaiPzG*hu>YJDKWViTumDapOKRKH`MvjA*ZoK~aw zqjkRliwOncT3`|JYrO;xh1@-j(HZ^E*kNGzYaE6FJa|!N1-xEf@cR=Xg8m=X(?7ik z|Ms~Pz@mWlVy`nHZTAqg8HJ*~J{R zXa55^a|hp+H+8>KVh+r?UkP{Sd!EiIfPpNz2keH1eu)jP?QAxzyBuEhfqo!J7q6;$ zv2*v>NnppOb6k++er9*GZHzwzM0|;_Qhr6tUI*teB(~qB9Maj_2|V_?UUcuB9>2Iz ztxYivy~~)JoEo1X<;(yyRsq%Lk&yC>FGp6%;RS2$MU|FEoci38G{7IzKrZdk{uPR4 z&hd=t78JW8Z%Y?kzRnIQ(av}L^ed*W%B-7J0oc0Du8Z0a>dsaI9800?N9T;^7C6CM zw!Jv*8%-CgRZ@9H$93j*+!f!J$lLEFCS|-A5oCkzX$8802VIby>&f3Dm)RpYSs?ITTyhzG&wTYtcq5#YwaHwmhbfKHYv+pXzo5DW9tHd?&h`4O=uu z)`CTqcQ5bhy`{3TZwLVJC50+F&74g#ebX!LeArne_kOH)d{j6ur!asBiP3#Tt{7y- zI2WksMU-Fce1iTPzGdbE`yJroyioI@A|seb1tSo{i5WrQ>~l+4X|#KnYN6 zS)2Q7;YJ74jePay3w*gOr^(4q+I~;I9kG2k_Tn4u)3jDgfCBG1AQAt@qYdY9#?m-v z(bI#Vy!A9atj>}UJ5q!kW5N6(!PtqR$Groj8uIXH%bGM0HHwk4KzQ|rDMK4mmp8#M>B|0vf|!|j&T2-3jFzT{ z5){c-vE@uL8_R1EtaTvjyVq1Sk?~+A!*U3_zfY)!lye>?0@Noosw3NDITqsTXp?h4 zY1JRBI?90I1|24OFo((yNN4lKy;5jC;Vr6V-`o$}9Ph3B+rl@mk`5$cAfdi5e?czA zd|>&7=JR`oGMtcB0!!R(_Kh~SWA3fRMU^S<7%>(V1enUVl90a{H?>DM>eFsls^R^nH)Vdrd=2`|6fM7C4)z z0(02*%B^?Hc;MjQ{bNV?A1m1ZU*C)q3(w7^!KDR0vJA()9{~%XLrL1z7s9~vh40Bq LDoK=!y$Sp;Eam6e literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/images/auto-enrollment-azure-ad-device-settings.png b/windows/client-management/mdm/images/auto-enrollment-azure-ad-device-settings.png new file mode 100644 index 0000000000000000000000000000000000000000..802d8432153404293bf96bf1d25c07dafd684cec GIT binary patch literal 31357 zcmagF1yEaE*EWn5DPD@Z6e;fR6x!m&Em(1PhZZQVh2lkvI}|541efAoT!KTeAYb5q zp8Nmif8Uw!%w&?Bob0{!T6@{G)(%%ulEZvS@)8aX4)eo%nNM(Vh=Fi$@HVK(usgxa z{0Oi&c$ZIdQg9WcWP7kLNEVWcl5lXz`+r`d3wQr_(XRC2j~6j zgN&rQC*W`yT>@WYUHs&@4#WF>S~y!stc33mCT446rqB6{C8_r%b-Em#tM&Mjk0XOz zZmfDX0bi#oS|ZRySr&N>f0(0PXY*hv&JunsqPs!mtyRo#eRLVkX!1DP0sy-38&}63 zc0j|asodN<>kl_af-V(@C8ZTLd1-A@*#KG^A&=R$MA$p*GORIJZmKoth=>)RdADNV zb$;j_9k#pV*RU@Ql$C*9ZJ%3i_e&3}vU)+x;*!a12CkgA&lm5z7LVf)Rs|%<7SzBj z-{zOb#>R|q-~MS~wievwgZ1lHAbHTvBB?n}#M@z)Ly}h?_5rOut z?!07-> zJr+v0)D>&8&mL6=1Qp@y{2?@F)tKJ$`?0Anm`|Xi-nAh!O19q!oAHg_*)bQDuk&;8 zoN+da3=F$8#@69Y?0>Uo)IRmOzW&h4*heZ&TYa8tn&O|wW({Y3^$#=DlVPlj#F13F zMD^FHLX(t~6mVJ(hOO|7BHnwX_~sG;xIOaWvm&nK$%9f@Epq48l}SBnAiE|R>o#{& zQ`7Z+Y30eBY3$y2Ywascwy|5{J!PS+!s~knRp*^b$AoGf>CDB#wgH@0$2BPt$dp?1 zFY8{NhV_6`<+7+rr$Pbr2EY{~jkv(q_Nk+_F>J5ZNAx=vvkWZz-u`BYkO;{Qyb@0m ziq84#K(X8C4S!}|K1`Lv2WU_j?ArgHdSeS?e2JXnhKLu+t-T_jUbQ@n{0t9DtLoe+a|LopK>LJ z(qfltcdypU=>O*G>~H}(TjO5@kg`K0LuQPNL0adG0$at_h;8n$x&0%dj#`A1P9WgH zYwA-QrH)sqW8?zEOnV!g&7&2C51b9T8%6Kr_RX!px$X~ETG=Rx*$M+rmu-bus6kR? zK+oa`o2-HsHgszJP%z5JUueuZ);de%0hNNOZX>>3J7!GyZ&~*(i(&d972!_pvEJ`h z=hiyKw}#Db;1HjqCKUFz>s-+NQRJ-|ZdSUymnQ~Ahn{xr*c<>lmA{`X&n8`SxfbZB zL*%@tmgKV#T1G7$_a-J8Bvv=WVi;L?;gt-qKDg4(649KtO40*YY@3LnrZpvo(r&~5 zE$6)@vB`4QzxqS1Ggo-D=-r;XTpL1kMHlO5U7okJA*xk0rlXv{<7G{#Gg~$LWj3U^ z<`LRX-MGCrc6!r28)i38G0Mj`N@$h@*30Vj9x1GmX-T`%jE0u)t%nzGG&-(zeM2W? z({G$wHF?0CQ7A_nkEwQ%+`{XPuMRr8ICn!Yz0{BECUYq&F%o}di_v~FhV_+?66Uo?3X0zN zl;snkBZHs@Tcn7dPUR+c|XTa2IB5S=p z0S~vpx#Q|KU^4~qV5BFj{SL)lcg&_984p3c%hABy+=6W7V}H-e++%m@j}H>xTSu*7 z+HQSt2f}PzqZIC~x5vIu?e7iI;+$%26F8n0j}($=YStR!4L!c271J7{7K;@R2oE@z znlz$YQ z>QUjHQy=iegdGXqG`9^VsTC>}uf>~>Wfz)~MYcXPw1+{@sw)5NaMUOCxyeN7V)r>f z=c_le^^?aK3H%gJ<7<;PdR|RXsNMe9=&tKKFBn^l^zyk7t4<`d-?pV}!my4GkU&Bk z;#?s(pEo0liix@Oi~{G1IW}-rXR~*8MX0vozHf)n=)1=2H?Lu5`Gp+5$t4eApuP{9 z-k)2acE~=Sa_YM$X_u(Nuk0heW}t|vp0YXz7=kkS!_GQWv}{FJYRVoG#N=3lcD(Ld zd%iIz4y?Dqd@vu|K~df!rC7JcqP$Tgam=p^>?&Of=HsSg^(b`iQSN=_5Koc2^ED#* zpX;f>X$!$V`ijM?TJh|~tSI+S@=lz5G~^BY=WP3zD885T?)N@+fJyz$0y8~35-<(t zdcx!66lOSoC$*+~+Gfh}7*fZ; zD~j8Ty`cX7_pzWx76W#vsjrhXpS|X^_FPgV$C}2P%Eu<5J!wNuGp60gSa@Uj7gBsa$bs-{bTcwXNkG;IRjFrqLJqKNeCqwL` zZ+JDy@PrX!2jHe{c^@9yRf(vFT>bXN)T(H^nC+2w+D?MX zEY-!ME;HV{BU}_cklIgI$oi8Ljg_S4ghJprdFwI(dIDMsc@Rozx^bO=fORm-B&67# zsq=Cy7l+7fguvbJo#*sD9F} zbf$dF+I}e8FUT8Ei)GW&Q!r=~-GQ^*wHHr+H@v9W7kyl<BO9}1gq;d)AWMp4ulZK5+LvEx z3WP}*=Ve>jPw)0)M1Q6oBN7h*gSzXV1{5)y(!KvAt02H?;ZL5zR z$Cit6lq?YBGP1GtNyo46A=u5LdcQhVd)pb{M&PD12m7kNt7!_ z8r$yWD|Vjd&H0$uFb%)mEb^&RxS<;t&%woNb*ViXWUC~7`md*QEN<_;BON|}R4|+sdBiM=)C)73e5FcB*7Kr$wLFR1GMv|=LB)qT16*Cf z=ead6U+q-k)TRr7JoH}E&*RYt87T%Y`|xs&+9y%7oI>Z%CU z+=@P4zcYMoPhfm|pi8$K+50PEyz10^=fOOd7Bu&*Dn-CHqY2lEGf5Z^)9AM(#;14J z^PaU{E7ARoX8^;|jcs@CC0o63>hl7;KlmvO$RH~iizT(%U|*aAf=-Az=)v4`>4qw7 zQ2>v0!-U1|z%%aUm2ciD)e4v!-|VlfOF%M9j~RW~?egL~mhEs(+Bgw40LYSgzD*@7 zx^_fyJ*ySKow8_*mdbY3T()CNWC+#?jv^hgahKH8FWBIwheiIm1)VeHHd+wTKw%I3 zlFy8M7ZnjPA)0q*5ay5Wu%O?1%K4L#o)E&N?i+B)X}kDS)Ho{6eST9Q7Z*m-Nb_0Y zqx4zWE!x+o#9*q51NGGn^E_e^C}PM1nS0}E%07klDQV#q!U&XkcuTK=iO!Mi=8GE# z8>Zg@_Vm+_xHrVel1~{F4UKp=)%&NBWHv3x3@NKEPhVZ^P9QEeILx-Zwf3raq55d<5w;aW8Cc?22%2+5~AuzO?wPLxUlr2S_C znP|dQT)L-0XwKAN#64gBA^-k`XN1br1e4yiikickpfy0WtzGCVFP=~b0ns-d#a~Vl z+r2d71i|7JB02KUlN52ap#=&u?dQvYUlEbTJa{O9a_vG@E3ixD2?4LaMCvw3d|9z? zbdFn};j8a33chN`n@$x-unfvEt>Ya9$39SEk&2#Kybh2vOg=8GQ0vS|7DC69OevSC|cw_ScdS zxm7+N5DYqbnj-gIw!f5g&SFK?f+$OWU5Qld)#g0q)5oW~dO;)L%)-T|vpzea=qWs~ zu!Bo)3(#c4m$ug$m%7_j+>n4rotZ(1CxuqSM7g!O;W{1_)YI~rL>pwsNe!@L~F9lp~MDDq_Rgm%tF`>0g;5Z8Pi_ht8_>4h+}tNJt5HeP~k;$aoPPS;#2-U#=&?id9+6@F@cFjgY?d7 z2?uG9i}0O;v8U(jSF23YS#sM(@xE=s?0rsoPH!JYLr1FUGF@0A`1GQ z+>yGRgo;^Iv7Q5#wo<4I$qW^aBhxc=!tq2Ydo$iS7=7#)Zanm;z3`X5A)LhZ19Q*K z(GypeUMk6^BSNEBNuQK5x9=ltAM@r$8oWy1xA-}vr0FI%HlK%Hb~(2rBYmJ;Z!t7- zEM60tVc~E-Y;nnL-G1@oeyd_VrGh<@*Q;NkB`k3CcJ%XNLa!jvWzs#V2338pzswkJ z9eT4;aD+`_F`_;Zq^?^0JoP-{vJy}qIc$7@=8NkQ> zYTtY;!*bevKz3tJoP^LwF5TjwqG3UUY;wB7-fd9rYht*^@Z|4Sx#!GJh#QF@whp2M@kvOZJ=EG)U7*-oT;9I~O}z$;Y-AB2~jjp1Gnf z2NSs%9<4Uwj1BFE<^dA+a$_~e&P)Bo6G^irE+ebu>$9d)m!iky&MTESEYF4{I_hpw z(;Ci@@{~3vfWiN_Rk-}t_BL6o8;QVK7iQyo%*TWwH&2t~xdt%YU{7o|^~OmdpTr6j z>?C2ET&WkKQ;5iMG_hvM4t8ufM`yuzb5|q*JN@}FBIvNj6Z7{QDche}ydgK`j>ccD z>yX9(SxTe>Z!FbLt+o1J7@Gu-f!ia~d-!`fDKX6#IDHG(6P9GZc}P$MWjFqYL}ow? zEqJh|$}fqc8MYk%G-w&;9lT~4lr*PsJghZ!1cIQ;;p|a;o!Vp3YFj(1oscV2*(|sN zZ?>16TFW87qV!)s{vq2xt1GTdx?P!C7KB&TCd%C$qZKCtdI`7pygbcYy{`^){4MWt zaSIvoULN0@5nt<6G3s0<9~b*Hw)r;Z{Bi>C$@TFf?}(x%Ip~D*%b;3vKWJXWzi3a4 zRH1*6cm&J(LJu44hg@jBqm4k;W>>TxVXIW#ryyf=}91SOMeC>~9 z$eA~<$CkV>g_e@mZY!vt7OqO`0totBy#CH}w?Wy+Mgqe;3b?Xsw#NzQ5k_gqG6)Kv zIUKL}>1LJR{n14~;0npL*ZEHP%8%uzn=TC3otV|*kJi~)O*V-P760plq2g1`_=u$2 zqOZ(SzKO5AHdVZBIbp`}>W_<)(X0q=`Ny~<`=5XNXo}Et9f0@^LP;x`K5v;_N{AvU zZdo(uNWP>Ho4Ppwu!$O)QEwP@TUH9Sr^;U*hCbqAhox})Y(e|um%nx&bsJUk8_nE! zut1gsrmsboGF}}{x4vk`P?GRIfo^IOxbJdPQcrH&&Py3nuxRJ?_IHY~FJg_2c{5AvS-#f4L^0v0t;+isPH zMVC<2oF5MFDjMs%zQFMv#F#F1JiTZ1<##NtG1GrOk00PUTWl`jaC)1$Tu zD|>5AUE?l(9scz6jwo^giJHQui+R8Xz z5)v2{dqvn!;5LnQl&_#plnYu_16s>8Me=3ay?CgILW|ROoS)(XqfZu}^D8_jUkOs5 zx$@Wrao2Rk-VC~5>oUxl^hQjzgsqUG`Pz|4Ofwm4W^H&(l!THdADJDmwZGlwO*%%P zJ5=XjNu!AVh~pCXrVw~;GI7&M7N!zDMP%?CIZw%?q*lTYlYE?#NOb6ISKGR)=pJv- ztc5-y__(}S7=fD&GYa87Ke5NukGa@JQ^MAkp=;sg61#ZH#-7m@SJclk5g|evaHzuq z2P4YUueB}OcNg_&Rlx_H?CRajU3V#-oV}xa_9Kc2|Ay&!zRw{(ETC7uVMIOZ>lz4u zufUTufbIc4L$(}Yp;H1d9yL-N0>TEuYfEm(J#9Ej7eKlL=NWdH0z+jv^^hkDaaGmU z5~v!@XXFKZ&&h^UOf2oOM* z1+<}Ik9fVmTh$Ho?U>lc3)I@<@Wg_I#~t)1JX1PlIsGUcSaSuQwI`z6h+oQhp_5h#@uW@fD?Q~*lx;*z-zTpXSiLgkq zRS(08N11RAyH?QPO*pkmFD|+SNj$F~(p7kjT95wl15m4d&QyPqW^|#gi1T$@ZFyR~ z>P4erq9|2Y93z;^`z=LSqNH?41n=8mMHQevp3L7{^`4*0bI#hy12~L`V{gMYqBE;d zsy<$oX>_OA3CxueHZM)#9oF08@=6*QE^i=8b6)uCv=h?YUGN;AR-tO1WuSG=ZTp`t z!z5>*yfl@cjM}>Bs$7U_R~iU$2^Tu@M#T$}jrc1JBF-!WMM8TrS!+REKM4g>qgj;)R9QZj%1ZQ42oHbJXZYx32fm#-T|TgV7> zOD=~pTMi-ughXtQRCl-{~zV`#R-lF4+YpXt0h{S$#OyHjS=V7X@0D0_wjvN$PRCG0S^Gm> z9IGMfz(%MaWQP*E4-lLmnpRp}wP(3|-MGqCF@bB_F3OVGg*epWRng5Gy~0`B;5-_f zBT!`c+Epys!$5WwBg|q6*+L>g)OEY=EvYxt>g3WZeVw^PX@`+!*G27xY8rBrH}eU) zIkQ?wvwyqiYE(j&_I+!fx9BFb*e>ot;Dj0_oa@*R{mrr**nqJBz0b$#2ZF*;>C7KE z+h2+?DrH4|BZ`Ll*mcU6Pzb_D`#vhQLCvS21ux(8uTi@R=GkhT-2b@ROdU4P@m7O4 zhdW+6;AU&SE*qbHEvbg0=eAmkmD^=0kIQqMj90r0Zb33~(JoqX#kfk`5y%|cEk5{z zToO9UE3rzKsS+c}YaM4t)H>K0)6B17ZG5Q^VWv^#e>@hMPSH#p>K2>LX|u1$c35<@ zq17qCC?GcfB0Xam;VjpAwmj&1_$mif~cOyj?Y?yp*g%bpjb*db94Id z2?^8n`mwRGTHws7t1DFho2}%zW;f>148c74l9^&Ph9z%sxp(B#AS5LIu~e#vG}1;N zKfb&?Tr8}g{PU;E8)9AO-TScPrquBf%&0O%ylUQ_7qs~xS&U_t`vZIq>lzv+vu*jcw*-tc{o*j0{Iqa#a(ZiI zyV6SRvE&qb%aj}<6_VGiQh(z&Jyeu*#h<5;%umOv`?~`srfEm*1mcG!7#;21q1dx} z6p40y(Czd6t^1LrLQSYvp0>kGC6}%Lqn|drGE7zv(UNhyBH-l~eganAVAVX?Vv2%{ z3^HDIb>!HPY@vi+buWceYnHoP>nI9w046#4Dhi`jcFwOF4ofcSYzR?o#lep6_Gz9I zWEP#%r!L07+-GC-G-!N&?#aoYF(FIlB6nZ}nSx?87R`xlQ9ldZ-<^+^v@D&D4)B1T8186whZC$H&5Y}H9jq0#A z3J}%%srNTrsG2j-EislUXju+dnQx#$;~&(w_z2+`-`)}vQ=12%kUM8=B|lp5U3zdJ z=5Aekqw;4;We-f+=HgFLp=RQ&&D`kgR$B%sCY%0VyiuCj;a{j9#^`&i?H^q_;-2K@ z_h~zS`Duq_rKHA6ONSSIa%S92;WV8}Ui8uZd{WBwn&~I!`!;6&TWeq7IG0m629q@x z{`@3_yiJ^XP{>1K)&LqEu0Htj#0@M)(~-F5<1|{Kyjg7zn&nhJM$)_-HBzi=TjGs= zVc?(d$u>KnA8~aoH7iCTm0fuGsW~?`^-ReZ`+{^6!|!LMWIHoN2&TUA9We0rhcmWh zrgpn}+sASrQx);QHiCLl^Wc1XHR4#k=6zEc%Y$(@!plfH?Yk`Y@#dg;4SFBEkpZo! z-h9GxEYEbJf)cdPC51%mPL5u2D^t2xZE7MzR7Q0ep3d~D#NL%L+e56=3j-TbVgZfu*Mxww`F;Fd^o zv=9x;-0#z(2N#A)>V$5@*HO!_#YeARKG`p%Hrgkd?~_Xk9;mh9HJFc(94s}d{a6lo zyl>q6EwXF*`lStmXMLMWiX);Ox4(m*ob3jX!jGRkI^NBWT)q? zTYgy?2CO>oiuP5Li)HY>M*k=oeu6d`%?QJwJYh?Fg*x#VHSN4vU{UtB(l_UMtKDMY zXW=8l($RXypOzsBy|6euzH`_YhG|Eu`=NB+obPOG4kWm}Mj|C7MmFnk!Tw55jQpmO z`UxB_`f7qhXT7;E{A~MGCt>I>Y%$M9eAD88vChUg|AEZ8{};&oUzGj-GWG0<4A#Fk z2?w9Sj%k@#3ehS*s5{Io^nFC`JX&r6vpyM$+>+GP%9YR%0yB))gy=F|XL!vr%!3^g zPI&c+WCs6)mojaC6FiU>f1`CRX(g|HSxKr7NQsGthyTa=hlTm}GDvcmbRmgU`4S`% z?ggHWaX#LZo)n5hreAdA{D`IH5>SCqAY=Oz8x~>pko}sw-B>HWq81rP)*DwDW@ga> zIi&lMR=j*=R!^nR?M@w45^JJ%`yMIM6fsE7q^tY>r)Z3vIOw9Y6ZQ8zj_Zgv%Q)mY z<-xs4_YRO#fq~}TtEa=a{+=~j@bz?%j_@rsRR0|;U#Ce!$K`sfs=~g%J!_xlbiZZ4 zJI~X0b+BpW+@~T~t~EgFG`_ahgcrN*o}N2R_HTR`SGc2!dCd9!IypF)s>&Dd!THcm z;J(jTq0Lc9=->WCT8a6{jXN@hL_zVe#KbAHk}12+<{j1^ zR+s5M{$#tg7X`EyiZ>ffqdQT;%lQiwUtRR3=y_AA+!ZQ6raK9>qe4||G)A zrhN1n(p?gB;J)-d7X&!PaFoj!D(F??345dsaW_gHKPQ(oXAENKffCqDnNx(defRLI zBErbC{Ik7-u>$^^Z-3k1g>B2ZRJrD`U2bn;3%t5u{@p@@v-M3drG0|YezJ`efo~MV zu&4}QSig}sEMkg6Gwz{{wcXZ&8+v2?Pn>ciNQo>-WjiMwCQAM_m|D~|d~f!8SsoNO zwMT=r{2<6yUQ)`&g3Q#w(!)xKk_(+e-1YydO2%{Wh9%&RgZ`qGNYc-+ZvuQvEIdx( z@#sSAf3L~10Qell%0c7-Y|%P??kJ==V^_RH-x>;-i)fjN*od6&iyD1uTL2($mR zRE}~2@J%`s_8jf1O9uGJH)ck66h!0>#TafdOh<<-$`(3-hg&+ux&&SBfJEE zIw;S_dRTl|^v70#c=!wSs7!L5?L8ut>4ZACJ?r)fXhOO@8Tf#g+q+zUKMt5YvqE=e z_aQM~xH&-|?0E4-Fox6nia_9KT2EQMqD`w>qzNI^wOD;k(Cjz~@^u6td^)LPTkH@u z-(m?2xlx#bdVs$r&ZYt>-pCgS#3moE70voo>gK#RJq#V`sDcMq_m)j<>7RSA-|pET z+WF!nxlhhkXFB-#GZRZJVs}RwBUY_A8DrBNbw-`8r)=40m0vD3|P<13+{AhJoRiK)}P@=@*O_G*lQihF=tg$ceu8 z`HTVVZ(qNbNfTAvnD8Ia$6m7(eL1{CyhbTKbrbg3O}6N&gHh8%y<#E~6C zyS*28!MTA<;xi?fd=Q71l!$#SUj7wwX$`BaPrun5^)NoaZlh7f*29()L5-GL@SEv` z0&o6zaT%Y!^fNVM-LSZbzF?YXo}~cFm<9RhAf#d#-rlOohM07CHh?vZ>K8GV@Te<9 z35hH+SKYmOPuPpbh8nBnNxkS|CrXdDN76$dAFkT1?+2MHd*Z02VLrAyM<3?V`c*0= zRUQKR&jO;ix_YycVWH<<0IuSD8A=%wv;ysilCkAnpB(k$vDYk2f?uTH+69|zs*sb5 zWbClHZmQ5)%KUx@9gpWwik8UgzjW@U@&Qh{nVb3zP$x#@b^;gjB;H6`WS_DS>djzx zRQU|!@DWMNA%uQ@!^Q&g#Gtf?^jo0wYKk^|YaNAOo}?cY#X*}TV+=J*8!H{C`3_03 zyDS>W6m!bM^`n7T4R|xMo7nOKjDmrequ_u|@wUR`cPjcc^X!nNkMdWA(8UtDYTX4H zK#Pp;%I!lT3sWcjMsioztrw;&yN$zV%)^B``AR__lyWiX0rzu{F@ywZD;eK;t*f`- z@g0v83YOQd;CI(b{Yut-Y+vp;495%efp?dv#9K<4W2Lx)Q;uGG%cTM@Xx*;AujTu7 z(!bV49P!#LX8rs{7*;GqeNV&cby)2R1Ni5IN(fSWT-gmOS-FgwFfq&Xm+<9PYW(YQ z1$3(B|dW7tiX|+Cw6}~Q|{|ogpqu>s5$RGF)@(> z%cWMh`W>I*j1X_kz%%k_=8DEZbi#IkZoO?WjBu_Rxr!bkFF7_DO-J(4qEPBVKxSNh z4q$b;q{A5y{ewa(oES+xHuWt&a-J3xp-ej`l-S$sLWtEP>IH9Rsa@DgSv}5g%(^!D zomRq1J8B334&eJmXujPQTWty=nFN_?&`?8OdHCuUAkc4-LZm=AhHW41%QHM5C zba;F2SG$%fLoS*EkY(9R+-TC~t1zHE11qYa&z!kfH-Nvd4MM&38&nEIVw;x}UKY?C zu)YT!K;Dd=Pt$R%140GCOMl#dW!U_tnRl@Qx_=9|j)L1Ki7+FT#6JIV9F>-ppuGw7 zIk4hea_q+RF3*)`YeMq7y_k4P@;`%T>PnaG#Up>Vyqw12tIqMjRh6zc1!1`!uaL`0 zx9q+ueC`{0q(S`d8(ZFWA}x8OH{mYJyW*4wE1V{?t)eFyQsa`4ln|T)B?O&@fmbV~ zGhn<&(O0m6EX>6&VFqra(1)b(wTz~3>_|;z679?4_&A{d8Bl`wdb1fLxQ6g#EtK-| z11c;MwN{vW3cai4;)>SR+T~z3c40T31B=bVf5X?Pv5=65^Q^}nnAMo}hBad0;NWD> zU{i>MZGd7+Jp_=k$chHTimb_CnD)tkJgWKjxeku6@1HEE-5SGU2wXZjd^7u54?ADR z-5yT`lXw^*z;lI>F8A%U2hQ*E+s^A$FPuy00>X%070?g$Qn&(%4G32sK>qbUNmF77 z-B|CA{9qy((Jrm~(wO)F$d0&x(s4P!IoG0(;rcR|^-AC%7sF&R=}PoqUF4$mb^RTs z5uuxOX6+4~?Uwsoo-W*?fAHb;m@Kd*An>rmY7V6V=`u4=(YDkkk}F*RJw~AMkx=cN)A) zb4Rn-rvB~C+zLyZjh0x5`C`hFB2JOlBCRb zy7yBT{T|n8H3bj8Pon){xhYwNDwwKDgp1e{^kyfhulgJC%c?z^j6gIE|1uLmJ zt&wD~5#2PFMoto<^~1C$G?7od_)8hS$-hA+v!jXNw!?>tPG zQv2F!;P$p47Xu^eMa{IAiB9qt4hKm1V`~!8mI&W;K7H=_$C11F;D6`JgUuyB8OPFs z_#=e`3!7C+)t{?|e2p0cZSp(h*57t$NZO=vK8P@qXEU#e5rgxThJ7D44G*OYg%hTO zb5RMSD`qGF4E~ZiVHM`KXGUjDCG=wd$1OKkKKE!FNnpIU9!csS_(v^~LC+*%t!kEe47ZSEoq`bb;6smVNb_nhi1GYy)?L zPjc8_)k;03P{&kcnxSh)s5f3K9TK2qt#;f=!}h{Yz=N9ST$G@-V$WPzLX#Y#2R^RP}qMlqpV%%Io;%hg*VXN7FTvclNBG0pOxY|zTUKYS?wFQ#j4x34YkuKL-&GX* zst2{t;c%vm{IS7=kD=bE@D~uJK+JCke;GnKhYjq0Pu;AmFK@o+R9>BqHIJiwWbZjy z6W=g*5RIGJ`F)X60_eWVxH>q{xHx;-xSMLQq=fJ%OZN+T^Yw%F$B3W+sM@#uf)C?v z+C?8iT0}tOBPBh*%xT|p>R&PT!JlrAtIVreEHe-cos6X5s=k-!rY|n0qR02y-lUz` z5^;bGd@#SLS8UTxDPg9zhTFd(Z;lT_aC98<=$Er>}rYG%7i-4`*GLFF<-bw=X~ z#1PkGn*jzJoa{);Eroof=-fE}q5ur=Sfq?Pf0qKTVZv!~yIE*i-1xz-M{`pm|1Nc6 zF@+X!R(lyya8F945FzCt^^Ulffp{y`E@Znn`73H;~~yI??W<8z&F*SnX*WVs;pz01^p#G*V#@33p5pwJ!JL2rRt2CHG6?`6{uS}_w$63F{ql&wTTTOk<(MvF zt9LLk4;$wHht6jKh<;))gC@RFOT~!z7f)H_YhkAMOJ(tU*KcNjJHFn&r?Eyo2-4fH zYvu=P!SS(90;Q~(djAaR?aoX2ZRlsRmmPlV*K;3+Lhag{aV8A!RE*6>h)$QRj)2x| z2ooD6lb)lZw#B#p&icxb_xo;!FI!qL*ZIghUGkfa#(Uq_i|y>262+oVNIGb4Zas^9 z2PX2wFp_X!;l)RTmRAjKBITjq()@c`E58;=Chyx(7LA@aDFoN(0aufmd@hmQI_&R{ zva84J{v?Fql>Im!N|mM>`Jmq8RVtMsEgSv8e8H&kZ33u26O#mYj7+c+1$~d%+ z9d1;_wrS%WW=VAtz4H3%Ap#<}g;DzB^2E#Qi6>`*dJPo@hyN{av&J8n;Hq{v{EyhB zZo%f#l2awCTY8LN(5A>!Oi-k{_`75&lX%wDcxH9m11wa*oyO-rheaJ>A~maP&`Q^n z{Qvr5t`4sLzNihXJlz6in8V88YdbSOW}54%Z?0#o4R<+cXh4oh zB!vt@@pg)B9+gS|f()ae31d|Inq%40*}i<%cLF*Xu%bF7HK7*<0P=qN@j{ZuTHra% zpk6D>c~SwH|5rh1z$A=>$)$z}CMKHP{q=v#Nc*iwo#IRUA0cA?wE>lE|A0F*hNmBJ zma5&j2}Z}%!3=HUG0I~4Wiwd;LhtUEs@Mqk0#Zw6{y{#9{CUBD-e4GO8J6>dK`EiFGutx@b_q-Z){4Efs_sA~pZ?1+QHivLM`*!JaEkm9H zhni9}`_1p%^mv@CYE^*a@>C)bA7An#r|qd*t&FcNeZ7ecEwHwp>ad>XRld7j2w{AEGDZy|!7Mw9-?@ zL=lpqSyqV~+xbGilPCdP=2W5`aR5JMXqKEMDsgkP7f zH*TYtNaaHlhF*Xa!3y-=A2-dl>7~`;NuyTXL?|bFFCjKRchn};R##~S z+}<)cJ`rdAl3qEpY&K(+RvQKij3Nsi?!D%*lNYK;NE$`;LXIQBtu-WudDzhm35X*P=c2MU?&3FEWf?4HVU)1R+r>F? z*xOq@)B~w3(ZO*I`5@mIjOtGrUDYaYX_f5onNfkeB7ZEeAjpvMsnjOJyOqG6cr5N% zMe=a-XLV=q747xF7fURd!;m0;RZ55e)DsuR-K~J`A`eT(WWMjyj&kJt%Ri8ErHWN` z$*XX{-SwvbL%#6Ycxi1YfQKETgXyW76x&hgEKp!-Sp@#Y=UiNBRNpQ@+0K_WyBuA- zuPZIKKCbe_2pZ?JfzO;XIoUNHD*gt+cMGWCmZ0yD#sw9iQ~LJb${Ge`q$U6u@3c=B zIJw^^C&Qr^u_HbRx;VwR*ix5tYFs?X`!TKcHRG!*b^$G37GY?PX_kmWhJm;tV$Mpq zg7?UoeI9CqJusFlWBV5(`mFOS^5=QaRBw;vo?$P)5H zU^ODu;4a1L(evRCRze^no{WTU^|^|eQMBt)2ta&4e6KnElVVifkm)vv6h8G?P3{1| zHd@Q?cwJ?N$&sMUw5UTpeqnEft*9LKN59O42IFOGUX}~}cB#N6`nnwY$m4&CA&NJj zYls|>A^TAdm&d*0D**LK_V~iVen3YG`6NpMNJXvppTi0;!48(-=BfSPd)CSp2{0CqfKn(0UWFCh&FA`Y*Pt zU$(1aiF*)h=EcyiKZDlgyPvJ7FQ>1io;KD)5bV@~wQ}(9Pr-i|Y$|z^!f^Bpo@@20 z-A^Rexu0EF0X5@m3#)K4g)Tl<{+v(PJpc-a|B)KFHH=&xo}&7>r1Q$4M2dOpqOj~6o8 zd2boJ+qxz#$#DZGp_lOFy-v=JJ9{%>sPXrqH8EUBGOkE6Da|O{Aei~JNSpnN z8f7*zq4R_EN`2*4*U#^XUtB+DVKt-Nf_1K78U08bVSc&!netnMwgdsEGajYHG*Q=l z0jFlNnYQklgyv-B!(>U=?JSn=0X#`dJIt>~gEGs7Ln>vXixKNwPAhu}C2iR=+f`FT zIIcQhbe~c6F_>@KT{0jD46_m5s7c6&g;#L89y7<7CB5@{mM>pcAH_(w ziJ2Kao!>#zEKfH2liBm2GU_f|7+B;&uaDcHY)U_c^5sQKuc$oluAPQ61o5n_tag{0 zYUTeXe63Q>5-U*%k@Ql4;8UAsD?(V(fqy$URrKq8YJ5Ftrse)w1&Y5 zzw<}}$lBc>FGs*-3P z9Pq90GY0zkDpSe7^)%jMXLA<2m&pqh&OB{Onlm3Rq`}d;&LEULy$1W{Dd8*(%pcTa zQ?L${;dFlNNCH+VXXhF=UhUX(i+AsC!eU~bLIzThu0@!8qa>VH_zq^%|6xAIG!N3p zCzKW%aJJl0Z3^0dRfNOn^KjI-f%U7Ppd{-%nbh0Rn8A&)=p)_)X&wlN9PelK%kSS9 zXxQ0t*UVEzgn9+Z{&32u!VrFA4ACE=HrB!*=Q5YMUu0c^9JJj;noP{optngrRanOt zo{EuGDV|iEOLj%2z7^WP!XJCmc67k}$HnwxI;k1?@8v1rYZIou+aNmnAyvBG%v+~S zf}?8%XJQ#3p~W!)rHX-^wpB_Q27NF#!DHw-1x zNX-z^-6bs`-5oL@(jlS1&`8GsBQYTTJLu;d&$_?$+;!Kw=TFvfYM;ILd%tSCZk1LR zeSe$22Ai#;eU!7_VjlN=Fah=JHGif$p0pM!Om^|dTRMu#V__pQT8)MxyBAkthnKn* zqLmFy;zY|LW+9B_t|_AfeGG~{Z)y~y-3d<t`^Hc6a2 zaA>Bj%j>I{k2nc$6j44yN9=nnL5xb$wcw6AIHwplzE?^_Vx2~``$KH$q+)2g!&r4S zGpdg6z{_g;ClyKH?=A1g;TY=DmhATBl~wQ(T1;7+Hzd+Dw^LT^KurDLhW)s^m)NO{ zhrvH!mRAc`c_7u|@Idlx|6|eV14Jsqg4d;HEz9*8lT^)|ylDx}tC-~^{x&P!d$k*P z(yVsg#nEz6&J}J$EIfZepO=2)H-esuCDJ-Qf~31y!$+-~{0yk`WIlWfd5&I_ACk}a z_WtvsfZ9-}(p`{dWD^)gFc5IBtuoff$laC7bImWz;_mhx!2dkp0eRJE`n($~V z{95})RtaSBDM6-EBX3{Ih?$orzqS}%q+STrg}o)Q{M3AWXYi@!IDqO!%8lanY6Hlo z7?sxQ=7dF+fo2}i*GE;P%h!W@@}d-aF9Ky{`{k2%e`&a+OpU$=Fdv9#)uJ{Wj+l_B zkLWI5F6ck}&dwYtuf6TW@H#tcz$F~5_W47}Cjw~sYt9N?wBKl(Lr5&nKG0x{3!cnGEDsYrTGQdW!+M}Nk zUxef(a_}@~S?{MVt1i^4WlunPzk}-2Y&pBPT@%NkuB~`QJo9=vUP1u|GAokK;48w2 zTIjVvZ^jvozyy@~u@kY9!o~O$g1dvb&rtdaX-x3nyEwbiZQS z)rqBgzZm@;5lj~KQh+IP`@Q_y+jr;9&Gu>|)Sa$g%AsWW*UdQZoJ3808iIG#aTLGs z`Mjw0e&d5X9i<@ao^&8~DB`@bEyP#9{DxQyHQ;jN}{! zLR;`fs%c$w3;6!b^wE|fosetB(B&=Zx_wt?;ec-!_0we(c^&k8jXU#Ca;Gj- z-$8|GaI$3SlLj&7K5NX!B4Bdq2yNpzIrQ#b+>w){&ug2{W1AYv0ld=v^A(%> z{&P(~iy>NHx7QEEgq@=<#U+Jf_@DKXr7~ONBzMWJUr(0ll-;lqISXq(zjJVQ=wmLOv${c%aL<9YwCLuB>SO;_Y}9utfiI zGX6-P&h#o<)>fzukFeo*f~C)?p6_vID&pJhqvd`w@omGljarJ|*G>L)l7IL{r`k%NT!BWxu+paR%yM1qz_}8~|o` z#{|7=iN)U`9apSgi=m2-ogC>}%*HRXL7-+Gs>$>YVG>{&$%dRN$&G}KpBX|vu5o?C zb>lPG4zWuOx2hF5mKP*UUmJV9DH`6ePWkM4=qHC_b9JhG*!-f|#DuCkf|rI>!oO&+ ztudN=_?>j)QJrd+$saM@89q>AFy^(wpN58{PY{e-VvbAGF{YZu=XPav@fl5++7!=E z!JXgPq@lEV9#8npkx|SV1i>vK-yegwit^#3J|7Bp-w=_ecFDu=aowmES)jz2h*DrH@Ab*Jy+^eCQ+~$-Zi8@sr0IS&2G^>; zXtfYRgK})0nX{9L2!mc|>_G-Qf%FmtgQZdT6D@xDvH;F7vlKwxO{=@S=Paa~K7o2W zeHB7=V|0X8=!i6uTAF@jzc0MU1t}(R0#Jyb(Wa+S&fbJhzn21`4Eg6-E2-7i?mn{PZ`Hdxb>kAJA^ive){ zUVrrtGtcI4P+e33jtf)u229Y|{wu*T*9jK4!{%c6jn|1j+clR7CA*z|_>3nReWhb% z%xzc!P>1WFXwdP!Bg%Wmn_-RyANM5Y`R#ccxvV#yRkbLBw}^6E=XHC8`J z%7>dVA4)&RkNMjk*B`S3O$k#*^<%b#p{7l9(d!vaTy}3Ch%YSOg*iNwHQwl`KB&Hc zLYJ056Hza&BLuOCDm^h&lps%P@Nok-DQ!T4I9=2`ksUB0^2jPBDPpRyzi0N%^$q-a zf*+qv8twTOQ1Ny)J5Fm~UgcA52_9&)&8@R{H^MN1fPs0`zOnO{D(;=_9B#%#y6%z0 zIc=EJ+k0`TaMDv;hpM6S=h<_CT(JMrNb6v5H< z`*%Mn0|6eP0$1^?SArK`Ep zx0loaHx1CZEWAemA}Z#-`$0eKa^^m%;d@{d*r{m!CsYE!X@E1LLIJb{IBbCl=HG_0 z|0G2Gmv;64dHMg?6iQC3Vuh}MjP?(|2tfLs%cg2_aFpVT7!iJK3hRI3>w|vVohOq< z+r?L!$VCZ)Xq=_za#)Q*+{GfbPgaF|cdUJ$-TnmlQ78mSXos?E-ytr4WiuB10V3^s zyghRtCe1NfAhU)G{WA&`7p9Mq4w3>(W?VGhh-3F}>z}6M67r|w%%6mnmL>ERgx%aK z;eh4+@84{ggQwRqAe#FZH%7?XdFOA$=VAKK|HZwR1)7osYF>yi1P!>6bCnVOkuU>` zHqxd0o!WP8ybgjPL)(T-AuNLfG818%Q7@Id)ZNGb+$y2gfVCu7(-wMf`)3Rm#gkSx z7rF6SRw-qx$8z0wxakw(trP-Ama`wE?g4ao{mjH~-MKF~YLNq!hb&OEuJ{kBq1{f- zQ4Mq|F6vRO6DzZkx=Gw)HIAloA+9e=P}D-hNw+N%=G_lC$p*(#8#fG63q*(pJd=+o z9_7mcJaig*d}d=kh5xG{*e@9w%ehI#gcCMrlQ)o5X|hLCd!3nEHp4UYF$!8bzm!70 z=sq==VoU`c^y9!gm3OgKqFi=|q@E2cuD4mWU_eU`aQ=2F@v&m2$N|0d5Q`bA;%-ex zPa8GD!^FDfes{BnA5zNUZ*z;8X$EFeo)+!!?o01SW*>!tO?1EVeMsFI`3_t!NJIPHQc7qs7ypsceY1xM)6|7{XFzQ7=j!c~ zo`I$#>Yo^`5xL153DIly3Z<#9QO&|qxr7wN{6P~!ax8;iK4D2qmvOSOy$VuOjMG3d ziY^&su6bkBFoP2S>{k*`vVlH>XyMQ76OYe7`*cf$ZGs^*bc2?+sGlq(jid~Uo%)sg znFeKII+dl;J^It0y9d;vAtAKSsI^o`h!P_}u7`wWP)7UZw6LZ8(1-}18MSas_{9nV zvKd#{E85vnp!+M2X7ZosEY9XHe(E_jg~N`<>e~~<1Ry1`%L*w~8Ybw>9YkZo?XR|;&*nq_iVDje@y^hmKtKZznd`ej@D zGRmn&;l(jhY@W4;C+`^dp-}}ev64JoquI~;wvgENeBaoe-=_uoYe<*iQAu9`aCZm( z=HaK*kdfD??W3Am;Ll@?uQEr|W?I`g9f<3ZR;lqnnYMHIqE`nqVN7g^H z2Pyg;XR8S^u->b(bz;$k#!Ib!)m`yj9*h6L<0rmRW{E|IT_|*ofnV0CaKxSe9lr+B zmuW)SY~Abad2Ve;dU$vkmy{F~6olT#1Ner#PZvDS0RvO1Vxxo6=h?lJy6KiORa}iE zkfx^mn#cVRCK0BhcqCu#Y3xq_zsnyJm-y>7S{y2j;VkT^x**&cC^r;lh~4x4?uvXB zc`r>^t;gWBzbY8Rs-G%Pj7njvp+`*R8W(h*_uNkEyiok5y5F54>QEM4b@Lg{p`I2M zYTL*Y#T1Dw5z{ujn0#yywl}I zPT1BR7r(DHDHQMhxS;~s?xA7tfxXVwh0A=RP2%zEtwe^|MFY{t98Qh7>(`bSxT1VL z4Y0XNrzzTzobT?!g&%M$cd(t$a2`YnUjI6sHm=oqbDzM=G(60Tj^LY3Byr4U(%k;? z#H{#8t0n#vmdwigW+pGazRi7QK(A(Zn{Q`J|0eGXcgi;7pVVQd@l0rQXf^C`V^HBAQAuq%cNM?mpP_GZyt9W{(>dsjDd3;6xte-4%hJ4n>`iijy>2Z=K zY#Zvcfz0gNgLnj7dGzAB#kfwY!z(@Zcu{gA!%N$U5_W5&Lr6yk%PWQ^D0evI*%tOL z#KWrRs#d(ucgRN%X)?9k9D|`{-1XI^e8^R=%FKsD%b_tJMc#9+v@o?eD+!1PbM5K? zOVIa44!33(Y9@p`wT2f|7?Co%EmVGQ$jkP}3|^^kA2M;%I&RIm_slpZ-fahaZMc4) zv=4D^RK*xuS0BCZP0E4N&l%UNN>&3x$mF4@MG9C=hOy}xupul81dZY!yraTQEIaY7V)c*Qoe>hzPK zl=_P;4kxAX#BOrf7f{!OpI>sNz`t`=MU?qlo7v&k z^@me@i$%$1CNx(b5eH)l5+y#ezDrd zH};S>XkI25jbX6EICdd|8F{$luVY8ql;rXp`w4oI)l-Ee}4-|8+3qDt-tQ;eO-q$G_~t-J@x96@9&pgTed&A*nIGP@wSb^MQ_vA1=nO= zg?J5Wb+oQ(e2}IEItZhD#0(^pTx7+v(3jE7ffA69vZpmm@0&0w#3BUO_fN= z;K&ANx`kP}4dll49+mZUIZY9-c=%n}t+v`uuR^He#1cA7L9jv1&0n2V>GqPR`x;*T$m>Ab8gxnM|*1}+Q9}EgSlm1KoM zxxf(xqLXFnl+U@PBiCKuEyG}9i9``fCDTKUP^pT{60OU%fq^DUNo@KM{c%>0ZI~5=TV^p`DS5sI}W@CxZkJnJ3Pvl@pdP( z!=Q=9)v+-^FkhA}cS;RRaJR;S$3{py(>6rVlYP2<@(nTH$X$3bHT)tcAfTV6_Y;}J zDJPT@_%=rSB24)l81O!TUb*6T+Euo0Qf>%ay}C<>nwE0hW4{ri+3_?U+AM|!TD0tb zIhZweSPNnt0nc~E8Hn~@WURa~CsB!7Zh*Wiv_hWt+{jwY};i7^PVrRb>BLVXXH;9LAHHX*zNZ%YTI@%%Ixoiwpt zMlIzh!~HUn>-}+%7&1ZbP~V=e4&oVlHtE`YC7->hT{nTIo-UD)>Q)MF^C080m&znv z)KYYLt$ljZ;S?-OKw^f>rg8|aFv7+yu*wet%;pE%MLDHzGt$48ZmxAu=!0?0p^<kNcehmx+u3a=3cRUI-OiD^B4mVr#z;NH2)neDeeZokWmkuBjwrhXaN5zGJ z{nX=s11C zQ`9moqgS55J>|9b-d=Cw-a{~_tZxXW35T?}W&g#)F1HWDqQ}%9vGKYp>AXB zvIEhJ_io?Ccni=Hd9#t2o%)3B?oC&c=%iO1Cd>H!=No(u0?;iUWqRZo%c|!(X3Dm) zc!S?;Y(Fcz{P<2z+>}bt5T?%u3}FKqqanPVkM9UpJI=^ugKOLGT+UFYP>kPm)*&xz zuVp}Sr5G>Xi==n+zm?4XqQAb(UgThwoodG(lcuSAW6zRO+<^RbAl?wL4ZHWNte=4D zoitZo!O`DW*A2Y7O}5?rGG}-7r?nf~W*>EoA{L$xZ>^6D>9({MW2vyNmBZ=NSfzawDr<+*l~?tud<}`+buUxnz5gZPYVLn zFAorRF0XpAk55kf`wBcqyhk~C(4DFLI!|5&EQHkNjBob3;{VBZ(JEPb`XTXN#M=ZfU3qcc!kRp!wGm*4PIrv7VNM;F^$SBa@<$NE1Va>a&+Jq@X4nP zg)8^j>)hWK!0#SwI@$5r?4m9AzNAn(?(x1}lb(8L(oMI7e8LJnnf;lpaK0c38x<~z z1U@#-MwujVSdlPclo02#)MlI-Xh2DcGhd0C9!jkfd>O`ZF1AWG^f{u|ZgDj1@L)_e zk&-Sw78?bGaU>z{?<@`_-B~Nz?~{SS6B$c-eh;0dn#a$qo;{bo^^#5E|F<4eDsX!2 z^G+O&{_-5xx9kWqqjwG#1ernE&?(wZd$BZ}faSTu&TRca*2#k_0D9mm*`zLa?GQE* zt|vHs*M`4dCkWnOSQvY*nwldBpg?3X_CI!u2l}Lv=W4(htscnArk!jYEuJVot;4fR zNsVh909q~H7#{X84hb3jIB~Q5kc`5jOJb(N;~f!CFW{k>ffBzX-hZ_el;7)LjXUgw zgO<2ivf6;0Qt3nG;Tf0;?Hj0uVdZni`o?Sr1`;yw;I>+^kvtxxj{#h}M$NCXt+Bg< z_8 zjv_9V%whg>Lz9}g%1tOYs@-WdJ7grVmC<>Vkwz@!?HcI5QD8XBX{(rrEDxs6_rS9s z4=IJIf;h57TS6qN_E-Ybaq(}!)N&6nBCK)0qJF$+@_yha*(Z>1#J~lrsmXfB&^w0g|LP{2!ZD2$ed_^i8pbC4&Gc1 zM=oxPN;5SP=NaosX3c65YILP|I=lKZNc?+-n77k0-dd(mpmd~T7t`spRTvs1)kSIo zijOCTqPcwf2)Q_+_-iW>xjMGU_}eem$REeq{`1vi<5mTl7(2>HZ+r}2p&-GF_Nbyo z*2h|GeL)DOm4uG{PVx&C-J4yt8qnRtsm9S(s-{Zv==oLm%$Xa32kaCvbJq6qN~KgY z0}{uXpz12cVxhaeI-+AIX*WM7RPKM!JtwfLAR6BuQ@`A<^x)cpNegMDM3Z?J;#U?Z z({pc!KOJr>KzpEK7-SzB{Zl*H&;E*dgHk9srxErZJDWUQM;yMn?(;rpe<_T}8qe&& zKIiA6#klfxj9$}H1b@D(^StkaizVtH*)GRWn|snH4{|Uj&atV@ zSBb;C-e82xHZ@j-8y>xLyuiQ}cF6j3Br2 z<>u?7v||Syx=a)de>(@+bJ1}|hHvRzIaIbvddcRpDod(qqdGoe{r>$%aWfM^yUjgd zmId}9@xXnGDQEhH>aOR-66;fWuIyQHQqB?Fp02L*I~8;Jh+h6_I`<@+Yjj1@9gU>u z4>tqunF&bv)mxH{2lKHX79pvR{M)-+xK0;P zo=&MysAVvUV5#Iym^Tq)Nq7+)4%2{^}KYMco8B#8PjjLL2DZJcP&KoHmAQa zc{FyBUsS@`M-PWV9DS3z2cjqA=h^EpRCo@UQ&n)Y0(1(br*`?O9R4`TX73iB8kJad z?RYVpLq_|8X51>!xEfJN^7>aL$hfJhY4l6|=C`>CH?(Zs3dJo$`=xfH+du<=J&R2{ z^FBfmYWftts#)2-OSWXieWDUI5sa!xsPc%b3sK$)2W3BN&pj$_?+_2Ttt8U3kIqqq zYn7D2*u4}cG~=~`*#bHta+{w5{KT!#QzK+%u?1;YPd+=c&ZMO?8Mo=C z{v|ope2Pz>HhUde!5)a6OoMke0WsX93Ts^xm$bIq(WeLwIwInauNQR)wRe4O5zW|Dgta3=g;_)`xh^#V}9g8reOA8<;{dRmXq<- zBbDu#e_-%=$odVPq&qGsocrp|Ly>s7ZlQ}VCHjaFC z(0(EuSKi#1`cao`OR8Dhm6pyfK>3v1R41~ zu)iHBYN8$EAZ@u)awwx-myOB{??tqfdFI=fd|!1b<1DALaJvh`rdbA=*1;pxM(rGT zH*6-`x)siUgFXbxv^_&gKY;yG>dxpZgS`87+{%gb5FtY~KHlr54%WPq*_57Xub6Jt z;tVbjDj5Q?%r)U#LSVClC%M)2wfd|gdir5L{Oz}2Li`Qzp(L59gowAiJVY=!v~E8` zxe)?};gT*c=C9-QB4otGv@e7W(51jcbP0?~igL5xZ5bpHUfi)^KU2afQyH3R=7y<- zCk<{LkCBQYv}~_ZhE%tnLzGi|L%9L}<9I*mY3SA59r>2Wf%1Tc?9e=UkKPtj<|V5v zW+m)I9~_R^X$c{{Z6|(1@rMCcn0y`d)gH*j{(*tcbpE%Lupn-3Znt^fE$o4QZIIiB zxsovec~LSm5$q9Gy^6de3(BA4lp>CYOuppZnOKXPG3)0mR|WxLkg z+HrM2{qfFGqkijEIh>Uh9(>zaYickI$x{MmrpPovU7(+8LP{&0%Mcnl0v zZpmCs*_alxM#$aUE@sVX0!Y9PqqL-F)vaTV|7yl4L9Xf;$5F~%3{^ked!K6I-gQGN zy!(;M6h~(5g~5$c#dz=F??d0=zjCh6u=C5Q*^O?%gu70%Oj{5 z8BZ`f-Wrf?x3ckqk3L=cF(jvH-dt(GR(d)r;vdzP?PgPi0jN5emL%(OxQR)5M@sB+ zD2z*yIf*@EUasU)bTYqp<|!==nsz+Slvlb3eh8`Ao{S~0bZ@)p=IhNUEDRN$kmf6) zH~nB5aypbD&=1w*X|7kA@M*>A*=eg_<{;Y45--`owzbDogyBf0-Y@>UE5PvWmIj{} zd`WKiG^nNx6`Eo^<0q^w8U>;24;V{$MN!f{w85h8(yNLp~Cl_$k7p?>w+BSO zNXS9!q6Au`qs0EtiMA+%>FW6+b8oGA{e3{%gkBi|^GvJTo^8|IsQG54)U=&I7%nU_ zjG`9UGVdcWD?$+7@gOzPadsB6ne9+QQ7>kZG^n;x&xk`Jw&_Jt%GSlx z@S{0fNOvjl=-kD|=6qSVn|8?A?`k#klpW8>@biinjJr+KFu%L&$WvHlA;T+oZ22XG z>rut1(x9Tp0mtbXDw_WGy1{Wj^(4Qy zaDKaW&uQX%eV%2+N4}$eG;5_D1ivn*$&GO{RNv#>m!0Gs;XNIImQ+^=PQdg|T8yQ| zb6PkAvrg?Zt!FmB?ujL$s3!|&tSU!WW>cnoYK`I0tM6(KFk@nS@SBUloZD^a(kXb4 z0GBx7WVm*GKG*yz!8mNX8i!2$)rt3;taGrCK>qZQsQv#?W%_YWojQEsQB(A*d!oF@ z+M`xCqPp3xyl}2F&jG^fTfgWNhTbudrEBziC=i(;svQ@Ndj-w{S!T87`VE-%53x@9 zaB#?1d*zTowWN*G{Y7MOu%#ztPh2d; zD9X>V_IUE{Z?EE&kU#&|my+KNb+=I6HD^|)gM{%AHlq&1HC08$>El=RJ%P>=DbCsal&Nfr9#c%AG5Uc8(hpM#GT@n|Ah^V*3!7g=xodd=Ef@gdVS-9NYMWV+CI*XHLlzs^w2T zf0Q4RN>?V;^bzVQ5|UrwM(}d&!YPsIGh57Jt?RF=Wl;^?^YlXubBp3s#k4}o?hywMqdXh~Y^Rh|gri}CB;lg>U=}g|eO@f#F?`i}^bXZlrXhYvP z6z9*p60{KQfS4h%oRL@KuY;ZmztfoiE$qu4==!0UGNH8-99xoXSA|Rcwchzf?v%B- z_WOG($zJwPz#jmu<)(FRNXL%bZL`p{V+UZUtfaGYc79#31O~yI~1@p|h%r58tw0u^*L@6OmrXjA?;&dz9a ze0+ku1*=UylX$vRAZXMCjfmHNvxG)y=imf5_sdY{70$#{86$d-WY&x?;LKI=YFq4lRA)y6(E~xA$}H)!j_>+_W$*LgLI4DwpjXJp)4aE zN0%$GNdj51dX@eJm->t%KS4~FtGa0&4&yh4nqA%j@UX~njWCOVu6%(=liQUrIoXzr z5%8iLAFt`|Jh6d&K#2%6L6rswP!WgzoGU&4%P)s-vo0DO5}l)QQ1h)ZbVIOy#1o9x zl*r9Nt{lk}gHU*@y^fuRg0W6&31ZN_cvt+7By-Cf(B>wAd>tKLg@FjuNs6y2E8U|%Lkj_Sk~SD1L&`cYg#4Pl#3KIPLlqq zQ`;q?*kLC{8^xg{;t0fx=puNyNPd1a)Fmdo;U$p@Lk^Vc(Nn2R%B(klceuMWgRqlb zj8JW+RSdgdiFc$jYEvM2Ju&Wubu34!v}9MD>blRLiFN$!XX4Y}tD_yoUEhW3qFL_J`TIDFJa1=Fda+gc+frnQpc`JO^yX7k2ZtgxpG zGsN7)_YhMpBbktrs3N!g72Typn!g%)-kS~7CkqQvDK#AGH2QlVUgiQurI#bhZpNZ) zcYh@O_$g+ukGoi>*vohH^J*?GH8sqsu4%*u-5GRN4wz9`CsD@`#JF7`b=>T|5=hZ~o2l;u(BF=zSY^w3p!28F%_kbvsc=~%dD_{a5qFC?v z<_H%aLjFASQ7xrXF%R^V!Czo1o*CV+FV^;GlVvPud5cCG*>ika6|uU{(egr<|019h zrhtc%IW%IhD!$mj>}7ufQJ<1jJID5|`ihzI-HvH@yMz4bZ)YN5iT zN9c%X%0;r|O-yz`-W5k>Nlx-+yCi~~HbBQ$rJs^n+Cr%<%u#K>ONvo=JKW1xh-bBK zg5XOm!Jv)a5E_{Wue0hyMdLuL7GYGcx#~uE}NN*NZzXmD59ie&_rnPSVa8%}! zdPr4`wD(H;?IV)$XNa|GJ+Jc0xep)Z@Qe6|R%M>Li3M_7OwN-wvA+_F?=;BJXNr3` z8YQ0sDW;fbx@|AQvnZ8zc~xcfBVG5J#X}|E*q=0&Z;P5Jc*!YYJ|5Ybdaf*T)3Ez( zM~Wlft?z5m0TW~U0gcRc=gv8oAV@u9Duq7N>% z50acEKlLaF|scq`#L6x5h43- zY=f~4Gses?%RPLq@8|mde!uI!@9Tct|NcB4n1%B^j^jMe_wjna-p^y+nwjcx9OpaE z!otE~ps!=W!gAPw`FMbxmH9JNEaWNk*C9U(J#CiK9sw-#$q^SV6D<~&^0*V!hew&u zk9q6g^J8J*{IUOi=_L(zOTpu+v>f zJ}q2fHy!`}{KDJ8i|L9LHW#@sJ>U3xf>*NTs7QCFh92zJ8&MXO5IPIHuEhJVQ_*!v z?56-fhw_V{R<(`AMN?joPoz}|K<|uikgcul1hKGaBcmRHhzNl|^78XVL&L*!qN3Ou zkjVVj*4wJ8s+XsxrUbitdP1Rxm`!G3xy1*7>;k9J2TxecSdQ%XnfY~8`_F!#SXj(1 z{vW>N%h_PF0|{gN#r)?_oRiIz>aFg*6D*nM&tvyrVqv*{>V@>dgJ*wrPfkxas{;T7 z0|Pu7nwtHst%s-3=z-bUOSCfRo*}}fZSQ&?h_P$CJAtNOV@!cZTnP)Wo-}*@=`~F^ z#5)Y<2YN=EIyx?Z^z~Hx<754WnLoBkA2cf~c-_#;)Ey3%?^h_zN#!UyN}l_ zT~ue_7(2H0rVe;6VGw9C$vVgj8$}VIJtr;eY;JTzxq;g`&%kgbd)&vqm`c z&WvU~2{}2(qI6H%d$=w5~nXVsE&S-9&+;> z3v2CYf@Gk&ML;FT%?qcG>9y|IGy$)xC!Ec36Y+GCVz{@8Jvg#|z-L%9*FQwOul7sc3f%R~c&UXJ)ANaa^2EmVi)_wDoOjN~wjS(t(ktVU+=J=-9c3N-r_Iq+ z5px|_GMop=Rgi6ymZJ4`|Jl>gtXWU{9X^o>q7UBMTG_JKwk3cHjIS02H9d=i;Rf5( zoPEz196so%*rvD^EG~b~Q=w5_(%Mbz((;>pP+`c+cou^gp_Eb{BbN!t=O%7cV7h*q zYDe~yp3+jcTer)Dl{L%}Hf{`A0gb@=yV0Li)6|gnRVSdf5pr-Xzn@9{U)|Ms z%{;H`TeXZWkXvBja2P5!f033rfR(@e;3))<*#+ZuSN-_h6nMlAFLNo`Ypw!vZZdV6 z@c=0}dD7{LGce6UImc`7MG;3BGAHx2;HU|uiK|PN zg2HCTrRBe#U8ZP_6a!@rE*uNl_>}+O0p(1G%JSTj_5KrMp8vCZ<)1+F|A&zOi}?G$ z3f!3~6B84#r6rfp(9kRtN-s1xICF0=OjTVyCp%jN=hXSH#i2#dp9Vt`=tnmdo2f`B ziN3!W+?b-0kNp$3{#WO@IH^DX(V!uo)ysqBj#dQoZg|#vQmOx7DzgM1WpDWV(eam= zCk`HE-ePZHY^Puib>%qthF%gd(ndW64=$Tto=83P1 zup*r)#ehOXBf@kVPJfz8oKUc{w@)k!L~55zdo6xntwuE2_qUibLkg>B_z6PiA=hkX zoas5_(A-p@w733%L9T9qilG;uxzk*tig>$!`tLXM)5#+a4}NkGa-Y6s9m)3()Uq1N zN?nN0LRZyhyXc+%+}YrN1tS z5AcE&@~9Ntmbeko^h1XH?&H&mPVMmxu&#*HKDh~XM*oSr_s#wG zZ*|5TLZJKM<`y?|u*RsTt&Jj70aqIugv<&X&KzM?AFn|2#eNtZk5DP92$}1j;qv+3 zU+8F7X_IYdsmtB6%)w?XbzJZ1c%*7TAj~=SaffiUj11wExgA}aWNV%AQ#{JSv&xn5 z^L|CJEgNc3X2>lj`f*6iN|t0S*W`-=7>q}iH>9j8H2(Yf{lU0)LW}qO)*!-y@!2%E zXdGMbIwK04O-s4=W$K)Hn2`?P9!KLKb;Bg8u_5m{NwLiDd44C2eMC$zOZ-I3Ho%ge zkX(DuvDk7yWQI;ABp?lry%-syc^hVmaDImPM_IY8^?PMsel#s*eXhY!Lf{pTjK+7> zF{|g-*&OHJ_wUD@XM!)J^)bMyRl<#gOkG{Wx0d8&>z@kaGeI}&IA3r~w=d2Wr3xuA zUUgb!g`!Td|12Ki){0l6^`-*qsn0wrmtH)(-Lz0}SDkFog;x8b+bC}JMfz$xtlYg} zP9$DNG!0L)D=~@S{3C1XcM$&MjyQZUHJyq+dNrJ8;c;9Tl;753IPCVy#@EVCf9gqa z_6Z_BQnr?gT|_1#ps%+1-I^8$zZ;mhT*9a& ztC^F7b8=*>se_Ii&(6{l*OS{G?TC0??gjsD^0wjr!8?v>@#fe$7QBzm=(we8GE2ZE z+g@(&4pkn{0rBRPwpfguA*%ZM|JI6!EzbED8%+6br(S{5YN(W2Yf)U!3q(7I0;(?l zb@xyUXF#E;AoAq&M1VPSXsC@cti4JDj`-J?=tTGZQ{CW}tF5h->Fw>^-rm-Ui;LUd z+`L61k^F;$_4V}hrcsHFjcTds=|uXAxaD0L=n_q08^fSAl4PF!(*8SW{Ema)=>P8s z(H}ALnkhN_{47n^CiVAk2h9`A7!*0@VuFZTQaM`9(j#d!7ho<1-?@`pSw$ys<`b@YDon8ufv zz}t{|6<)1Ynv&p9J|g0RM&45>w6DE3<>%6$LYN`xSFEIz#wwlJj5_ietr4n4Qo%%? zw6&YtbQnSKR~i!1s2d#}jUU<|M7|5+4sK~28gtm8-|?>~T#-UPtybh%5gfnoQ`R{7 zV1romRysjA)YGVT_F1O&hDD_f55>JG>VZ4OrPWJrlnqj{0SXlh>}r&{jH8w)P_(8e z;-6gvQ$~k-pa1H0j9QFs#eI;Z)FuI^x78h`Np3?EqL6E$!JnBr#X^Ic7P;tHY&`X( zj-gg{PE3S(?-+dA&5RE7ffZflvxoPO9W}R(ewv{74#F102XFu{{A5P5I7QO?6^-ew z3=2zOsTfo_he%u7*J4(AGSg4zD2IdHTMb3Z&G+`@VwR8njzrl}xY{a5tXT6v zOEoF4J=v=@``U@5O94Tg%XrM41zZAW;7>|Y0zA+QkVR2YfhEEWQC&X$coRVxYUcs$l9>@&vT7moDN-)gzA~8F36_)HEK- z5QctX(0du$j9n=GRc!H!93yuNfCVuq!pq3uuFVDp5l;833nvPTV5uR{u^ED01H;jR zPL+?KZ6S%If#DXJ6x^tdPUA zu(9}T?ex&6bi$sY-_@+=$d*rEF>>M!5WsSMX7xAA>x#sl4javofoMf$T+C?>W8O0F z6p32Az$po0uXXF{zH(g<3!h|(m-DG-($~X zq~KvyO&lb9*lS+@yxJ}cypotYqL0g}j59Ve!uuBkLw|auLjzM9t|yI2OS`V-NQ0++ z8SQhzPc*8J-zZ#XYhkQ3tLi$<6+S*IgM2>AK}!L_MryWIts7hw3nc>Ej*aN`Njh%s zvM+S>DJs2_^B!#mBuwydc$t5iXEV6t-2n)CdPK|UhwI1HEfaOfi;{4B2~vkx?^j~! za*JsC8vCmT|0~Tgr_66`MV7g6a#{-d`-sHnZx9is#tIsuA-k~+I}hEPSkW`8u4|i$ ziZplD$G{@jLH|&#?DzbpSHZh*1*k9Oo2ar$?%7gM?7KF8kQ+rJ^)|geD2?A{Bg8H|s)*Zjm;ft}C6+hOc!VBy-3Oo-=TIlDN*{~Q1! zqEyW63S_E(>ofZUW)^lPipblY0Ns$^B=pFrB+&dKu54BqXh2>RhTG?s0mj`j|5`su z90?33w7{+tr9DG2@M>YsiBF7ETD!c_=e&IDeS1n!#--4pUM>(cu0WPAL~uAj)^ zoDKzviXIN^V%+Y4F7m>2k23@I%Cc$+Ju;rE=<^dWk#vlV7EP%X={moNl-IlW1eGg< zJhFxNdFTj@Eet;x@~TmNX6k<{K2L3V4lANwU3yOO9VNB+i{`7iG72-e3Rn}110`}V8#Swn1w?NQf z2Q~(hJ(%sRC zCoR1zy+Ew996r?Q__12~Kzem%VoGcomfV(`)LXY|OH^ur8Z0TnVJkI+K6BmuxKqnF zzh}U^23>VoP^|&;hn4w?aIvtE?Voso!JrH{9E-)i6%rQ4&dxsHz~Qi)n;&9hW1Hf{ z=sZb)*ni!Z$Zpwiol3$$vk!inb0ry`P|Cp~ZtuHRO}@y;o=O~2D%wp&{FVyjC4 zz9}lj^7_^1YEGvA z^NGAQV8!NOCW&l$e0+CbC9r5p03fOK`|bOyHVaGBrGL^uW`^NJfOEYpe0A^+_Ma4! zU29*|GbhsXQ~nV*!ubh48B5z4TMnmC5vD^|nut65>-~dv3ko$B(a-1iHyn|9v^1ysl(uh$- zW(U};$Bna%5I}*C-LUt%nA-SzTRwZk|27BddLw*yr34Q82=Oj}-i~b>q8W2dSBKP3 z<_~4s58eh2X@2deJJ+RW)iC&ygYN50ZJZoUBNO>bZ+Z1t|X9 z$#3k#!mGa&FunOQXm{(TppWVF<^B(y+imw_#Gv%Brp^S{_Y`bt_5}#Aq8TY(Rzy;f z1R#_&#=E{QNw_uUQH$46p(Q-iayLCeLaT_F%-ENE+zv=Axq*FU_I#IbwrXA2!q5eW zlSW#CbB@e)?L&hao9w5B8T=-=1Cv z%w0*a)byN)3ky;C;@77vy_Yod+>Jr-{dFKiqNjq{fCF3I35+VdPYEEq3z}Ph`Ylc< zAbc!|e3~zLQRiJc0)jF6PnD9xv*-(z!z(c-!WCnNK5WEW9dMT8-KthjO9ue&`?7U) z_UnN>p`2S5_~u{4TU4t!d|xWeS4=?cDc2*7`q$KQGF~?BLM{g93$?}=e3g~u`xY`M z<<_q83tdh0`93hCYvmVhsw2{A>-Gvk*~;(-aCL8((bKO~hx70isz1HEBCMvA`gNjg z5ObXsW}Z8gnfByk!=p4m$Kt`zaFF#^ZbZ|qvwR;I`2tDU!NM!_d1~=4@`8#DH)!dn zs1tosS*epbB9=tallTgLj?2E~3urDrX;-O}4RS}Q*}o~h_cgaLD(rigRw8nVmg&ex z(7-mjIY}=x{m)n|czQdl8~R1I5a-C$nOPP-5*5HyipLOK4kA?a|U#=#Km?yn@unQN18gxx~_l6xLhmDd~p*`YKCFZ|GG#_Rs z94-^Qz_#AMp{O((sQZ^t27Q^Wf|;-uqApq+(w%$j6!AYa=;}{L;g2N@J<_5Xy)o>a zIyaVTgF>plW0*7M1>^Goe@KyCTNn62@NMYg2GRxc(7vw|T6zzrYR0g+1U&3^J zQf?P{{^@P&4lVwNV=^oB#ZMaV(N=b@Q!^{`Z zRq8>i1?r@N5zBOulsvA9{re|ALG>&%OdXdU(z0#hF3lUc0z{jS*y!lFeRZ07_! z4IrP~+R1sRo8tP19HZ$)PHe(LhpE3Xtr;`&Nj7y5m6g-r@LWu<^;&8vS$}3fA-gl* zbeSIHvSxn#uqB;%D@l*zj?i4p@Q=H(IQKcX1Sw7yM4{bti*(hBn_VI?#ae%sUvz~Q zkL6a_A{VMbsLKW0{TJd)y(7oajQBJkWe*T?V>#ILi2k@daCKM1Z4VdscvnW{G-ZI6 zdNqvhlzv&(tQ$hLjDtTA7v{~ws9dxxKL@fLx;E#O?o8WX@|ix)jjMTKIY$4U9yhlB zD?Qeg&v_hq*@NsouYJ_ni!#s+6$@h=$13%Er}HTr5LPFwgsZ0VhE-S-O1E!WPk&gL z^T_G5J3p}%adq+mEb@H!as&!6c93ge>B^S8GG94CgfVppG6 zR0@IgN|m(rvpNCwEj@?2Zi1qR+4TagD2*UO-n{28b8eJa-Mw0wd>O@`l-wAP@lQJd z>AOfLS|tV~$Z*}IhDM5)V-b1tYBqEy%)A{`HyM`BS{@Ho!AOsb{TOf^;&_~u{eBq# zE5++7K^Ow4$iV}71OT{HMRaWpLSO{LTr;nvtz^1~e9>+tcSHpej*hX%j}&Zr4!8DQ ziwKQr(A9Go7+n3`ca!aoV`}t3NnTTT;5RQ%rZw=(J$d1%@^;p!fxCHV>@d;*#-)xvRAJJh;0cm} z*3&bB!a`Afb`$g^2S8;KNZnz2vkgiAleJ8pNQNyHlQjuQ(1Odt`oL724|4=ky)F}Q zQ>^G-XfobKooI1Z>n?p_yH#qLsX#g&Ebi>=U?`N7jEs!st*v+=A)#eDJ%f{r3%k7B zvG>V0C`hlevT_>4@?>&(eo1|6ig8Udz>;7$abPlZ{D_0+(KlY*pe-mkZ@*Lev#(QF zI#{%L!|#S4{!1nIO_^BNjogD8(~QEy&`SsJ-#T;yv0sm3VVOC5arvJzS*ciSt&i|h z2oM(!?Q$RRLteX7SG~g~Q9B|IANg5ZKoU0ia3x~{G$IN*I#t9dSw-oUz*QmbvoZ|j zw=nE^V1g0t(`$Tyvl_CUcn+o1MMB>n0-*1M0cE65j9M~Hq9KAfysi|n2R3hpA9^8u ziL4!x4`^UYC0AotQ1TYr=Z0@Ivn45H7T;eV@zVqsr!Gd=7@$-y#t=X}G-7~-?G@v{ z%yoMu=P$LmC-jP}4!Zr}6#fg@0LA8>yU#EKXm1fj$GF{^$>vMISLcO)XhMIp#!86?S*s!k zuMInA|4!cU_`SPS5#e>0zEvkSj)O#kG>Qv54NaN6>V6A*P-_{8PwD{-Yxr}z7a zMZrz3Kvk57aA%~KfQ|y*)twGcho2Tv$y)fvF2^DS)iFDKUkr^R7-BMD&`QGzh;^M>@YJ^uuw)t?r5tm0Bt8 z&MNeeU1%~2oeOEKDNE=Pexi!JH@+K5TrWV)cHk$t*J}-LZ)BHH+r`ieG&va9juves z0qkOq#QI;HnZnLcDq@>=xoWqWxhgGM#cFng2}s%Bz)-Ti3xG*I*ik$l zVI>u=q{4NA#PmRh4a1=m29l5not}56(Q9r9 z0`h6KgTnAGiW9?Fp1oWUw5uvQ9Y^uwIU*$^Bf5P%F)WujP#pJ^FAc!wVno8Cq18Lj zRsk!F7il+nsh7TA6SW;3~ zK$FVI*@5K&Hix44@KW(btP0WSm*v6&uXL?OZTp-4D2J!JTsTC-x%~J!sM~5hQs8Zo zu!^o@{DGh&YFXfEYBYa@?n`|UC z?T5;S(B2bn48pR>{rrBRmQN|h`j2S_nBt+4D>byrq=`Dr(_-PKX&L8o=ya$G+=chH zc-#H2=V&{mnW!s%l<0+yHYv1|$2t~b}%)A=C@Tz(Dd(&L5 z%76GRKtIu%D3j7~Dlqnlu`%*gn5h!QdpKFx1(I_(;Xq=+hbRthZ`VUr{h9 zmrkWmOSG1XusVkU_zgkT>UOCfB4cH;k3YA@KMx8h^ejpds9%LYKttZH_$^I`X2j4t=2L!;)wPMvU>b+XIZGW5N1Teqb+EH%)MvH6<*yR6GS zJ2YL~p~Lj7jFjjIO)ja-o#sb@P$V@2{+wmpoXaR7K=9kg6i7ktO)^HFoDyIsKObvr z3l&?taJOg~|DnhQl6aw^XE)qlbM2UcrQ54j7=mxB9c)LJtVjf1suPVtCN=?*0RB8U zte_v`^Cs*Ante|9G*=}w3wM@oo`}FfWL!JXC}(376f`cCOnPA5B#Ducl3urMn{1wg z;899_SEnUBhE#RDJgW~pA zM~K;CGGIy_j=4E$$^BJLF+dV_6R%`GZuROEko$bUdvzM|mZf6>#Ak8xI_1OZ=7LBe zbDTEzYs}>_e%I?t_d~@;cFnm%&IQztSXy$-YhZEds|BO%D7=A2^Bp)8H$zpdh=8gY zYCw3#p%aws&@V=V08`F_IxX=>2IcVCH}K-+w(YDw{mUP=pXho=*0pd<<*oeQ=Et@u zNF;9?oJWiT1loKiAmxHAdDJbRq!{0_+d8aQrqNrgPd|E_eHQ^fVv8iYAkSDH$}8eyCXJtq!*s z0rN~i^YYk@YxLTZ0T~uQM}B$Ovc(tPDkY=tI2Nex#K`~lp!8bMeM6si#^nJtWO}Ng zMGtw>wR0V8hvy@YQp>ebT_tjcV9Pnv#8b?SFeMP~mAf;Ti zqm7w%{<@#E>pb%buxO#_wpts%$3U1I1~VvE!DTBToaZre%@OYOrU+?{ z$kKz2$$X5t!dU*Tws*uRYk!v?{Ct~3x5btbklx9E=G^DF>I4-Ns z1NwLu9^8hDO=`E%tYKFCsf64iWL7WEKmasAsy#8Vm8L@(?~&o`tZ8c&C2B{-OfH}4 zluTz+*XRYA(lv*Ei0#rl;u(8a0U}`4Q-b#ljYzo>01T!gB7|DqAkiCl5`~fxR`Bcr zyBL@HwO2vvp;?F-7^rL{GcB-YCprd8t~6KxPtJpj(RgZQRhjV;S7in|nTT4o4QF@| zQTEL{>y_$Du##}i?EfxjafoHUogeM|9=9pCB~}0~Sf(WaLaDb?`=h;#dZVGIAe|Ka z?Cy{v=8k}6faEMeY?sPRGn63IZ7j}_{e$i1=i?{gEB=r#j7@@DAxfSPGk|%_oWnhcQdoIZwD=4TuhUhTLRUK$vy2SJ=Nz zR+gjRx3%|QVR>fz?BD5(sS{r7_J91o9=!MNW#(!m0lb)rw1*GO&%3BRc6h?K+>1R1 znw68bN8F(t4FLvU`w*@e#hW?4qGxd-y!`~R81O?!%9v%$zIQi1b;fcfiXl+Ca!2l_ z;C@T49o8B-L(sdqV`JkgbN(0ktb9Ms{1oJFh(Xv2Bz*fPw5UG3EswmV8vIyC*nCUR z&||_S50gTN^cR@+>vvBZ%0FN_*&EwzfURa@(Bcq!pT8LE?7cP`^?pDUBuz5VG=qdW zNQ*`mtgF6#)3uen1ad3Yk*{mU)Aza1XO}N7?;a5^VV#m6a*Yj_?i;TNXE5El=8+8^ zj>d6U)Z$xX7lCh8*9FAfxR{o#b=RKq%(9hC!M$R06R!tqr|(+ZNnHlZ8(b~E*y3V0 z-Ro4TmIy`tV&mb;5>ZJLefWJg0h(4ttxp8?F@;7UsOY15PM5ot3=vEIF7;+EDnBE- z$<_`Le{0`MV!6hqH6mY7^~3z!);p!lz4gt9Wws-Sv+%t6+({`ZXYFPRp8`w~K~3?Q zo!b7pQ{RkC7_;APnabo;%K(XbOaJIGYdgGd!j&$(%@#HIGokF?NDL+DxsW`d@67h? zBRNU!((8)iSzl|HuQYSsrYVov=cK;jQ`tzrpq%qjH8@?De~G1=GTV!O7>=(bbF=PAzo&-++=8dzvSp^B`HK*m_oiN zyj7!pb|v8)=(Qwq9`o3;8B|ORaH(X2?7`k9Fl9qbD+4qQ`>?yuK zS7b!+`4pxLzLI?B&kUPmEM)|ovz2OjShNj(O}R?hl|q}dyu z(I-z9S~>7tm@79=o z_SeC|<+%>63eTw%pE_|4`h~*bVHD8#9yI~81VZl5EEb-deqmvIcq-Kx2n24E$@*Me zT>elfFe)m_-`{^B!nnS%F?($69!`cuF60COE|{vu3C=k%AvW)kw|I2_E66JI2Az<9 zqx!&W&}3pO`zQK;!MnP8)C#5AxNYLN(M~%Gz<@gJYEa` zHdNMxb@M<2OP7#q?EU?y!boO|6md>D#pt}Ywze52k%hf#%*J?qI+__q)ctGz4kNY& zLlc6ci`k3eBHR(0}ErYCffT@(rq0)y_Ev znNVD6{Q2+G@7*mMl;|SC*2x$t;elNup%uCnq8;hJMEJg6S|@m`FjQPOsyhcgU!%V; zfeV%W3;l7kG@o}@V=zo26zn-_geA$=itAkMJAW)x!U?fOZ57J7x^3krVu35);ZLer zmm9z{^K!Sui)*jAKwG*=VhkUqV=+5Un5bkQ~SF{V&!1L1`nh0ir-$@5a`gAXM?e+ zWkIa?WEo9UMAq70NG7>qf8{CUZBeeKps@Wf00xhW5VwYX#=A{GCcCjFmN= ztD)W}^hmW2C-JJmfUW#djaBV-vUfpmP9FP@s7KVtBf0 z(og7TsMo?qnOFZ?*Uf9pG*|NiVd*u~awxybmb{Mg3C%vu8lreG1lOGCglIwJK4{U| zL=WNqVzZ0dI26Ui5%PFF=_is3flFRDukD8)oXB!f)sOhUw%)~UFKfgzWA?_1AhypW zVbD)P?}hk@K5S5{v;wkt+NS(a-^n*~*f7XN{{U}ennlv(^tNP7$sA=%c?ne6bd67{ z^@QrcgmnnPCEiBUfD$*KsmCP?td~IdDPumS9MBg0+=*{l3(?bU$wYh026(~EeQ=0uk$x#1Ao@RJ`DLIT^% zG9Cg0Pj5^uvf6%w9vk4YtQSIOG0VLQ>W@a}SpK9HoxMI(D8gTi>;bqzv~i zT(@niY=5;*UNm82)~!zqKMI{4T_}ikb?p$|{x zhnt{eq?s)%1*H%C8sNOZWGGl=|DB=8?*Wz5hI=~{n$U_nju>4b7M9KW-~ZDcA%cQ} zA;OkS4&9ZBxbL~kTFH3$KhZ$TKL3;|O z)8$Hx8`gKv5A{|=r^fl-A||Ca_NRXz`Q`?Hv{V@k_*o3v9Pg>q2|V&QJ7GsR4k5ha zMV)9`V{#T%^Z9&u`gqi!C&;W?t4i+6{ObJbBR-`fN6KlKGlcRqz$Dx(*~xP?&i*wx zyL7~SV#nk~fZ6uw#Cw6XTk!E}sj*F^B*BkLe_gnz#l$EyY?K^6)xfO+>Ge2qOZwr5 z4c%Ap!r{_^;hrd5;^GMhVtegS~oo z(}CU|!8zcvIgE*%KRDK%Py!R4h{xa843-P0jguF18)jX;?aTZlE!sKMEUp^?55|MR9napTn=9I_|rq2M74b&W6v7O$Q7iaXT7Vp@mqf3_nfH)wq*RGw}AL(h7 zJ}=;upU=%;lZi+%kfXF4)Ou}V1(L_s)v!|Qt~FM@clIeUkeNE@9uca1Mgc2p(qV-~En};m zJPvREdN=zl8s6H@^&)w73DZ?#9Ah!D15_N^GG7G`WKMrUoFz55Pe9KJ1ra+fpq><$ zkYR8aG#--;7p6z|^6=TK!P)kUi5XE{lwK{rGV44qIV$JWm+E*`CN%tEq%p&BnN)!* zSw>Vpl*vVRO%|O>(s8=7T=JgSPT&grko?E8J4PRY8V6gA*Yp~9$~|ZiOWfY1Sduh~83+%Xq06*Q zPkuq|D8^4|Ep)mvar$QENLe`c&is1WkkKF*8t4DRegmw#pF(|l$>n2W%QU3<%S0^# zhf51H{&dl-DUMaVmQ9Ml$EqJS3eUt2RhoT z%fOZqrvwd-^BKJO*Sddg@*~yZzA&3QhnJ2*?Xr%1R(Kx1GKtGb3jI=dfyw0>(wvrb zKL+e2sdfvFJibsEI+{~Dx;SZ@r2ckZPKBB3{XBeDTt5qQwCK+>Du6e|hL;>hbHj^PW!;{iT*;U^%TBt&3( zL8Dy1Yh^OrxXYd`gRB?A+*O#*(;b$-#2q1r zTlsh8kkWcr!uGw~%s!(^6%AgK{^L@?H**9o@SuXPoRafll9v{v2jnGIEA!4A{Y1R^ z9mgp!5xXUMwO!eIzj8!+a=g?OH&%v6A*Ta}0bkbMYDGQ`sGNCTdwkl{*j$ zsta9&pXGt^0eil?kFrl+7^}Lu4z>RVLG3C9(w$b71kvSqVF`HCs%^GCR^+EZVj+Kr zj@|`NCQUbG7#M0*P%gwN;c}tea;a<-!Xz*GrkUhrJd(K-UYp%lm1vIMSEDy%t|L>Mc7(_@Fek@PeOG}uU5wQMucTS{2CYNWI&TLJs zUJFbg6UEzMqUI0wq~PL(0VX5`hfT2#_s-?B;LHPO-~+SBPyR+`J>+Z14YEvrXvn>< z6~4Rw_?PMT*Mt8+6242^I@s*@_YPp(EpPYbn;8T0-BjP38YK7AnolW68%oo)<~s;% zJa^5u&sNC*G^FL8^e-$MGdWRt}eXV&@ZjD_59YL22LI zTvqu0euu&~Sg&3g2)terhj#xKfy&DzG_Rr=dA`BLgcB??mE`jx4z$2cXN?%psEiD( z3Mszh8G!ttwn?lOZVZGAKWj`=*_2HI6`c;47|a!y>J9@#F5ZCw>dcADdMm9kPps45 zahf6;vG6^rjA03())71+?jMn&HIqye#nOf8Yf#ci6PrPP%=>xjUo6*$qcR-No0i#q zL1Zf7cs;`{0pj%Q_lmWxP6HIR;?UFYj7fJw4?AhRYU11w9MqenPHRu>q_~CTA%%N+ zjrdC5F=Eg(#NpaLT&6Ktd9J1F*ZzvtO#W zyP(q*R27~j5|T%A+TGh)AIIm1!kj1u!A$p(t*hJ!X0N%QhRP^Iu*9$`s@`gT7u^R; zwo6~0lXOm$xa2ULyI+}qsM)ICupkpt5^n#g23J8>rv!-!1Gw->6`;S1^$_}}p0Ylw zUN3NhK9;PM@^i~6kEVp_&86P^7Mn;A3Fe%wC+WVInj-CQ_P8u9u?M2_4N!OmrTC?w z8VJ;@^ylm3!z{)h3+wWV`=9}rmq}Ta91e$#o?g`k(Ver7q66>lQ1Fz$jHOc)D;_VQ-VHIwFGta zb`^m?GW228iJbkGxiVdft3%Nt0UDVW0l!qdz3q@@ZUL?v!P{g!*UoM)r?t!v=d>wi zY27rBT0&`5&5nL3cG}e!>{AFe-h-7XJ^H|`GEf^~&`?^<5YU#e%29N_Q%V700o&`@ z%WP XyMAyishZi0K6;7@UhQ>gPR4H$KJ3t1pWkMx zzfuydvy5yUSw-l=Q03R*o|F+~NFFU{mtLNTMbr6-5->$Y&E-0*6h~r{;7B}N`#33n};Tt8VTGiQkOsaF{jvq{F6 zcUCqTQO--sSp5_a{GHD3wgg+Hq|`u@F`#+!1rpksA<&8ThisCn-xOGMp_6;4@z*&a z33*(pJu=cx8tkf=FS5XXTwD)@yr2PKGURW#m~w(H@*(=OyCZW`AMQCJ4D$mU)IXz2 zzPTXAmlj>TsH<-ui=jjr?PTmCUhWQ_M^SC<9yY8cy=T1hes2s1kUWQUE0@$@eB2urYu<-U%nunjz)qMGHX!iV7@UwSt$e67c}WH`sG{w)25 z$|49EubW(`U{jH=bZ&5q$a5j@{38CqhI&^6W;$1H`bvGtW)HWSRo^!dpK~0p`6k*l z(-L^>g6oSf%yPJ52mxk0y^ai^JLt9PDrdk8_eh*Q;N%9z(WSUmjii;qt-nrR*bIge zJh<+Mo>s9q%YO{0hE!f&;P-zcd_E+6;bwmx*R_k8SmrOcgIWf;pN4(in+Vy8Cw zf72Cie7u;CqYN-@g#0g`9bS$&o{48%al_o)f`OIvnp zv;aKPRi+Nen5MiU?HJ-W^QxwaEW_~K$EG#Ztwhu2Sm#Dn{U*mBulbeoPGAWY7=RHa zZ6&A)vTMBO($MpAtiMvf3(gE;!Kq0NT0fReSpD55f}|MR_<#wB4SmOuSiLozwnY^f zLmo><&kF%o>A>qyx1}ge?W@T9Lv3#Oy=0fL(f;|zr-n|Uk>edX6zUv{tN?c2cYFwm zblU3`0jD?IePHZH7Yg zqR_8Y+ICG@{+>)o%dU+w*JGycFpxn06tbY)7BIbOHS(#Dy1(60a*3pu5*v4np)VY6 zTdTE0O3$A-G6K6h+KG1QhS&DyYTaxJbgZFH^bf4m8quoW+Vgz+p6n(2mRjz!n!ma; zFbpW9=KB;f)Q@wg(62g{qLDR(ff{H?FBn~iic8snT2Lemo5I61aCySJF?J`Hc!O3v z-`?s0Fv1Y5Q&p`va6Ln9ayDlNIa2o}&-se6tv`*GB^dm_+tm^j6eO>vwn{rn&29-Q zn`^W*SyPoGd*@XPok4&qmOk_Qc5mt`tKL^-dC#@P%kq77b3VT}!i4wxk&X$Wfu)A$ z?N@ZX8a{kye&E1-E9EH5W&?AV$NOJUPLq7i%pJ89i@(JTS03-*ROA_!ffENxhQ*O7 zW%k7j%d@|jA4hQT=-)nBkWhbLUp(n1 zW@Dpg@9%vmETg}BdY+v4kAllZ{(reF|Jj}&r)W^TO0tIenHO{WO*Obq zaoyKcdk6v@m_X{;F(72wMQTpN_X8%;*+efEr5*X-qq>v#RNF`q?rd1S!#Dv@5TXrHTgyE!;}+u< zTx_N=wWs_l;_4F8Qd?}QAb`o33V2_Z)%-!2BRS%neO0?`;7i{b`cCv&pDC0|V_YG) z?xYq~yi}+X&NO*@dn#WrFXMO$!}!-5+i^nGM6z<2Zr?}ydTHrTQ8g;pdqR45)#=%z zsJc4w21R$YY~%BdWDuz22f~_KJX~NH+n(hgt>_a5gic@T-N93xsK^ zuQ~&zm;aEyNKaU6BjaAL3uPWEKnWb%%836s)yRWJ`q|81s$vqu+g)E?mC=e`l*?Hi zW*>Bs&mVWf+%g@c)@*P|)voUPuKD{n#))jOjWAPkJhz@vD(veAbLh5X@h>2B>)mxp z!MgF)?!2Gz7*;AzcrGD=g8mc;j4|D)QYLO7?=OFBAEb_)r?{eoKK#A=giK{xLF89v zx?0Hnj?wIoLt)(dwuQEpp0aJsZ^!Bn&MgtJ!)^z@g?n5$R#5SJb!~@;+(TG0_ngtn zuEe=w2 zbUm8bq|YUF=1AH3d>6k1gZbnxxz->lHgf3sU3m;xp9%sQhvtOPX5ECj#D#Iw#ohQ| z_BdVw4_e-yn4V)f|o3l;p=9YY%Bjs#5b><_xXK!9eAES9CLjDBi|9ikNi& zBGZ@NBni3oSwnbhttI49d$jwK&4YN%Xl9S?%c@$T$HR@H?$K}*p9T5gRgV_Dv(JkDmn1@!%ntlrC%8s zwtPtUv6s$~O_0}&2=)PWzOJtfDs@G&4g-1mfqtq?AEt!|Q0InuAC16|l4g%y22PvVz(Q75`I={!<7XEx|%6W66MPS}~{ zb$Be)Lf6y3BtE!84=kH?evU}be*mB%7E$Rl3d+VJQlPOwPU_LY?TzRoY_2JF6k+1{_CKRVEcpS*hLM(hm zry0Z>|GYConlt`PPcNrGG98qCRh=by{{H;rmp)(?GUFS|m$u)i_`m%1X3*&vfhbVQ zx?$w+0Sm@NK_^u~ppna@vAZgt9E!p$7o#3MGd8JS9I|%R{c@J5`#JHN)uY=5W-!xY zudl3S3%ibU{kX%cVtNU_Ff9ZrGd_XXi%?3NuC;)RA1^~Ok~Eg8pTf*SJA!FF42xIx z<64#G-+R54SPb$eyXbFN>Z0Ca(TB0o+h}|CX%&Zx3??u@_bMDOAGxLY)Zx9hC8dVz zMvs!}4_s&NZUk&`gKm9AJZrUhts7I?N^P^hk~l(mmi#hX$Xc!xGkgCgk`B%6(aC_I zzhunWUDwwROGxi26blXgWgA$tQ|R^kO^ZaFv1;k)hQcfT9M`=YShM)4=Y{HeY%Y3d z-}~gt$Mbsk?renD+en1EpTBHm;8Jc`QPy=;#)oQDO_$WlemDrW;29~w>xLw%W!ADc zuj}R$1d@`^;gZtn=QZ!uXf1BeSW6C~nsu6rmLVk_W$!LwNp?}$Hq-lSg8QvB`yguu zlkEu4p%Eon8x~nn);@8{sYqr1TNX@Lp~s8Sj^}3=e;(CX+CcR5212Gp5CgllSxD*0 zj_k z#y=z+NCF^`&yYQbE<^p@Ma{N+qBO{kWn6xNFkm8IP`h}B!Rdu_yWrEIukuY8owar@ zt~Jd?#!^af1M1GbuI-*xAHt?JwTIF*h7P^E!ES~jVIv_hrUsS+^u>RSvbAtji|CUo<|p(q|phml9Y(Pd;C}%MF~YR)L2)D-_`hod=LE9P*E=CB+DOS3#gB zuj6=u|IJae?qmUhf=-@@VckE5(++nMPuSLZjDVVMB-Ob$Zf}fmad;I7)x#%B{7YHL zs2#FDE2<{QO0^=$9Eu_okH+0^ z-+oh-Vy8gf->as-^F?O0A(Q&17k)#u#{wRrR)bl+yCd$#4KcSn81t<{;0ZA>XwO{y zLTlqj2&^YkbwZblNCiy^=852Est!^yB>nN%@f8Vy7{t*R{xOWN`MI+~tr}1SC@5O$ zbPQhLh+}YV##ApNdkH(0N_EeHZlm1{mLx1Mj5*=8UHhK5mYtXE#h9k)l7IfDoQ&=a zkQ)==?pMDzd(%!0(~E*Srq% z_sVnB1GQvBTj)g95x)bntHaNb9q5=j#7cN~0Za(nXmG5t5A`#qWivltV6JTg3Ifd^ zI^f_o{&5J*}eO_Vn4%C_m#}cmO^87Bp%znD~*j5v&^Y%5&vm`+tck_ zj0?16F7Hx2JQW9KpOSFQZ^#2Z+|kfnX?{pFPAqWJOms_Ln+kR~-&ukBUO^QhT_G11 zSIsQtk`{>3koASzJ6AMmE8k^?$luF;sI}KEXaDvbqDUbFw>CDkEW~~>KXF8) zTVk3^P%CP~E{m&@HB(yH9sg^IeoO6wRH_1_wKnO|^kw$*~^gSf)1lhL5op@8O`^*y>8(6~C!IN99=lux!Yz z`Q>Nj6?_LVzT-?E>U_+O2fLrPo_0>sw;@I&rw=15)sR6Y&nOcbP0_QB`1hIct^MjW zueH?%68kL_W&VyNGM}(DQsp)PoPN%;_Ee>`E3t|&Zzp1 z7PMt3{sp3z=`;eJX4pu;_T*C5G;h+^FTxL&+cVVXihK6NPhRL2JX#>)yNU9MD99F^ z9`0iU^?YZW=Raj1;zarUYO#bq)#y>)_|E2L6)iCHs@JX2twf6F1@uRj$(_dxm+Tb& z(Wl72KGypGsLAJ;vNdv?43!aVe3ectMxq~Q-umgrycFMFA!q~*W=)hTW_Tnu(A$cq z5O6oW+sc;Zr&`>fmZ?2DnSYQtWjq3Ya1A9C^ZT~n3R|DWQqbCY<0^gk#b0FTY3u@K zMW}zwq!1o+QUGyqXjCiA3@Nz!JNFgdf>D$Gsljyzu*{*|5nCrjO&1(^on((cgFP=`kC{gDekc`@BADK5!)s z#dqGal?@~*b~bLCfR$YE;ebGgS4#%j4jbeKlT-28?W3X6?3 z1ics>!$BsG~GTo@`%UUkge%yCv=OxU+S zUitN1yJ}nnoug4zwWfnFUdW% z#fz7)N|GTXZBm_T;E=bX2J7PRJ8=pK3}L%o{OPpnXYqFfgWnGpz}~Zff*MkSl<_ji zBOx{KORtW@i~F)O2l?^CR+9vhr)Z!!qev*^Mh&$?YAI)+PH85ERZDoTkmDT0N+QO` zwc>E)5-|FL_NuF);{38q4GYc+4 zmJcd+c5d7p@z5bh_o^Ja%(wMcyXHwXZQ?4qpnsRE_^nO|-0DRH-3pT+ooG;7397Re zHhr-W;IsjIS8jojrH;l;(my^6)W7A<*nXd_jw#={(#CL+dIEoVlm3l_hbQ-+E|O{v zJn#kb439~c7W?c4ODfSqFWbh&PjY(isuzQAiB>%jGv-_AwX1sNb=pTz97KR~FW(+< zj_7(gy>l^zUN4~ZJ1srjR_r(*r2fQkA)io_eA+@8$&PzVvA=D!mR6ti5*rXEzet3R zCxYWwIN~3RLAFNPH&y5kwzjOCPM~lZ3>W+>F)H3Oy@$Sxb_d7 z>Lt-bRPma?D}(odeGR@yx$&bwB^1erzd5t0c`MgID1QzgE4#BH)*EYG-o>H-43UbYK@f^^SFm;meqw26Ag=MKDrHX?!qftO1sSQLPl2f_#Tzni1R21p*DTVaR( zg~|wD-~hg>rFLtd1tq-uKm5f3tpi)Z7>K)n;~ag5P?AeGGgET+qiQfFv%336lE_$c zg@>O6f^lsvLJ% z&1b)6rc~%oU3$nZ+_tY?Z1tCBtUKMil|0Ibo>^YeL?M`0*II|ET-~`?>eE0;I^J#r z?488*OW`mGG&3i|(qL;GnwiEqq02M2ymaUN8tdW`2j6||_vDsrNE&Z7b8YQ@+4~HX z5+HHZfj8>XMUa8nDs%L#S~9|jxxfap+bI9!GS~#CmB+uFar&ZxP z{aRGrZT(AqnTGFOm!b7*s0Oh3z?Oc#O4yV)Ci#cCN$ujD(yvv?>R}Gig+MUsT zxNPJ$#}<9Hk6zc7?NhT6UHH}Qu_-m7mas(kUM!!d$gF)LJ>NF+UE6M;D|yQYyQ-*v zr$E(5ZW}O9mkK4;!M7te`E5k^(KD6r*fV8?xrDYg z=>ely=N5Z909Hgwv=bsR%_9iWOomr|qH6FN@mJQZ(Un90u!9WHS4M;U$?Ho2*a?f&=d=FWUN5`enHU3;0& zt-}L(D`ioAkU&LeSamu=tBQuaS+$&>$BdIEriSm`Y#mWCB)cFT1b8yMCM!xhpq(El=Rl`kitd)82 z`c#MOc;j57r;A<>FIPGt!gvi>aaPU@5!~mvIB2@Tqc{S|Tii7K9GBeELtNC)RH_`l z-YmO&#^+^w&JEnqJWfM4tzTM(06*86f|9PI_f>n55YSA`ABXE{TQd_z)T(GVa8H^l z`etcy;0=~UTXFPA#_Tj-ENL6)19>5)k=OW)TT%!f<5h*8{F67DcpQi!?!Ggm$EM7} zE5C6i`xA1e*dglHbr{dYj&skKK=2C^Ict-E4&dE)X(d~*(K451i$3>EoU&bw$szT{hIC4cFoOcC61FnUbuzH zgn!FjgNCrD@Mn+uO!2Tl%F|Jd8xW1Prh#2Qd^{5szBqsnbzvV_V}>=)Pkyxji8jF( zTG3AvqlL=#xA;>!p6!*a3Z=W3Ro72@Q!&4$&#sZ8ma~nWd$*FD{|pMDQxr1%J;Enx z3pmv1ZWi47i%7G9oLka~>2YsN#W|1Y$UnvhwrP{r#X0Mpt@R+!Qc2RK>(%#zOFx)p zosej7wKoY#dR$VKa7$Yxq$MP>8tLJpH#KtTW@`b$aJ&rnnvuHnLOr&6LE>5E&d1Om zRkLcu&YQXUW>GzkgMn4{_jR-0j_wa-0wHHsWb_4}`EqTuZ`o$mj*HVN>v?JNki>w- zp|l{0^Ydw@*k#T04=dx~_h0urLv08TQ{K$)#M@4wZC$$FOy`|BtjR+}FSd`}Ncw!K z^y7Msn4Z!v@WnLoA3ANsLUHyY@Cmh;BfdCevZ-MpqmJj;RY*?4J{L45!XBc&y z!qLZvgYb4$67f%@Q)(L;q_^I1@ci~~dp#RFv&|?>u8E-aD)Y7HE_YmG#Z-r z`7jGQ&Cu%fk8(`{K;czu`{%EkstQm(wRP`auSw{vMF8D>kN2o{LR1R9!$H4gjsgFq z@3zdXV`A`VWVgGt%ZKXoNnhFB+Z#c9Tmk`s$}>u(p(x4YUQ4q2EtW;6&{Yd%6p zi)@4kIxeitZHEh~?@5pCFx;>*)K7N-a5a-?DHHoo5_rGzv zo;uoj>?*T!ZTUSJ5cI!vXaof7YJ~j9Gdj1FN!eif3V5$fN4w3r81}7CTRSd2a`BTY zdWrT4(X87uT%Vrq(dV?g*~ZuBDg=Dk)IE#xa=olh;3~gdiwf8~=@e`F+-r9t>0`0@ z1{f%UkN|;8{+y@;@aeyw`royl?ANDRTIRnY1Hf>7^k54l&kpLJ<5L9HT0p(Vw^dqt zPN9V^f^gBdv2(;wrGPiutdKevgLiak(d-|_IB;i3z^j(^oDBi3I{l(NEP1WGFb zVjW1efY+w8W6)WCflA&ObgH#^fG<≀|t*jWloz)PY3hmKNN{p&Mr*4a@hR56feg z5HIO~00VmRbU{>t|0Wd5X>IDzIbBQE4z&#m=JdE|>?6AhNH09>8(lbuHKS`T_eg>G z85x?uQhZV?cSyfi<)-du-qAY8@*v}spv z#PBYIcHyIgI=`h_S*x{1<8AK-C5QVPqbR;4npsWDXiT@~#bcJ7G*2((VFX z&I)NlDhW`Ltg1@s1%0KZtmCEnHk;IGYE&nEVNAh7Md@{>p*O_8rkFYms$ef*jo|(o{gl+ls#HVXOy>yM|B&YZ`+kkX5WN5 zj*E)QZ`TpLeQYa-dTou`iF+^R!XM8`&DJtN!hv9Eu?F@Fd?GdM@ z8s0i!%YxEv7FZgRi~(_Cy&iVp9(b%w6MqxEXo9)9qNj#Jn?)qrojR;#Y1&aFDpzX$V!iKfexVBg%ccJ}pzS|x9CG);zuA}B9^OLBX5#5bcg;}@ zG?T~xE|#SJFTnS|G$-{%9#MlXEAzHD1LT}KfDY))pO)soY+gE=u!{8wkh;Rks+tA5 zt?%FchTX!DZq@$c2tu4;+2g1H%2tP%7N0TyCbOng@7X@&7QEj;9A9M@=S$|8hTSRX zZ$?ckwCL{Ogc?+)2n-pS%*a`wXEJA-7y3rByled<@s*r43`<>LHz^48u>&B>hdkuu zZL>;;pNGNp_vOyH-&$GIsvYslUa5b3a_xE#cIKDL0g>{%SAEHx%a2eBa4%%gBUZHe zKMtDLO`u5=0tT3K`zNr=6)a{tx2&q6Bh27Z!_bkPWvz()Nu$tnS7}#&;!dEa0+Xsu8?d`(RZ4 zP0p8TY^nz(Bi9bB*3~KbdZw9ea6T8e0btVOcnkt$%KeZJ(w&(kJ_%85HSsg)92t2< zTY2Y+P>dxs7qB`oH?=NgL9Kt$O$!@}7fztt9HyBgGT~Dfv@=Ih)r6&A2dM*~VXg;D z5>b3U2sS<&6^ED!Bk8#ebbxjpu1e>A6#GwfW_%Q7R(j9N*e7YB5Ibr>)JvK5Q5~2u z(|)~k@lLS2ta85CIbiRE1_iV^gcxIPx2M6q>-qY%UYK;E1fu%c9p%NOZ|8j4zDb48 zvzPxn`1buf_{x1K545F)Nt$0LlwL_(E~XLTp7g{~2ldamW}#$*a$qnB^~v~{#$lTa zMN8~q{9E(9adl0y;3nh^3V(CIi6XF%M}X@OrE*r7xzBJ!ntsiYJUYvb3fSvwxNq|>U47G&zTX+_zWt=-s?OfIW4@jjfR=fZ z1|p;XPO{200^l@lj#G~}1qq!VKkN3B8iN`Gb`?$8+6pr@fF=}hmTkURW}O}OdANVz zXFPbuolFccTF&J=qpY~nrQ^XpfigX-9i^MOtCce5~Pp{#)u{@cP zz_|AS*jKZPqNEWEP4LFcqhncAtsQ{<^y^UeufVBPl0&ahD=UQVv*eD5#^?1f|s zx?2FMj>sml_l$Fv_DP@TT&zKB8nEBoH$0Hx6KBq;4kz9ywBkGM=fzN?(8GMUmm}%V z9Uiw2(tS7Rcjosfci0Ex<^ng)0N4I_A_g7*HylU@Umo1b%?ChYTPaY0>iL7aG6UDY z-s76zY6W16{U2<3S)Je7>?`V5by-(7c-#1g$%dy|W9(jbhwLZcIjXbMu|a4(I?(+* z=Eus?>eZfy*lI`wdu1AnOXOG7ecPajiNZ<>l($A&q1mLpczZ+0W>7Kfvidl~lm|c+ zi}}w%mQpWM-wmS**fxRD%^ijU3$=DU{hg zXM1Y{am?Bj7sX*W)Y%)^Fa4|MFWXhNId}{$U@F-y|F4QSj;*_IH=@-z6O?64=Ll0?mCQocz{O%n@@snl*Ah$$^2L(Jnd1HQnlkl(>t)+Wq zaD}TaF3b|Mr>pzy@Q*I-gqcu-B{x81Z4@+SBXqwV(N@0_Vs`wWb71<@j8 z0oe7Xu`A$>4x3Xo{hZmI+Amcf@T;6il_Oo8a7I9@kU*al6#Z%+N}Py~*ex5>cT;6& z-kaWySx%0UOLyiQR($#Z}xr~aMQjL);RZgU@$V&Af-m?1-fCJ zAk#eHwy)C+#VYSs%x?!r77&e#+8Iba8Z7C-7&>eZFWc!~x`$CqYATY=Tac@nve*y@ zvKWyPQVQA2*{>u`YydEvKFqTB`QnStrNDxErgfyH)_4b9Um7o%3ZEF#+ZtASdOxJ$ z_I39m`>YEwp6#-)KA|(FX&>9@(G3c6Tf@=KBu5Z}4uFQ)x}~G=ROeBjo=qW(RJE*I zLq%_i>*{M&24kqBEk}nl(Y}8@-~)S6cGx~VIm1+t_PaxVWCE0F_w`;0BGaJZl{WZp=C-ZQma9MUE&k9I-4Il_hGleP=@ad&_ zfcOwUSm(19HwPeD_Wp>G`rC`TTqr#kzrncZJ@>PLYt+Am$*~qwG+WwVVCh4Cp$xB4 z*xh@v3{8d}>y~9rHlgcZ1rnGk*cMd zZDF0dpd}kkG=k}(x^`Pv5$qCVH*EHB4Xlnk1l_RrZj@rRqpg5_%GsNnqI<1q>-Faa zn9D1j>FdL^jP}ejrKno=ln&~2Oo03v)SJQYS?X&v+c9xzb-IWYsq=Bhh`>0(mgpCz)Rc!@@k4KYxUBM z>=9HWB8O#T+#)5aW%LkCZ_dTooj{Wr2*cWhJ5Rv=a%7kaR{^5pEu}9WO#cf*l(Md` zgXf)+lv=Xk;nEw<+8upmFB%xbfJLiEKw8YnLZnnsugRWs7Lq z2Yd0XPorluEWv^>oAqWm|LS_zP^4Q*>!|(?n^wzIX2UogX#V({w-bN^QJ$S;&(6BC z+mKJ?rolYUDD}zblhGD6WiPKF375c+jjIHcBAXq%+T+%wcWA%fU=8gEU*iPH9tkEN zTj({5bUb}GUwmkw?IAdB#S>mTM+V+A$o)hNLT2%@Xxi*K@>I~^aQx`P=EX=93E`Ee zdM>OT|NR&EVA?YB+FchH?`F=b8mxFIp;l^&5#W+z)>Y=9-vfocUaQIAPK`I|JLs}v z9=e|idoqjw_M$IPi#ryIckAY#-CTX=ncgb0*<)w~_p}*YIVj4PnMM~mp?mMfLxl3M z#z}9EUpQ4hwzR%$JfA2vJxN~O1%YVwz7`VMlxO+g#FJr$%@Xn-vSCG?qw1HQfH4-` zLN@{o3lr728kiY`>ZM^a|Hor{nmT~OA(3_0@<3KsB!Ua83<8ZG>eP-oodIIC3$ z{{vTeCX#aI_|#6GC@I<+SYf-IhdP;Vl#CUD?a#Z10=b&Vg4^Uu`&;L$A%nKtTf%{s zfTyyEm50P-4q;Q1Pv~;|-Q|Vvw8>2)ZlmvM=+k;-hKwAxH#_vFP@I8ED@(=zR!K(0 z@!o77bZ$hxhsn1j&o^%ih!PJf|1H7%JTOk!rwi_lhU)^?Mz!>B3L{C;>=-Q^>T+S8u1bA>?93wGx3rDKhQ0$fv7QG=Y$*CYucx`^pn zPa;otZRb9RkQ)>>&>x|ldBHp&E^%9^Y*tO9ux0cU01KAq@5Nz{HNu7N8OBZ+;l1be zndy%t`uJbYs?dOGh6f2&W$mY}Qod*hS6H)G|D9Ci{JkPoL`oN9HQlf;(llf5+x-b! zx8kbz5t`y`PQP5*(T-?T+$zAMV-QJ77C!vWf$?-V;WmH3{vUCZ{6XgJMSr66NBUgs zx!@yynQu|XdE@>^nWPSXyPqvOd4ppZ&f1!crTWLQ%fDM0T55eeI6xK}*unl#NWGse z4gz&*+9@hCMv84;{q+A3Dh67H4Twj%?sUH*g7fB*#_0 z&3~ULylsmgUv-_Oc}yT#R$T(Gu+mxk|JIC(S`kSLTJC~C%kp8rWii6szcQ!MFtn^F zE>__+S5)n1+dNw?GU(iwkS8fiZ>riD^z5?*Kx9t53|O8)0c`V~d{6|{lQ*UrheM!xG9x=RZN0`# zM&Ml9gtG^)6rn@9TNFuPO0QqPJB5o)BQoHlJcs`3t}mWycBQg2d0?p2JE7 zvbr6Wwe)SYEc?uaTYCdsMT9@Z^y2yt^$(Zy-`D3HaW^b%czr#lmYg8y@ims`INng7 zk|qj?9R9JC>OtvFs5gcQ0aXhUeBbC9;=(?RyiUqqcFtK~<<3&*nM3dEtRqNUGgaYE4hX$Y1!wYNhLvvBmZbpr7%Jem(5Hm(5iaKaDHx zpU&ZHxD1Z!iZl9Ubn-QvtXfy7v^c6hq@TpPTsV5RmniAGuSPYW1?mWRy#F1`_|IFD z|L3moKXOv8@h!OPo`#FQPjfafbXC<~0#1tmszW=|M-j|^Y`GyB9x33H?(R(%+c$oP z9PfXpw#ceA_GY`2Nw)B3e?;&Q>b~>^`?^^gtbI8g7NlE2T)-q-MGW&71AzfS3l(4V zzP>y54pzQ=>5oJHZ#MU(Cx2A1nZVe;05R{saKC}!q5!iRsQ$D*@IyjEfSNuP+7$zH zUh7<56Wa6ezoKMjHVtE*^Ti;ca)7Dbwl9FwPw)S5>mW-5s+Kfzj2-gyLH*~2p}IGv z_*L3}w5s<@5dM!UuKQr@Ki9;`ABRTK0qWfrfC33B!E|dsk#lWEo$ah1jA?P+NapT6 z&cU~+c@1xy16%ME=X8ljS6%KJQ>^D?w(ni68Zg<;9&N@f)wLL&0We?|cQHvso&j`{ z@2X+raS1t-qA3ia24!QXJ)ltKrud@25b&6RYGE$vXFsi~L@eT;j_Cg*?nv&{z3@l= zl?eD`SyR~&S~CAGfjiOnOMUm~BKn;|Qa{Y!M^ffobufAl?rj$$u@A0owLTqQK;y}F zn_ek;87satnD%CEsDJ#Ni8ru`bjwNUia?+HC(XCvzX28|qd8YBY`j%&#EP0sITJA^dd}(Q&8-a1E4*|K-jdAvpVJ|@SZ>agZLeC zyWv~;s5{&+9%=cI_J`a(MlB!1`VW4JT(}+y^Kbw$Ys6%H34_b`Pj5rJj}&A#yLo;h zN=f9gAoew^AC7b4jmyAYo%v{{f6L|dN>OC>;{2Yvm`qe+e0}!E3m@r#XB<7(xcVZo z1K?pmIvu-XXBU4Z<3m~BqJ24(Y|R+&6g0HnHsfku^Y1(|E# zggb=1oCLEJ2{;+$d1XMWN^SVPfLuPV^m{iXoJ~}^bZ$6~6T62s_1t5iLTnV=aCxSO zWofn)iM|+(JvyMO2KAQjFa8Tr#o#kp81>bVPGM6Qx93`NcjjDVpYS+WegUgEd}m(r ze*SzDEE7YDE{7|7nJ1owVy7c$vD3Gfr9*pZRV4v?G;|oJ4@`>~yjjHADB>U(Zhn)# zDT!^sK!+hkZG{9?cF>Hh*+mq~^w8iwkbDu_cZbZFx|zTN1XjxH2KGuW*Rmu*W~@8PxA>+E$TP; zd*CjA`y+&NlCNjXa^l|1nsFpQJcR?L3zG`;N-GotoH2l2LKXmu6&eCx?u1bLOrp-RcaFf!96=R(M!%`E7smx$Z*i~|l9fKN8zn4@htQ&Ov?q^&O{0Ckk z3)l(87--x3HxV}zZ&O3fRo*%uqtwYHxoj6smbx|M(#euoThvcDU}rvo^bfBY>ds+f zaTUk(t9lS~ls^3k&m+hj5nqU2ab zZ;r?yZeKk;saisneoj%xcO=&Zt})$N17(4RO<~Gy$+-mqGFCd^UXsAxH+qIO^~s+Y z&EN+Ud*(wYIpfjb@wII14Cq4~dWiGcwe^Kpdlqr*qOG`_+4C$Cj*Qyexnp*N%ini` z8v5eW$F}GV3Bgw90U#Kd!&i~3I=9<8O&~zf+2;aec#e3i0qz!BczFfqOM$d7Yo{33 z5j?o_PN#Zth2vkRD393DYa&g+GeYlp9!SNfPN^z@jeOt`KXi)WBI9`j;~!?rsA&pJ zq1Qo@w4V2;YcNQ25)8AT66*pTzW!y8-Pdt=9n{bn zBB#fJTgA?z@I;!BkK|~2@7c!LlPB5&rP>-#usr+cC~1B^HuN)=52=#Uh}QfOOei<> zcptXR*E6|iruiNxcR8>3gSaG+Bd+{&g4FZX1LnZq+KyR^$Me_b9(#?2EZ<;;BQuu1 zH!)Ifmw?$)A*IZf%xi69t9p4qsW#_M@%BPqV8bl&bMOaOXR=qhdTsm*aUpHS4;DEt zi71fZ$m~76vpa0t=1sIa+MbKab@Yi6v^nl`)xr@3G&rcjo@$^@9hIR%2Pg&@7lbdh zzY?oqz~sFOZKW7&J436)4;ggPS@$)84%0o368rWA2KiP2(Zb`)K+vzJa$GX1X#}j} zBkRdJByLmTS^30D} zml&ml4@QM)yyXR5c<2onvye~2(GE~AC2#DdWqnIG7*@@${eDqa#F?N^+Ih$rPA!J| z5$XPNou!(^l(TG3+gaD@`G#pEn^K%j9qvv65?_h`-T_~}D|e^|3lE>DbD}zr0P_K& z)m7nZB1q=*QO4fY_KXu^)H4lR&!kWM5Y;>Dj`eZ9oH=ppYI9t$Tm#-` zd~Gy#RJC`8;rY5X&4owNxm10_(e-Ti6fh0D0Y)>4*W^3NsG4~SgHuf!XNHeN_mUQd zoB}lT^{x)apNrTK0zG*ZBv@>>e|+zx)AznB2r6>C>RhlUdz`ZN+{xL#Nvgc%7v@bn z+od{QWTP&A8lXUZ3wNq>6t*ya#r*4*Yy zDjk2B|2%MqdZ%B?o8=nFA;45HE;0Fm`e%iMXy3J=)zU{9AgqM?wbm@M$H>R?AMrlC zSeOCxd#F%X%^RxKEXipY&4q(=yXOq@PVKEWKXG;^TC!vZH1pz=wX@M z{(;A`{fZ=p7$Ji&?DqIs0GRa@!+@snWp5h{4it@Ujh(Hq84k7pQnn4*&ofW~>Vp&K zE#w!@=g|+Qbm#m@_`U^ak9+0uHEqshG|~#PZUkg`Su#IQGWwSxOoe$9e0x$aO+0K( zrkkGrdB-qoR;7yDlW);D)WFt4z4lx&v8j`kZjA7KHdiQVHUQiYRPL-iP=8ZTsw_Uo zifMpx5>lrZZWTbQ;kmYT(o1Y@VKa8}(Ve8(I%ya%EBHS|;$K^h|0+@2nIF9~xMXM7 z^3B==pM~nr?yu};0my~%jr0Dy(dmKr%K8JJtP`uK8NXj3RQf*=vuB&imZ`7p4)*T} zx@M~$-QB#w2>4AtRgE(<7+8`N&u%TT&9XV?KjPl)icr$@=l1$#(w^G?k|dgSJ=4kG z{iOlbE;~PCOK{2R{Bl38&kQy1(HtN6ajU)Gk=avO+$k3xLOpE(1gXWn>cgvBUr@W3 znYjdKKvo>NJ$>!5oVg8Mcbc?;!J-!}A>EE`+oZ15O@$HYiU-4xl2gufPXfwNF^+O3 z!DgVhLTEx~0;Q^`abPCzUG)G&im&`AnoM%jRQ&wX{#OVPJu3CDkqnfFdG@CN$~GD^HgxaI5E2pZVNTrfFJ9e7e!^y>);BQRU=5G zef>ChpP39_VgE;a`YEpdboc-XR)w&U%C=xiqZ#3~=w`-cQ(zm5J2K>{;7#O(3!(YW zb@Ox4aF<}|=kzytS++*4CRitQ1ZXIzT`{< zgR!5EHZvO7p}XB+edNY1XEJp8SHE3sTq^zf_B8%&*#&#ja{XgB?stU9p`o89n^m>W zNCUU`v*fL7al4MFbADgA7M(5CvtIJPe3P|nzMq~VaIgMpdh!u#DDg?ojp+Qrv8vV3 z-QwP#RYRQ)`74}mSh)Kq!r&k7AkHfVO<-QxnHb%KE%Kq?F+Y0MVdZGpNUKRgDU z=-P=%w+E~m{-h5wx}K?6ob#Qt;ke_{WSiVC1cnp8?DY^PHf(k|#$p9S#aU&=Wfk`A zv-Yi&Gf>~#RgB(kOx^|KER~?XckEKY@t!=yM41Y?5*RyYjqVGE~<*B2BB@{#$F}abx06aN^Np57SU0i}zBUqUy54al- zXupRiX`-w1Nk3IDrE;tB$OBR0pfLsGUEI$BNi9!`JM*{TffpxrE59uw09R4w?x|Ak z0QiZ*w;o}(L5r5EM_p!qv27hq?0J;;IFM71eNfLhL&Wr=RfKtk=FxXNJMLaKwBP4J zH5;;(FfD1^XbaKddkLm-)o%&rcWY!Y$U6O*knJkrgY&g~?NeLGJGeQU)(D0{lJxrx_r}tj2S2_JNkFxJj-Fo(G2HDY` zI0RS8INZGziiFWMQdd`iM4v-fujoFSZ-+Q`nH9>%L@3CV4G;})Hd|2)BAl3??e_v3 z=&-+Fw30Q)EILGggfWM~qLRnaulnBv2?|9wL@LHMe-7&xwVakc!_)khZ-sBs-7BSa zFuEvN-+W}$>f1%MQx@E+Kp`>q4Bt1HvQnI5Q3zkdDYEICmC<+U+B15`hrP2WKd=O| z?+#HuSd51(Y^kU2QH?ZDp9ReIsMXa?(Gf)2H;RFa_s_#Ul9mp7pRmA}^PO3CV3L)$a8Vryw0L}nabx;BuPh|9$!d%V5weXO$*0Hv_w zG0!iXhJWBa@3kRdhPHz32m~HptaQ~omuLB`@96K5+ZgAh!(ZiiYC3f@UD~^sac$Q= z%Ik|soy8Ro?5t&2HbU^C4pL-7)~_6)($?r{xdIb4td%({Ybi^qbqORhsVjsYX&oR^ zovp{6xz+(i7tk)nR>&p~Na=SPQLmRfYA%*20%jGrc}r$%_Bir z%HEbPb}>{#7Fn<{m9Ef3x%Tgqn<&UwL%TAyI!)nN2J|~6!WnUpUbVR;nmx#KBAxkf zvvVM$Go@XT?Ve-BT2S>0D-C7PBHE8#d{Gh~?G@>Qb^vg*{wJkB6TzUk!CsgvD`kx`)#+w( z&6)$03QGi^Q!TTZj(Y2 zxUY&vnVgx&1@15+hy&u2fbY0#|9b4JlB&3nuTu2aAZ5ObY5g1lrKN`lg)!wih4}+^ zgsZZ;%(utlJ0(J*_y42_zRsT7EBnr{Hnap+NPtRBo$sOUZ2dIxrnekr5*IX#Qu_t; zK4M2~T5Dk=$xQHN7Q}8oPavaSLV*rJxEMnDjJgi}XHAw{_U zF!beTRe_(ZEG5>3YF0NTUDD_9lNOdf=d4N4XXi?(yA_c(_ix1_VA~;bxKx|WUDc#AvKZ2~N-EgY?n7ddxbY{2U@n0)3s0#0arUM& z?#krkZkZ#={mtBP$!I>9shJ&9vaMOH0i{%RcXfnl<5}##hO5M&i|FL@JH3UAHo}d} zv}D(ej@m%F%;nG02)P{szU_Qw}HngG^Rc2(F&L5n=fB4vZp?v*H)wxJx?_s_TYIh==()ZufnCS9L;Zmm^l7Ss zV?h4e(4IOLppwi?R8Q$iU#zjGf>V-oe>YX!{hq@RJaHUCj_z|%vuFk{H9ge33ar#N z+r5uNKDe`Iy9Lnpd(O2`0m@rDnVS--u{9r{yRF)ZCtCZAuxA)E)DcFi3n^tmtQnfi9}nu^1t_Cd6FAuNR4@z7z_g!tTm zdUOez^D>}`(KVsE=nUN?hxvS3az^-KLt)hUNd+D5dGbf{QEhb~1F+k;OmluOWMgW} ze6oiJRt18#K-#z%=uxy-{{s5|HFEC%O#go$CzVg1NaYhb#7D%ZByvcIbyCTxQqD{{ z=dc_ir%jZSoX>}u9FxN^Hpi_}qB)Dju*%uYvd!3L+x1qT?{&Mb+x5%!5A1e(?frhg z-mmxLd4JqzI0$twG0w*I#VuWLzH@clx%yi=hc%H}8v~b>Q?&{*L|y)qW%xC}c6(PK zsM7CJJSW>iSMNSoHMwReU7c&gTefqYJvjo2*jmA}E;}D7z(hjNpIvDxJs4&jsO{y1 zh6T$3DM#Jv*W7``h~1D8z-O|CJHMRze6pIf=K6DarkzFn$DZfL$y0v1ANcbguuy1H z0L*n?H{C?`JTnwtx$rRWdlQTGar}vOr`R7l-3Wb| zIIuK>8_}O_cF~#t5B%zbxD^d|JD+Z)$gRa#P$mT#0sMBXM@#~`ycWzO>c?YxHR(D zhwo1t8DfrQnq48O#5Y7{*NvLkTbLHYOE@lsq+;-hD9K z=Pl|2L@d6lsl!FHY{YT9&$+l&9}ql!G|$2cbEM`Fh1}!w`T^TG%aOOOJE}-==a?~1 z2F?XIdlR2IM~$%i6Iu+86~E@<_mLhL6BmYwNY8Puflnlpy0w-)jXPp*{R0fA*hEy$ zpkOd)!me56#k|kgFe2${A=V8`y$?!;lh%c-r;K=PBK?Dj=!B zi+?r6DQMn9wqTb?mYUsgDn6Xs>aN-om|3=fi}o|TWTz0ynrt}aWaQbIEdSF;fU9|? zCp)Cwy5CVQgeO_`iq51GaI48-441IiU>XJC0p|#R^%DKIl4z1z1(KjACsQNunr;~= zh5oxlKekG?J7;obJkmz4qya6~!S>jf<9r;hm&=4QA?NUbJqWnA4nu357l)WFUzlXO z5PrY(uYI6wgZkI}pMeyg>e6&>gt>Jc3^_b0*y4ZKUU7~v$bNU7d=?fTtT+_rgaCBmD0hv3V*Zw!vFpcj8w` zVZcR}e2JUo!QBqpKI>mQz4q53CRGIC%by0O38t&J$WlcPZt~Kh>8kkg=lOK{7nZx$*E|aK4L8vm`PqeWGQuFLh9Rw< z6WB~fGAoT9>$2dB{oUD~4u5WjdkxFj(+GzQw+3Oy%}-tG-$J+>gtC0IKa;<@51Es)F(cI2d=7X!#z3>8<9%7g26(MZ)zSzZ$z}sUCKXmdxDD?=Ab$g;72X>Q_E$i&&A*F>@ zn6lUh?xgm;Zl@A7)!JYV+gkxH>Qp^!z>JtWiT;YC`wjEpx?(a<1@)qTnwCrq@NPL) z7z+W@zB(v=_bi_DWzUvS%tB-B{Phz+cLab4x?kmbcZ`=2@~(yUn^vmYP;<~3H=hB0 z>>rHfmP%4+QXi_!ivH?XQ{(^6`|A(H=vRx~kgrLO3rB{qx%bx7;&!k%s~2Uc+mm($ zD%p@D#Q9GJ-9%DlY?ut{0xTxwJ`bS?}^BJy3QhM6eW1iI2&{ja-+V%khX7$J)gNAS zFarC^TobYMmrw9tu%nAH!(ej9iO$ZP$S^$S&v6RapL?ht4xOf{aL($B=C3<^;eTh0 zfXRirlO8PKKo=}+#|a%`y0`HKY}ElEdZw`bH8tH}ZTXd}uKguw_ zzeccb<7PyrI|2aB3V+y!-a_<1QLqO_Lx|cG?9w$gO<3r`@A;(LW3=O}!BAf0a;s}5e#p=m-7ZPC7`**23gaZtK_S%VM$L-+~J@%(z&w!XBK>qco z+!&+n!Uug{4GO>aDC%^IH&>%6nQNm)z)qkCGRJZMiI>o%Ufi#lk*^Axf^ve5(=f>P zC1MTkBLogrG^2v2GkF`L2@ za^e2bt=omp|Gw0Z?YEB2O$v?`xe|J?XRtK#F@&m9s=3-Gh%xujPP-7Gr3Aq3AGDNy zIcB6n(l6+REbxOL&Z2wto_}m8O%*}ye&3dSH>AR#_ES04vcxba4>97_2SgOfS1l#N z6I1i&K6f{`n^@qyZ+)OvP4Cfi`yD`4W_P7;rKh|KYeJ1sJ6}ouWo*&f8($RE8yb`J zv#!9O7=LP+hj#bI^72LZ)4T-MiR1pua2fUUf$CERo+9r6c~2y#%>rrm0RiXLaHLmW z+_pM;@CejaOh{Iyh0eE5Y!4*TH*`dvpPa}xh%yZ$5+X+|!LS5>9Ll2tK`;Up$@SD@ zrWO$U7aQ-9F-3fxw;lTW`K*5CAyLF3Ft(T}xk>{5uRfm8x2XLokUtDvyl)ir#_W{J zyLN@f!+3aw^hx?_&b$(20xcs~&<;z^#iZ+QH@<8SaWdmBr{5S7;n4Ayt*+Ha8zuuV z#at`luP+4+^T5dev3IG+A}}oZFkzCGj0o2IpT#d#dYUo5ycs+3on=mdZ6 z_MMx4#BfipzUxD{_(5HbeX%=rg+gy0cJl$}fXtT?s#ya>SU3y2T3r>^>X1DoN{a&& zJK6k_Y{uSf2!O0(EX}xUb%d0gZE8J1mq4A!$H^#-pk1mhbX{`8skUiWiQa{fV*FPl zhe0FadbSFLljq5{BO|>yO_^u7KbUub1dM^^FvMdf*L~`vs;`Ih-7!E~fc}bo!IT%E z#sXma%QmT|O65*Uq=ErB3;K4(Ff{7!~B|Mj&#l*iM4to-;c4G;F+IA3v=ush$icE3{X1Ggczbxm?dUH4|* z$|jI4#e@3bd|7VAI5ufFRdOw@W|o`oX(H4o>X0D`-`DfbKM(rN0760JQNIN^zkH0EY|7E%;_fW6cY zJi(w$WS>TMPPlD=130L!zThy9SoFrF^Vrj?bDp8Hj`|`wzP0qHE15n| z5E?~a)TchxJD`i_PH2Yzfg2Q;N|PGG&j@z->Sq!jWnlM%6iakcphO#c+T9^g6?z-w z_0h^z-JhjX#Az$v1cy(T`3E)3a%Bzmf>ASo1ur4CrkGW+j@YfJtT&!SA{Ti;PKu&9 z(!EFS?;i;OPDEbaJm}&ZwM!X2E9*0#-ne8=!eN6MRHo z>OrAr`A5{TG)*m70xt-LvDH{8OgZLH({i`>x5j$0v~8Ejynw^bHwO1iH@#+SDJ1wNXC97CTx7ayal;7UX@E(Eu%D6%d|m4>8PuhDJ? zY#0%&)Di^%9s<(?W7+CpYkE!0(;T6nq}GoG&l22 zwl<7(g~Tn+L*6pTJIzy8B29(wHpmUOhm+kn8LV5N$V9`ufbzstW{a>OY}raG`0DW4 zzgix2!N&6K((&c(Yku2LzQ=eK_Y3sqe0itKcf%njbyGJ`uMxt&vvdpyUIwr1;f!4w zYA6#;u601PiQHL=Al}aU@{p{CGn)Ad7B{qP(2oA{)@0o|jv54TD!`UE zu9ilHbyC%U42;R4F{$qiQP}Bl;}#HqMfY8d z+lt+5dUII)JJ5M`LH)}n75{sX`fm&}@=tb#6mcPvTry<6cJ8OS<^T6UHlzlx|_2wK&c2% zFASS*+^7!XA5$Olyg)`}NQy>}pohXLn);cU-cuy8GrnU3S1F{Uk+2;<52Wy2w>~K< zgZI@}2PoZGN+J(S#X)4E#D4cmd-;p^%kXzvDac#-7RK$EqGiEIq(U+71^Xu+i9hZd z=D6l+(1c^Kwg4yVSEKZIjhQ-4kdbOKM*;tNY(V(ahKj%r8tl1qAP8b!njcs!qd@ z<0Y{=+8Iq-Z(eiH#JD^DLqEGM$epK*5hHFLS%;IJ_-2tDJ(zsuAztwu-T`z!n_Xz!hpmLMZZG@P zxcJ>p#0b&KmzrXkJ$a;7QF!67t}oHNKb62$TsrbWm=kO z*fZx7@@aa%%_=RTVS?{0C#O;_hTeEXWB(+u%z=jH51Y>s4j3`0n^2GWFNDV#zwy8Z)^+k+QxkoRy`&p zU@~BH{=y7Ld~*wE2pm{X;*`N7Yp`Qot3WI5dHatMH?QS34@oUJ zwvj*~G1=Xc*wcxQyJ64+DrNz{!FArl%}?7Ly3ORvx_ZPhIAj7j2L&DBntYi3JRZT12N+zOT?OK>=btdg>#4t}=@)hH5Pstjw%ls^ow zSvh7C>gm7#)dj?!@)EnZ4>43~l~$pt5U5XN`OFsZDj9x7f4-W%A^l3(y;`13!Mu%t zf|TZJ5l7KP&wgG$unD%(vQ;*XX#H_Eqx_q|Bf?h(Zr~5iL?E@)&3~%dR1Y`}wt5i= zQ4#gr`x=L3zcB<-XfJr*T$Urv&`MH|ESzHyI;tT|Znx-uoo@wz%qH^Ew!YRQdP>Ob zPH*zGU^n{_Bnxsh_t0LTy$D=wx!!i_Y{0GT339BP+I4AAQMc;2MwTr|dN8ND0AZN4 z`?kak?%8$|x6VJr-I4kvdz3I`Bx=-)Zc~dGjW>G}(U1Fb+qomR_1Ml;v?m&ukrv&% z?%Kwcu-(|Wl-j#)^&x~iw}K1fA_Z%lXJ1oWrNE#fI9nBB%pLgsfOd6kY1_Td-z>YB zUX#=HS!&X9^JyixDA{$Rp~87JW9ZVB%lGHg8Ey_1E?&EbK(;#@YqdpeCs~A#vf}Fk z+EB+65v@mny6H)N`Jh>GR^H}?_vh}@FALw4AYa{;>()^U4%%@7^bbas-?4~hSfQq% z0xV}r(2iHjWJp->`_T?RI96uXE4rfWX#eiRz7aiX(T=J_D1pOu@$umPWf#b`+rSkn zdDZC!<85NnkcZYmB!mEP7b@gE)trmy__+_tcbU-dM}~dDr`T_V0Ymkl@z?qXHan*GK4@2M`n#&~ zUAprAsa)?pZ;_26VR3i-arrcEN_BvBF1L-r##3P!B}Mx;e~IOg$Q;G=IU0;XwFF3o z^StCREH>paeV0sB^%&3|tXgsk)JC`+sbJl!z2@HF7;?-+sF^IkIu{6=hTE4;4~FuI zjrCRu@?J6L2~q>H|FoNBk)T@Kz2fdUB!HAGgLg;Usqy1Z*h6)!ZvBY#MFidem=XF0 zXnwv1v3h|N&Xv$0)-;x8TT7%X+9egqj~GFCWPgMO|Cbf_N7kOj4uSPnlzdC}Po1Iw zt&!D7oq$CwL^ur^;nWJOi^}B!zZeNvv3uF7%djIngL-O?r5np;oKJ6Xh5|cfA_l;L zB{>kwEfgccfjW<5=4d)zl+U z)^P$P6LElC$ZOq6)}=XuqgE!|-MIa=C8J27Y*A+f2nr^NBbl;ckd%=P9kW=Q^GN3C z#~~Yo&`)cU&s?U;HEWKP7rL+pU}J-@T}-=b+4F|t z_#HJ|^Epw?>hC1LzO=40ZdDo2pAU&Tnd5<2=R>p3F@48KjB=?} z7u)MC&+YcXn(1o`xHn5zpNTCzYHCqmjC~3SScj>WrS+0nIfFXb$(ql$t<(9ZGx^q+ zraeRf+0XV3_BwP@7vCav8*rg1#o9x1byvLOI;Qn92q6x;M_$~UTk){peGQ|PFK&bTP@7k6 zEIq!S*mj?qwd=E;7F7ujpR{a_p>boEyVeMqZAc%=BU@ppQ{*|j2{2utbAdImRM z-(wzeiCh*+wvxK+Ea;`lSfBd)>=dcS0EM%CeYwJm?cFK)>H=*vReVt1sU=Dq6TzYs zbjucgFrYX*oHvXCVER~vzn^7>dmhg4&G8M;tSe~W3Bm!z=3H=REwZo>dwol71U5H% zMhN0;<&!Z0=m0hZwEpTT7lAs4IYG92YX^$5!hv3iA=H&X7@0CI>M1Uu-xwL?}^5Oa&#M+JKGG) z2q-(Ypv5I;DFB7;nAQ3u3CDW#pH7!9qhXIWPf#@dml;cYF4mml1vxXG{P09I z1C{c(^Ao=e*c8iN*yng7cZh<5NK=sBK|nw{p+ltCP^C(dBE5+88hRI$-a~JJ zgiZ(~`S5+;-@V`Z)?MrV_x+LN%w(TA`|O$7v-dO4M7`BeCLy9Hx^w3aiOTDjT6gZ? zGTym!w}9aOZB5ZVs-WASyY5=b3U{i;824@q_iSINzqoU!CZ71l0`Im==W$u!Qm0TY#cxCc9~PY40|%{ zhu!ho9z8g)5l8%rK@8*w@1WC%#;(Q?SsCdg0ub3d3Iwd7;DuOu zJ0P9(&kf`X^ud(^mN$VAYDW27vVDDJ-GM$uXCdW(+A9=0wu6^%M<(oA-8LI=ePP$- z+V@EBITLJfe^>NFs1(~jVwF)=3^SSR3i_wpJ4W9&j|m~>k1eD zEBil&n8=i@w=R%kdxDxnv27o%^%%N%94t_pY#s~(#Zt6XL8NLdDPOuXL}35q`Jl{_{eV9j!%&Tk%!St*4?VZ*!W^I zdj+`!Pxyg;K&H*hQAbP9a$*fA(^yaNwPH1-)Yszh*-U2bSr&zd!+*}y;64dFHVdJ>Y#S~3|&wK>d9seY_f!^!PBDXTWYR}G*jAxQ4^vkTqJw<=kQ>u86;nIt; z~Swujw?m>{y2#lEWBU>c%GM3BJMu04 zKoqamV-F7KW-YV!YtffaK+fvNjVWmcSfLb1K^Q=2N4eQ7pijo6-I#|V#@+-7Y8{^T zcMJ@U=(uD(`2?cE^4B{lu@*IB+RMr@%H)Aer) zv>gdB^1z-(?D;#7s%*oi1X#oPmN(yN3@vqP5i5LiC>h1fb7@%ZE#S2(z%C@c{fJS< zQ>~RruY;v6P|ifAw*=c(6+&;aqUk!MdD^y7=6Y!PcBB3Yn)WIUmmga&hnXUsF0M~s zDz`@!d765EFDQsft*vhEf5a%H1G)h=DeG&uR0p1yqf{d_<<7s@wiRmwL~&b9KGVUv zIq!beu=K;m2);cRd(xI+-0FE~jPcx`6%y_6bj{=MXXjmj127u^L8m22SqyR`=Qz>$ zwb3;A>>Pii2Ayjyxk~D6HMZv-3TagGA}QgTa8|Hto)M*+3Gi zfXlT$8ncRmT_hs|wEa#a`Z4w8CmA~FH4iYb*DprTdur_6vdPh9sfaMj?DL^=CdMMp z^Br??Xz0BFOd792Fd5+Hw}^U^Or4(yoGxVz=@)R>I_T2p*X+3us6NWfMqQW16HL#` zb}ws`CXv6Rgge{pgy~63w|tbk&eR5}=G_&O5~yhM+>ci?{)qAv;#Nb?8DPeLe1gmO zs*AxjSz5cv%neMRDeX!EjXjvfZ-z9CVo5YIST^p;KvZmJb+Q@ceCw#0H07@fZT*`j z1606$?M9kS`?`nza-R`T8hUgeRf8f=qD{~)jXo?&A3))!(eHD&Q!O({CC~|i#bnn< z&vQ%yLpxNMbhtmg6Su}??#6we_^FHi ztjIVl27&E|VlE`miCop9I>zrfa#Z7VsD8clmpc^IZQUo#nS4E)=;bYF_7M^Ss$Scm zQG+p`a_TLle-j|bp zv1RTJyZUY3LZnR6n;HFw!cMI;F-j|;)(F2|XC$Gel@*`Yr0}F}jdKaMOnrlbACnmK zja%D72j&NwS8uYLzt7t`v>AntI%S|>rzX8NL`5+<4~zLg{4Y5_wOo%#Lrdy0By67Hq`{YSCx!XH=UGUoIjizFd8n8b*^@mKcJsxme?0BX(;o62S&SJe>Xc_ z;Mf)R1V_KyK}3>*Hpsf%y)5Ugo61)s;knt>(z6B1WbIuaPq%;N9Or4|Jn;!FZwr(RcoQdM50KQ-8KOv~joQ?UoZN z;!VK@e-Ddg+=k}9Z>cM9;YyEgZlDOS)|K*6F(`}W#;=2m;xOFj=5YAx=?~O5kaAhO zxFU%70Lql|0?RX7dF`cAH53T?fzf5pzVu{>Uxzz&$wKICQgo83{v_t)#6hrVM9%RV z96TG(&Zh$ol4i~+s|v|3GFev`D?OJm>GKI&yqa=8Y)g{dS*Yp%p6M4E8z!>NRi4A; z#Z>PGhjK|Fgqq4B&0HlgtQ2~&bj+-E@bX^v%(;x;dYe3&^YKPYQu30EQ zY?r_vr_yJzcq3O>JoLx{)a(7dG*AuJX%pm^~2@QVY7En21Mf7{DOq5AvPcF7RS%oDe z)@c2+7kAD0n9MUe`6!s@U8go#QUI;}_iM|fFL@IOav^*|#V#Ws0Me0uXYOqV{?z#D zKGV$`1MwSw{T-ufgkGjgF@~(efnV4$_62-lTu4yt1>VS=;rNEaTBidcp_IXZVkV4t zOmFMRyW^^k-Y;2rN*tDNqM35Py;PTxHF`^EwvOk0im+}1g)q^C1VoING4#_7;!eZ3mU~;R!sjBwg zlBdZ>=oD6J;Dy({%ddf+>1`~k>QXOk7q)IVk!mbPDE&I^{6!4IVQ4Joux88U`xr|F z*HVUWHU#^6%Pf>fKo4R;ma+?d=!H3Q@Ck>tJS@ftbk{%QmxUar!Dhr}hOaQ?wUpFc z2@W?oJ0|_=CIfT=_pVJC8l9G<(MfTwh>k@O`6;F@Xro83qo>)Xv`f8e77B0XPGtOAi_DL#fTzel@KI6W3kGBif@RpfV+si>Kh%b{AXnxHo(7 zRrG|bw5@*n;b#VH-TQ3j5yaOM;!%BMG?2;gk>TD2U!R~h^cV5;c$>eJ!9epw=+*aZ zkr|BU54kc3B)x{bdNb2QByerY;c9jrB)mC?4}Bh$V`&mE&+ZMOyn>4 ze}`B3>}o+%t8G8l54sg6%gL#1)=gYbJl^1y2~yea0K54h(pvQ;{coC3tjlOMA`KaM z3`(Ufm%75RXA$TXlZEn`76VJ((jvgnV^ki|n}%biWZK^%_Z*_qrZ+ZS~}u zy0_tv?9RQ{Jh>3K7sCUdgjkqO1<;=h0Ql3NP)S}Qn`?M*)y*2rXvr2 z$d}^9{EhBmuWR+3qn1kdd1jFBU_hMK(IS0L!otq(gsQ-F{%;=jrsRfui}p+5n#b+w zr^kK!3ql8MH-cD6w?(Ed7E>vf0=2~~S3ao_iDUr+zhINrK$WjfZHGS-M2ivXKTbwK z@RLsvI+@}JtxWJbPPLP{0McgCC7-F96GEJu%3Si?Q9c<6qJKG85ZTy>Kwb5cL zv|m-ex{X^6b9z#K#vPK}U>|sFWRb+hZM9ZNIKENEwWQJ{qv7V00wvUD(H=;)I$BoQ zM;NPz1AQkoTHB6%86i9M&ouV6vGak&vO_yWWU34`%;&9_;r6Fm{)K@tH}>mvYE(n> zmR2X5L%z+o9*DegO_G}X*t<41#8bH*izuoxU)+TL_B5=b@*lEIc}_$^RwOoSyYFg( z`2o=}+@QQ2*M`cWr<-m)2$Iy}{w58bbsala2woSIDC!+{-tN2lFiVbJgi2Q32$Su? zGc3mC%?}a{nX;h*bQLnv+IuPH;3u1u6qd#RD2SS&UK;Bp;V*BB%~R|BuKwl@FMn@_ zh;6VF#wA6g-T3Nx9$DVtN%hnTaQT{q+Ij1+D9vq%B2iom(8~Ya| zbIC#$1qQktxM{0P%Ro46{2hv+-+Ku=k>x4qsce;BF8j1Lu~;Vs=+ zGW@dHUh=>(en6Do!ExY*WRAx`#Lk~UF~VI>YAix5-nFE^{d7#m@KY?ENWVyjE*u>4 z5xXOToZS2X%qeqF#(^^f?^p9m$MF?(d|vZxLTNHRRw7O+Kq3-g6`ts%)AMa8fFwsC zO&d$|2f>UL;Ot+;S_ee3$zZ^m$5_le8x^Ngv*!}KlJPfj z0NEK1M*I(H6>$VX@_ok=QD3RGJiXJUr_S-A3D4`kvU#Fp9>s!m~@j~ zIh@@Z0y3al-xn^NZ31ZwW&;X+V_{+|5hB{t2x#lH*`;zE;|mLmJa+N6iO|+_L{2YR zanb5%Ek75q-F~dGoNt2WdhW0zeNH~zGz&#SyM_vw(ooMCAB|ERm3j2E49>i+6EWap z|KQfa?^f^Sy!FR{9ZJq3Kq(!q**7%Xdibn?SB(q8U)-TFZR?I)3LC3kA-8?`h6+9d z^~!Zni+Nl3N~5-A+uzRH9ffEEDFTxQ?ZV?RtT}B%CRK+XV?P8pra;d8Mu^xKe4rC^<3C&08_D`CM<#Ux4|B?{tin!ujqfR&xMm8TQQqvGkRrpDb-M}z=q@?eG+6@o z>kfIw(~KzKbo$cIAOz6#4;YoLz7p|2+z%DgG4@Qdebj>WFYgaE|a zMiVTLc~Gz~Ow?*OEImWuoQAdbcjz<)RE+6vKpg2~<+1rnrlUf+6}(QhWDP3$`~58P zq`C&v?5ZW3vePNDv*#Wwlbx_}eXD2hXG!;VQg0@kVDz(6I{GFAkg58N5?mudZM57Ief7}Osn?+%#hHG=+b0)uDc0-85UdUgj#(yS zsOFxnjEa9BzSCYp-{OUcLj+#70wr%#%FDB!@vP!+?KPj)nMc#&tVi{z_V|!xRI{X) z87zik0X3v--wDZBlI+eUtVC_(uXG-X-^*YIZSL72ERu#M{pMdD{2_T)vhM+=yEGRn zDrnRYAw+z~1Dvdnq!XwiD!UQoz5oJeO@wuNlWj+H>Or?-_l-_l>UgeHFZW2Dm_ylY zH7hG$eEMevmZ#?yq~%*1a2>$6%dil?QHsAnFg+eeW;ie2PqxTU6D~IyAwm=*KWe}l zOH#J%zrd9O^t0VB{)2(}pGy9B^)5uU?4Qep$62+B+u{F}2w2}m1c&^K4O5E!Z)x`J z_REz?28pV+lQ*}pvOZIkgdSQ~Vb7ubUlj=K2wldMG8v4_TqY%Nb#fzRzr@tqj<28X zO+Mx3R)BT{s6Vhf{7*(Sdi7t#nvaEubmGeqpU!{yb%|ovf2u~&KVHB-0T1(SbvQk2k4*fGBsgN zG{(?XlUuV^UE)-l-IC#1_~C0Z28gv2x^dR)*;)3nUUD{L|Kq+U^u?lsM^aVZXfA+7 z#`7TZsq~W@^d+?V#E(j>%as>_ceC{p-{WoV$aFlUvv>ixTIM|3e=t9cHh(I;Egyy` zBT=1!t;USorvo@2%B{vcbwtrbSoE?4V+8%4-3mLi?2k^ivWC?owvT2CFhI)qqWRG}n77sUcSkPpW%uWy z!6oK48E@9hPBp*Wkd7TdWPP55xXuB+thcH_vQo+-3~OOsS|3q2TPK@s)8!HsQwMm` z1od#7zrTZ_ncN$(xU4Q?Ts$RWZtro*MFAR!J?c-;`W0v;j{Xu#zJ&vGaE~UW|%b|d;V|m_Kd0@Lp*PH z>HGJ0bT^H=shLiUwEy-Qo8-#%wZdi|51iSDDZy8y=;AJ^07j-E6tk?Hw*DwxcvnW> z-}_0aTzC zjL#Q5oH@zq2yJIT^x0QXG@ps>`ZzbV9F!AP)rU_mrg~KKhA|P;+8T!5|kRU(Q{R+yieD~BmefJ7^K<5$E~ zozw%r`RRPCCRqG_&dGkR5Fs|kE(Alh*7y$h^J`$k3UZZYuTtBcSe`PzWCKq)QT}6vRmV0mG+yBf*wn(S?P4qrI1a|_Cp=MZC z(lWoPvK{6wM?$~E?{G71-Ipu1zLH)Prf^XTVqKN%oZdmt>b07$kT}2~Q9_mCF|vHT z)4qFlx~9&8O-qZj48)?x8Z8g#6rrqQuz@OqqGx6NsbZ#Nx%`HnctFn{b`f4cQN}zJTH}?1JBM zaZEs{qOI8j0@**xTZq$8X|1`f`M{nIfbDJ#J=Wh&u-e24cfR$BNt&bA+Gb66XN-0W ztfm!R&7vPfu~2_HRPNCtVs4;Qj`1Eg4)*)9?GR1PcA1i`Vj$rbQAL#vBy^EH@m2T3daGAd)Y;pO2(8 zrmxeMI~K9_TLh_0@?>R(sR3ktI{Sfp+!vc)0VEzeb}}UzyQ>85;pRxIAV<$Yk^Wsl zj#ahU0}oF~*;k`Pn~jS_X9?wL?M07zYs}46&~2K#4^6-IeRd#8H!v~SX-%?z3-RWv z4A8eH(Gz$V3S>tp>1B0JVy~5YE?9f}%H1AvX@2E8p8oa_xq+53zZ{=PxD5c(6PuZ@ z$Fky2IpEohH(U2ykckYgLE?nbt@M`&UDwtazL?-&gAR%Iq+tTfH|+k6GCwSh$)1ok z;l|q_-Vd*Qfd$ovKHELm(ww&V>MpSRC0HhhKLml9_V)Gv86_54=Kxso-7`5yJY4dL zp)Geza_wQ-FUIki^XVk2c|E`+(KIXrdK`{PLtVP?d&2dwGZy|6kO`XXQP=E}S4<%t zr;;eIIdJZGj*lX)+o%9Z_rSuxU7s4o>#l{PDBw;>96^Z-?yxf^fYwrU6c_Zl1mfJ+ z2q0}GrD59{B5b+|*+Pzeu9ni=f(~89WC}6%vrCwo!%2os0ss|@ii1oG=1^R{4VkpX z%Vb&)=JSd;KJItPNfTa)>?-}s5w6d`t}IvL9nyn38gBGTX2lqjcAdt_WKE((^roiZ zUMjW|boS{Z~$|ei2TV7_}8RZX9aJsf|r;A9OEr4VLE-a0? zv2m?Tdl%s49mUKWzosR_p?Awm(OKG|hUN)i2w+8?@<@`qHZYH0#^$?wLD>J!sz+^YxF7CmVvK6_mf9N;od%t1sEOnPOSz zYi8xk2sK@#u`*QBEF2{=V^$(yy;s(}o+^l?C8gGL?w{_VrypbW9U)xI=VXofBd$ctp`=kSx{|ksA zTk~CuCi?XIJ#T()sf+u8(nljr8=!`ApDqPne>lm(c#aL55v_?OJK%MNlhdm)IyOi0 zY7Gz3s@1okx7h1CRNn4y7N~G_OYQR6gN%uz(<$){Ywf#9l2ltP5=IrO= zQn6d3H_wK$$AK=^=x zX(KMpj9+qpJ4d#h+z;@2?uildAZ(U+>J>H1G#D{O;YQ|9=m2ehEZXj7vN3Hkl}41k zxo3N9U!WF;jjF`!GR@-l#ua$_YSO|50PFfFX;gdM`{FU$7BUb*HRZpG!am@b`AEvoXp_$V;?h55xn zR8XFYbtM3YNf^Uu3~hpAJ|h~GamL$G_N&u+xx`CQvk4C}*`GRW@%P;jY3&pQy-*it zbCre^o37rxpxmAPr7mEMMU2!Xe=~P_PB@6g> zRVO}(I5sA&0g2NncajAkXK%d1VfxLw>bJ?ab z6@e}3Lwds}1?OPTTjPmkGqUNtPn?rDZ~SMC2U@NVJ4%{%;ACfM=Vi+*guB|W30Mo? zeVmYEM6LW`{SDlG3B=|wrK3Y?f&$$TT9-Q+uu-|)k4~$B&5dQ(ZSIf&rx)hyzjN_} z8+U(PZ><3Eg*TbkmT=8TJ_z_c7WAB`9cx<+fvi+rvOLCwcecA>M@%Wb%?}DYYdM43 zi}Mw+*SO=>ShgeE)}Q1D&CxCKC?`_cldLIs=hgem5#>0Vk__D4a3AMi^%uIx4wk_$ z4RTVff>XB3xFMH+3WCxQb;EEF);;LJ>}LLK)`~2mr5th|xwH{-`L>wp*j~dDVI3uE zdqi}p#-QtU8=okYvCTGN^sta_(vJkbim9j&zX`2}7IO^ghhW`vD#jCK-Au?6!M&Ev z=WUyM{PI^VopZ{j#EdTGSs*zo+C@nD`34)n2|aM1+2`>2TY_v}lC~Q2Pv0OEJiEWe zR$H%DI-!SBwUDT~p0>m49`h-&HaOQ({@cDf(PelZgAw`X&#T?r=_t%1;xL>TGmM!r=NeRx)79&LY5e^lD(I?7>rz|L>t+jJZKgVqrLTHe50&(J%gMVYs3>Z z9}r4S&{$;x*3G4taJ21MRuCnVufXen0Fu&Z{|Lp7G$AS&&gmZ<>Qah{{F?Ju9`ZN0 z;{SjlL`08cOG)07vQ}X@&{zr%s_`mU+kpB~?^Z#4rKj;zh zU{{KsDIu@|_qPAY-JHk??zvnX7-UHUiI`+OMe{<*CtN-SP!t4ytXqwYiuwbPzKu2p zs!Upc-$s=i?4b$$ivQT_Pq5W3;&W4ZI|%3-I#!do{|^@VKbq#b<}f zAGKFZEB+}x5P?RW!-VW6o=_R3d<={zXlrAvZoi<9W0bN~upjs(0ge5eDD^87*i|0M zFoq_4>_WJZPpJI^h5XE^82J@&Fjv!rT#r%zGW zDz{6{Pu3z>)^BaoHI&Sy{`#pf|1BG>x|Wvxwo_k|8{TTA@Tn#-JG&CiCLVaZf$=va zoyELl{q1jwH7aVExlQLj&fN{6KjNL5+nHQjI1`=o!1>xw*O3 zy($1-*={=n+jIMTAYojla2S&NW@!)ni>Hwp_v7ynX|6QJw*#IqxD8F%zb!M5h3rBYquKYb22sO z(hvJYlvsii&GAkw*Dw zEXER?T%Yn?|R@tKzKXZ4Gzx1XKM4 z#l*=GyZe#(2NYOuFe5D8Kumzg(aFu`SMc;O)3(ZcJIYuHu)$5=FGHDT68 z9(!}DUvHlhh=s@=a)j1B_>j*uG=1Md{tTS+%DXFroME#RQoA`Qi-xR^G?BiN+#PKt zGxy46Zc^w~;uoB1e>r5L%Wf%9K%~qo1>e#E2k*~bu+OeB6q(HkmmgVw^m>l(2Tofn zXpGN~2qkM**h`{0@=T-PJbe4@=?4))Rz3ojqA}H;x>py4YU;@CJFxA>EbH%u&j!2l zD^%tf2+TL$=Mp-6aHD2*m@vJE!$48V-F>XS9C@dDD^j$1)%*Iev3`~ImNMu$YvPqn z&HVlQcg|N#N7da_m(ciY@W`;p8d$}Y8eXm5)xu}+Lkm^2A7$R!D_8U8nXL*{4e!wD zy(b2TLy9wKNN+W>f%P*F1^P%{1m%b-uu8nUU_{Jom+*+70vJU)o9sPr5wKZ8v=_K3=E#l0Xr?X>{+qOc8nP>&}EP26{*^KBnCG3 zO(urCaWlc+^L%Q$VePsHG!ti-h+o}Jl&4+$M2-k{KwSzAgw{P5hIb|1NTEt=0q*&k z4_9zA^5-?%>fLkFBMhk6BvATxEPF}4`)|oDQ z1H37-q>cUW`vWAYH`Nsd##Z6HDe)J^qM+?}b`7(x-*bIVOxRxdrdKD$ zBXNM|;k<|yDWTn?Io&t|eNjG=)6L`B%#w3q&9*H^ao9wWg(dQdFx$*MYFI^EP^Uki zx$yQPrak>j{b0t?mil7UAI>Fec~)eRWr3ZtIg?;mOBReHVbPFM5TmRV}GRm1H&`t zE{3}c+c_bH?k9d5XCTCr52aDJS-KzZ`wXfe>lV4Y2Zs^^6nMlx4~~GZzj9h-23_rY z+n^|c@G?V6H=A=|-TN}*FLffMu?&Z@6ZpyctUI5UM?HAop=2jm&=MA!Uh5h)a-WtL~R| zS^ey(96vK%_JgdMRTFVod?GB=@i6<>28JC!W_2{V)i?xW5`9z+dX%S%b*PB)DjsX{ zxb(DzDu^bapRQTt_zBCB%iID%StO#o@l^lUqEw+y+N_}-jCi={m?13?|e5$)@s6s zfX~@>u&H|z#Q6ZygL|m+A6iEG!5_L@v~wG%58gM2W~9u*}8k9VaX(J@<`ZuyAP_Kc$$zc)B0v zALTM)B)AltVg0DIYN^GvVe0}?5eRh*gEA$#Unq`a^aOPY?UYS{5AW8Nf9Jv2doPO z`4fl(e9e&8s3%J+0(TXA*$TK%pK)k6XsbUctb8Me+>*>cXJ@opuHoh=e3z(#%oKB| za|adVdm0A`c&#|`;Zj~IQ1}Kab|~j{Pv4*pX)2DE3QQDo=FI*S5PKrvl>V(Ll&oHZ z9eBwrHTOl?PCU6O9^H9NgAaK!&(vj0{o*!0cKiRYS#iL>$Y( zTlo#+`FHhaV$2!7et?Bi64)6??YF^SLLLB3Q>xB(o>C-=w_J@I@O)Fji_jOspb;Pj zGja-s3(E4ARfYgSPSdf~&7TH+q~6-EZ0orr<&ihX1Gn=>!Ey&))nvkXC9VED>FtRt z9ctOhfHR@-EHMQQVK1N zmeo1$FlBlHLNX@eTD6feKQO&S;8}bf+vd=5uvFLg=Tb36c1DEDSfxpCV=FlkveoFA1~a1* z0Jfxp&w4U>Bwx44>d^sT<|GKX@DYy~6e@MYz2x3Gs(YmwIQJ6$?5uynhYz1zAouSO z-Q43asV`W7l@m?Zw?@z}^NtQBiR<&L`gEray?SZ=dZf0(guaF|qsKjn6DrD|ub9(2 z)bBb!$%-BRT2=+Y_$KGa6>4^0hBNkmy_hHnY-At~vzGd;T221&?hDmmg3oUqUMe(& zy?Ec5z`9KsQK(sB8A`tPds>&GgMZiXqNeOm%x}*oyl@@Qx3M2tISwK1xs)6>0+9uw zyfMQ}{Ph$Q_Z9Xd)fx_?Di6jZ!C>G`2tJv3Y4G4|ABP6#hGS6XMWyKObW>s^la3b#S_dxsCrV3V2N zY`bYgNq_CMy#NN?_L&yYwMwhL*vXfN6VxPp(O*1-6#CWs{T&byI^k|`@E@_HpsSzG z1!+S(Mh4>d(@3X@+p%3bHtGz2tb?ltTI^e5uYO`*h&!oDwYZ9P2)*g&^O$VH-}g-n zpqK%&R)zmUQ&bB$vo$VKX81I`QsiacubVM_8J1n$Vv<>z`?(9KFOcI0mvVoYp=TB# zb~Gk~xc4_&e(vPtWWF_=64bcjt9s4Qy^;bUz46^Ll_I!7DXZc#s5kZXcWTL~4Pc-C zcrWXA153G^GGe(g(HZaYlKhzjZQ-zMu|#N5qGjOw?~LlNud2ie*Boo!`FKE#KN+K7 z&p-ZN=^QqTxXcj6ufJj_5%{|)b9+QDp?~XOzBcHVP=P0ZeISCFA)k0(@s+M~6xcuM zd5c0M8%Xv>C#I)ImRENe3gjk9=*(C5RgSxrt!~4w&oK|sy-*2yuLn}GX=+XNYtl^Z z*N1i8rVq=5YqSQLi7q)0&sb^QkQ~}Y>F>}4^SW#GrADj_4a7To8WPzoBs?5hX_jqXzgyFw(;tmfb&#KPsGi=SQd#C|A9jcnNO6&td_|o zidiml6rqQaLi>tdD~vNSTO(;!-Jyj2G|@(%>ZESU6Y6VOI9~-QhPAzLAoGR&IuJLt zC~Pi)JAcbNSg0qyJ=iEFuRvfYySW0|9;HKvx1g^tPaDI@CqCYuFWje&yM-s}Olnw> zs5RnNiNXERr^#_DI=%g0k=>V1#s5*|^$5p)uwtmv*GCNWEJ{!)V{#zHI0OaDDA8JZ>Y*5zM(Mj`(`9{#_$&J%mleWNl0soALQ+aJ~^^n>l#+ulI&>6~Qx zc6^T}pU{^?Dcp@KSkfvS8kNwtsD2!!KBy>R2^l8?lf^5nR{UvGKjX6;)BD&WhIC5jE-Oko!@% z{lc!VBycg{{f5k>hbJN_13c+02H&gnzT+6s#qrOZ*jXbJrSRXLn%&EUZP;Pd9>7z= zRQz-p3Ymrvv%iFyhKT6E2>#8a#P}J6>eV6dL~u_R{aF}D|9#WU@GJw`tc(rR`U&r5 z`cwRjL0FS{8^B%ASAC=>c#Zp$ZX9d+~$ewsK*Od;>`?5Mdx7ZLA!|JV9W z(7f%7%~9c7GUMwE)3x9@?F|a8Z~i1k;AWm&v5veZ7;zldh4(LgK+7hM{&bBvL83D4 z4V7$!XO21Gy*%)ig{-}|xiqd7=pOJoIorRg10P1_45{l0P;b70*SJiSV9HQgY#!*Y zCHjt^utB_3S}JlTsKK#Uel<@5iW*!#Wf6%5G4OAb@{F%=46-n1 zdGHS=?LWzW8X~Ku@Jg=Do|-ZH>MGkN zj+_rT<*k;e^@e*YOId+)u&WQIgv~lLw0Kj5ufK{5ebTDVl!tyP-T(Tf{`L8boRjLF z(K8O+47z>Bs;^OJ9F}Y8@ejmY;VEJ&eFj$wsJxfMV}B^CCZeFy7Q@vV9hB)*HKRjT z#LecQp2gfCzbUbLZpo5CGdD8f?*8u6mYA3EfzMM1iNroh8SE1cN65Eh7(aXmH!K*_ zWMP_7g-R}|i-rySB$J$FFd?fBY4Hu(W5Z8O|IV<&q1Rppc>Z+B2|3lAh}79GpI|;s zFE3`nJc@)UmekISa-J?>=c0^<+%{wGno|?mD(&NGMGN_y1q;bRDt6MebOp9$DuKx4 zQ`Fj*YQqEzz17DS7n_p!g;qHSDfqlDRhSI{LhpSW^#| z)gk4@7BE>j9Tc^_+`)(@T3vOV1MePdgp$;#Tja3S#l(pOMU9=3JBK;R=6{YjB@rnL+ z`65)kZkfu{fl!rXm+SY%#KSNEl{2 z=0SOnTAZzph>yu?1z8gKgjmqMuGJ;u0q$gQ_N?89o0p>{k=%z$3$mY@K)iygIz1nSPLnHd-o)C_O?%Uq5 z_%MJwDRp6~5T#}yb+0+=>(;g^iJI`O@r)4vrf$x5G}GbX9#L=K%4lp$1jIT7_G^tw6Wg@YdHBHN;{` zl2W~M#(|EYBQc%C@6bvj{%uuogRR%*rfp=}qH+BaN{gPk9l;1AHp)&l`gIk(%xS1q4^keM0S>?-rR-5#^{?KT4u>6rWM3J~U(# z&_o-JGkYie4R(4uQa?bV0+>{m9nB}b3j&bwj*S9>~qLM{D)e?iI`u`<~Cb$z_ zv3XCEt@yA)zejeh{t%eo8WlF%yRfy?O{rdb6~Z`LHW>kZkD`}O7b)M@o7e&?tOYo# zPhr}WD6V@#YjY-NHMARwU!4JP{%hM5>7Kv=&B3VlDukuL}S&B*f`wBbK+dZGwN2&Y<48IY|56x<>x(f@< zX*dH~&dUXXyk@&IYeI0Y^Qw~+VjH?xgA82*TrSd=)pkDmf=fC!_im&NUVm+*IJM#L zETexEVNFs4Yv9GBq&~>4o3D91s5kqo#@4Jbx2PiBpj^%T=?v9jnH7C7x_9}Jz&VN8 z|HIo`2GzB7+oHjOCAe#F*Wm6h!QCMQcY?dSy98Lc6D+uUAh<)Y;O+~%lkEMSckZk6 zs@{)Vw~9hm0aMl-U0Q3sjkr*Yb`U>zS#)ph2Rl5EQZ^5%6_?f}(1di6T27Tla;n8r z)x+k@4o`6vn7@+h+4l=A35OIRX(1$Mj1UkUAffPzgv`JDx5&&wE`S z&O!rN$Ho?8;j51ZM1MTUA-wW7SytO)35r6nSD{^y_{I5P^L`6-wnWU8- z*h|;^6u22T{CN)4uDF) zR=p;?r5+YRQTYW=Goyrv>HDm6%o*-QZtc*+JQY&2V%rCOxsik5G&S{=HH!PRg5|uC zsp3A`@`!6O%E>CXLoZXqj^lM8j7=HJ*Vua7?lw~%F!BwG9sE%_o^dOiHC zea1>U!_BeFZW1!Y1@G)?Y3Y23X5=FBzVv?dk)(k6#~%j)^6 zek{^IJWa{|T9}SwUiEpqot3&=m%yL1>LlI8vCt6S`y@L2Y5A?395tDi-h>W&bx};w zJcx8F-`|#gZ(lc7F8w=*WT!A%ecB*+rq(c-OuvlO*qHJUcjDMP0B%CDA@QC&#%eOn z&d8GCmQmg=?%qXLGO1ty(==$}@qtONGkfhnS7q8YD3Q1<22e_!(X?y2X0b$xjnmSn zaVsh|v*X^Dq?B-2#PU!n6ky1JH1$!{ySWSo$U*xB@1k;kyyVE%@#(TxG$)6$81t zdc*j(&&C*im!n$(o~2X#j_maoN)b*fE~i4E&w957uNydFl@3>ZlvWcFdeXS8qeV{A zlo}loRv1^f8XfwSD3b2i(ibI1Z(|kU+70hy@-a~r>hhmrO%AA55iTQS3}y(T zKifTyv&;vK^~CbjG^SD)QV>QPTG}yXOk0=Nmu{AT(;Nb8q(ApMUk(ydED@G-#ni=) zI^0;lu{(OvY+WKV?lq&tY-%F@(>%{30d;RwF}W=ZEXBB`t=^evPd&w-f#~kOe+cG{ z6ZuSc7C7$-O71)L13(U1_|7@$mKThQ?JV+4xU8sY--RmR28iL^oARnpeS z3RpG3bU;(+NqBnr_qwLip zME56=_fMRR_a>S6L7m17R^**Zc6=yZXnE3>?-s1ovYEvr!fI zV;UoDV$mc0bcYDNFH*0}^%N<*t$lLC`5anel&5KRFs6W#bjWY?V`tED)|aVKQAsPk zb_ojY!d{bKvTIc!Dma-Tdc+jWf?E_1_%A{g_$*jN-lM z6CEcPGRg@2NHM30-jLJ1Zh3k9?MPfMkDJEil%-E;oqSS9^|5wjyWs{uNZ^Nt2`iK4 zIIRW^Zb9W)nR;kVi;Kp=!`W;DkN9|~CwI!XKaQg*+lTUVJkbZOb_Z?0xzwjmrQBj9 z2fW&=`$`8*lI8a9zY~3t6exBPn`L^CKB7?SzC>~L0W&CRw8P$H%?nT!d3ThK>dudg z9m!e!kS#M#vYe+C!m~m;45lwmc)z*9m$gO+=ok9?uo2|K`ZYSPU;t|ZfdLJ|x|>g~ zBW_uyi_oC_Kk_3z_AH%?zGjqO>5u+HwG|LEs2BAjK3?0%hM3^eNV^Q>@)v$?C0)?YpDV;Bu?BBEd3$nQXMaA*$w5*M0Rips zhzW%+o!C$yqr*o(k6SeML9KkL%*hQ}tra4q}bn-_A zv=kaSJ2$k$Ff^Px2)Q{i8Sa~h26&781(B_**3*rd&Nb2dK;(kW^I%Gjq}3mzwR~Tj z&T(CLH zzmgO=Q8_;@!J*?T)Pe2jde|jZ9M66Wzj_tjt)BXX&KvmZAtIf>+)wy&(7XafQwd*G zyB#L)kIx>KpP>w7_sd?j92ZNr$70T5LvCL*nW8!mSP2cR>S<&+3>RcGOx=^(DCTW! zG3mqwu$rmBYOdEBw@7>Mq7-!eU~CV=B5Cd7?bqxL4}!B5M~1)O#C;J2l%J@$$2@}t zfoORC1%vf(&Wi|YrD>?wGZ2}6<}rL2W!Tl^uZJ;3bac6+i!-Fk*7=cS-AzYnhe;P9 zOpi}WFXjw)yY4I4asSiqV2g9zD>467NMzy9wxmOWq_)E9OKge){ zS2$3VWrkBUYIvVHk_TviQZg|i13DUZfp3br0(W}_vG&_TsOXTUpFackVp2A7p1!hw z2g0ra+cJp;`({)J64_#(uR4N*Wx}<>Qls1Xr}9&C?`xgK(C}>&-Xe*~+!NVU!gbdw zSBP%ZIwob_DbRR-YYe;Q7ROt`qH)t#_$LpTbkQQ z1uv$Kz~2rsF!v94qGJV}QWod&jy*&NE0u=QG2M^M4D4L4gSV6IYPE>R$>d>yHWlPU z{=TmZgl4^{VtX$;qO?YXHHTRJwE(0^JQFisyQg|&!~!o0Ede+sDec|*!I4xVy8kS{ zL|y;f8(NCrE;y3H^0MMpXc0+e;uF*q=MnFJPvYq(t?~+Em2%eA)4~s0BYO-kkLD*i zmP7`N?zA5-xnWd&%pCan=fd9fKFJe4`DisRdYc2dTnL5@9A> z@xHxiM{B(kA%nYqN4T@O|I(t7??TL9It%I2b-E{CP#6gPjHp#*wFme zxoeh;U5`R7BJc;RLa`$*r*ukdqp?s-lFMjTAeysz`E#;Ov_X-kzetbh;mo!8mrN>; zqmMsvv@Eh)vIppNkDDek0TR2-RZrb**1<`|Mkg?EhsWHq0(9~Z^oPrfS^fNT=2&%C zCYfclbjT%J>S-c)_kF|3m-38OMmm&0HN5J>$^&E#41q{Da0*cJo2NYm>ZxR zgHkDyb65d>#@B3htqi9KnhE~T5X7fV{)0~T!_TD5PT2woW2%=(nnaj6M4ELP#A$az zhNlV6yPEEh`^**?-HxOm_Ot6yrJ6n-IDRf$!YpG1F~MuHybg{8npI_5OiA%(vn6;J zSp?P#E)adyQqEmv(#xgml&`TXTT7qqM|8!n;NbC&=h5?aKBy?N>Aq<_NOtp-ySiK0 z`f#1@sJlh8uq(TSOCVZ0@42#~YEe#?y=pgcS-!M?r8mDLQ?SH2-4~o?ml@Y){Fu4!da9KNqSs9`3M1=Ecii- z`(lh+@O?){O7mFOE`4CUW1D@B`fWx?o0oe^Ho)9}e%o11u|BT+(UQb`7E%q={!UWg z!H(22(93OMmgtFr`KS-#SQ^;}S?)mgJJPD+TE9oZU^n{g0lmrUq~cV+wqfe=f$YGS zo$n5_S~kmV(gu#P*OtC6Xj4U-eU@#4REX|~0l9B+IzAxt%KLY-j0puzqe*D$ zG*FN`>s}3Jh0Yra+b``?9(m0R?XiClZGf(dQEOi_9h>EXz733968Q(SEfV%6;DqJo z=AC3B6P5pB#+n&e0k_^&hR*#RKyvt=5XOZJv#nUySclSQ5qWo|my>ifR1RlAUe(g& ztB)bEicr!9b@Q`Cr~Hi9#(!Gk9IuIR7ZXu6-^!_q^fhFa-p4-?L(un%QN%Ta${7De z?!x!{eTI6n=%1MNTIqMB@mJ3l%hz*buYCSgx?F7Q5|@Cdunm*j*}JOyV^IVrvCg=k9A4J(vEeZ=~*xlVvG%J%w3}mG3~lg}s6@`_Sn78$6RR&Dk&K zCAj|reW-PEutVP&@QlwtU3yh>=O|K)AuqD&^LLb9#!=!2nz@hDYI%V~SzH#;$_e0e zo6#*k?_Ts2ioP2{DnV~9ltYJpEc z)1C2!*G8o(#l%o)zHv4n>fSOSJ9fj>)3l&5{DN|-Id}tT3{Dy|uDYWa+vC`W>2DLP z`WNpA)1&SW1Lpnpd_iqx28YhPmEaH)y=yxXC!4I(WcFbbY3y*ZnGRs6*n%(rsn7w? zKSr)R+ymc8vDI9|03o!}?+ZeVd5-%4P`za&w4St#60kD?&`{hLU@TdRj&v!&1Q2hKf6g2XGF+2Yw-SfY{2trEAGqmBD!%D*K4ECL-ytH)^xEw>y$!_`(1l?tEjDTaQe=Dl}&jSd)?lNV;L~&=NjPNktS?7{bb+ zPhU3)4a5*atMNT%y1vnfH286)iLrQCOZ!+NS2NY`x&2p{I{GReR^~P3R?`h&uf3)C zPztJ0sz8934wo_7{&C}Wr>2HUJEX~U@mNw)qUtD#x*Iq_9a(n&_vmPOuSZAdG?0Ik zMHoXXf=nuTIWXQXDT%5P1jqSmHM^8$anc#J%b8ghrvr> zj9uW+A@&7SF)%e#Lh+=+qD6x}3w{VFh$YC1-@T0%w^W9q9od8(rq@1BympMd72U?iIiyps zpn9Y}Wj8=Ch-+|3di(s*eEj!Jsmem9uOJq^rlB!#B1ZK3Z8+1#ip9S_fY^T>0rzsM zq~5d}wQ?N~cmzW$nVLZne<4s5Gmckvq&m{Xr*1D8i_}5G0_rKKV5iu(f=59^2`+&ew_BxJ~VI zPg9X`PA13VV@QRy4$LBlvxBBnS?*y*k2WRH(d~$*_Z11fU<4oQK*vE$f?SB}&h*s9pPG$XJ65EV*I6KXiB?UM|KVxj zEFAH?kp~+L9w3yT&j|GATYmGmow=d<@ST)53k@Qq0@>TsfgYu6c;(b^`t~KDN&ekh zh1k*v8J8Bgv)N&Tpp6=Gv&ZVJV8xg~V;}j6242v|nq6krx7_C{_ijCJqTp&9wPN&> zRwbHhvTv8K0Q;MXR2UTM^)S0&5JLJV889 z@}k45Fm;0i%4^6!BY}@s!%F!_YDf+T-R^ujjCTjk?)J_wDv-t`W5>Gp8k~qAFOxm| zh|>c-jdt7K{6Y3WW_rFL;d|a(rWSC1*I(M%zZNY(AAyThp>m#}J8zSm8~+jKiHN>C zwd0pQDI3(Es_qLrpW!<=3vaOp!1*AqDD;&au6F^%?=amg#Pd}-5kZn~H}{PMd!4+S zwusjmouRu+7);LlI~9c{H(x}WHUZ|f0sXQJm0;b23_^wX5z76AALSh1oaD1YX9kSq zMgiCJVYL)AiA}&4AVv@Ucn<_Ja&58ehURQrFh@tH8D$YYLA0kNMdqi-h>PAmXDzgj zU*{MIPAMjl@Udb$#i0)F${NmmFDBa+9^F9zJyh<8tzIdf4)&+lx#Z+CH}<%~4^hxc zzw7iKl>ZxofQR}=Sj6wH`#_cx$!tG|b)gpUU^J5nmP8vfB)02Oqyffl|12dR+Pu%< z{GI7Qs=aV=wTa46H070y*NdI6#LKP(35x*kR-<0P2IZee;oFVb(3s7W4s1)c+5HR2 zfCt`xk0URGe>ZjKK%jm3#x`vYlZns`1xk*Z#0H)bxQ$|ne?Lc-FqT>(C}37~nLcT+ zL^}Ko%-sy1KP~>N;s#DNc=9bhK~TN-D=#7Tx0;#EpVa|k>)!>%K>Vt@hxrBgW`twa z+sB3cIvMBxQ*w-!mIQi<9;Oxky&T?k&l2Wdh2g)<1Y+Vc18})qjk7IVA}P z`uesdCpN8bZjAYhhEcdT;n zy!tYWS;A-1pa}jpGUv_gjp(H|iw`_FV%5Ptk_DFJckB=2v+g zPpbI1_|+7MLr&!?7B~P9e&k2M0YCTF+HuM=P3v+4&SRMdql^Y*rS#(Yv24;Q_Y4Y- zH{4#HZhxYZ>@w=LI1B6QW}UMWt@OU$UHQ&X6Mn35#{NnbzvA4tMSKGK(va}_VT*;~ zQu;s8GW&gdo#{Dg^X&Vr$MoDk5wF|#zNc1b!=%MmAJd0=M;$T}z~V$a=vL8n^n=c* z@W?i}v}c}47j7&Kg63x{{VJp~@^~;mfrrTRz6JW!Tcs!7hZ)R)>1M9Xfu~$;+TO1Y z?`CRaDv*m6n>Nser5G%*r;(1wt-N|S!bM-R{NAta08vCl9p*3ndE)*-ikk1_3>bTa zQiRjF7)WJUltX3f;5DfYiBQFLNFe__e5M1wM zEwBk389#k4ZH%~LVlFHP(he{_+XkploSk>uB13>jGp?}@9ANxzj|u$|P<{Ti_vR7+(Jg)a3pONhz21EtP|Cr4jh>u5!X*>hva>LZ&gAgk%aC zsIm2GK8|Zlsc*eRPkOf(ASv%A`;Df8^B?Za0*xNASC`(PW5r=QQNviCy}DdRS`G;y z1~*m`jY^x1E-kqpe$7{R%aG@1o+C6cMzS&d$R+bt)iAw=O=(xLg(NGeB=NW)s*l*_ zQ`-*1e7O`Cwvyf;c?bVJYX}G51HIQ@d?RUWc)n>iAS%t z0;X6ByA5NBgu}bcJn`Wb_!KqJoA?yr_q|d3!!g%lr?9o0pyins`l+OCjI4n^tIdtp zBC?wHwxvQ9Qp%2q$e+-B@R7*g5f6_3MB$B^G?L>tAG`8YS_ocv2jf$gx}M-Kc23_q zF8bN3XPUbRJx__sybHb9>s^gg-);;b|6K?{3(R_(-tzg^N*Gd1RM)e@q0JZS1`~G$ zQkLkmiM&|mPjW<~i{wkzb4H(zd&BH_+xB*mj~dkNU{=sY4K|>MaY$~44B!j z{!VPiLne4jdE2L2h+&2-InK^MQ+u>QEjiGBKIG7E<%n!3wNJ5NFV7v)<{`kbg1B;v z!7P)!(^*L6RgJapn|r6^8@RamG0eZ zZ7!Aoz(ZDvk+p-3^he_^6~r+O!a8(O;^gxS^eaY7GDcc-jb9KWG&z#iL74I1&Az(f z()!%1V-VBzwd~O9tEtsdXuOm=q}px5=%vV*2Q!7PX4${W-XyKVhVB5^u1Y*4=;h>V zC*og&rTo~Jdq?`aZ)ok;=#OY}FTdp~Q`FQ*D2ULJy<@UgCj4irhNNs_Zw2_GQjuN6 zB>4M7BmL_0-Y;JS2hT;B2+UH*XAPyvz3{>M1E}=qpCkQoKvqDGqo$5sbz2=DGJ{col+Q8cRsg}(TbTKt+nG5dtb%h zAS&{m|8?$1^ESOluW?hbKkZpGXOdVN&HXS4f}c4e(D!K{v0KH{vD#L zyS*zAhU%BE6lW9*3kNY)GReK!Zz@H#=yJN~WkEYUHG40&W*oX_wV;XEWG#qX-~6W+ z9=A6v{@=fR{lhhfb<#`Mdb81{a^g=JRIe%{K;2!tSs8O}Xm!q_N+jR2Bl8ZU%ISD; zK`&r)d(DVcIImBXc)~?1JC602J_p5)i-`M=R5|9L)M^BIVTu^bSlZDl@_k40;r2nO zCKyqHDe8RDtmua{0837yp&w)o()rM0JmW%j=2&$evVlLZcDh`1!;@sF^+NvWT7pTX z9?jRvSL^os-M4-zs72ouf*E3S^`D~z!E2Ty=%84yN` zH=>%7WDcn5w!S}BTfv<3i3Lx=J(Y(`U=o<+=JvPd<_t_Gnm4@6Ec)G~5;Z;cz~*N6 zuOYZV0E1?1t+ElQ#CAVVcnjY(Rlp8}3yY@c$*08yp`nt-&oMVJugtyEQfBwK`f{~5 z+51|xSSTyE7zM7iqRI@kw>N~HMJGPtqoKu?-Y)IWoSQVVgE%>&oZut!`0eLtCS=Sb z<3oOZd%_QZgJOv5;qbBJ4YJCX|4qE1t$}x&6Aep@Fj_w1H1f*~-$7XsZ>3ZF7f*_+ zO5)ep0DsfgIYT9HNXjbJTEHT{?b0ck15 zHS`rbC9=W#>pqcW1L}cr`^&J%vx~2%5+ufxi*8n;#C9r?qPHijKy?s=VvO4Sr0g`q zVG;4%ki$=~Zcx0QPjSNiZm`)rW7jh=lQ^uq7e5LX*KKb)8pk*I9Bs-HSQIWdpRFl4 z>}~9kC35p{a+G5#DaV%{^#T~G7oIDH?4-;4LXXO8MoZ6UTe49Meo$x*G~DDw3&?Ck zb4J6$(;1kTE@xKsz%zC*) z*@elY@q^@$RNEWQ>jQriNtqh(DnFM47LJn{vU5vC%14)4`$rSD$5=DBhfEYyf@)s| zztE60z#Pi&OD9$nH=Hk~oeBwl|4y`Ooq=eI+F}?E&=BvEdND9sz}1aOrf@W!*n?REXSAa3P-yZ#JS^os%<{hUZ4Hv&c_&0zmrF*=hehAus945zW<} zk2ofxp~MLJJHx^!a>Ktx@Y9 z-4+{#ROMS$Q$FuI_6fqaH`(>wA&W3j!X|ayp{A6wA_pZC+it|Ms&5o2?rw#|akPvy z8!LU+GLc%&V|axe8KAU*a+V95{>@DgA7weTza16i?%;<%Ka{ObMUULW?mK(oqMD(b zoB56P!EpXp<3jV7sF$~7-~tb+6Th^E+z-DVM1IQ>qJDo?fmX#y5~Mt(hNLA1_mfg~ z5J3VmQ8TF@%(OwJo!z2r8IP}HohTlFPi8L2*0H>$hmJ-cS?+E7vd zF(r_!IR9jz=RfjM{Q-nrX1xkK-PEOlzhR?Kw15=@Ec8}nLXpq~O5ZB3iZOA{SH%-T62D*d2s#*# zZ_(pf$R>jD>X}P3s1knf6^&fbo3s#bffb>2^Mm7BULneGtiPz#B)I{epyy2m8m>7C zmys{ay_(Ip5mU)RTb<2H4(R-btk zyw;$JXIgqfX9VAUl|OjWJRgFTd(L1W!ust(#Rxkw_NIfSFO*0FWONuM-rbIK{jG@A zW2FK0In~^FUr>95&ij=o2ezvbP|{PrmL7g^>%4fCwsTd25$PFhWdWf zLz++E5dYH=f*7Vt0=DX^R^z4$5qSovG$F9{^Pl+98AU%75sv4~qqZ|0m#q}aTd)2H zYk*Z+Wm~Ho>Jrse5dYg&N+miX!T)D`U**;4u$1V9vb~#q#wNhvsR_X6M&#-~m{DtH zM$7wbRla>GvaVn#(H6lRL8zIdVODOx7P_t+03Sck7m1RTxGuSiES(PEmB-aqI`Lzf z!B`z;Yc$QSzTG;|(-rG^pqp1BEIr8@{!wjS(gc(0mskcU^`l}^P# zjJ&vV7V^vSh$@KYlK z4yb;jN&%`CKMpYSP?aDJQit;)7mps&4d<$cf53n$yJKaHl$wU2O`JfiP-Mp=&}>Kl zDyiV*Ww)nazCKf{L? zQrkDlQkDGybS_{znmU647&MF5r1H651EuJ)(v!ohsGCtj&s#jiR^VPIo| z$J5qJ$~;pQ_=LAw^I@J@*(`}*GJPu`TJiyLp9EBio;<&aCNj?QinGEAR5Bvyv4qyj;^%u;Lz?G7ITyC|7#Wl0(k*2($`iUy%Si_bO_KzJ$Ex*Sjs% z#0oa}IaPI1zDw}i!d`5uM7dEkGA!Kk=zS^rWO1{GuJWhZ1V2z8*Wst|aKh%L(vOW_ z&>sab4V3@P95a;*87Fv}&XRLiV}uXL7)7@tB!;&$N=9p0D>0HZcP|Vd@ZiKMl`-U+S9m`U_=d)1KxnBH-6%KY206x~&}&))W;(E> zf1<0wVr$Y=vazb2BUUx`QesjMt3mwdoKn0`wPbOhuoV=5J1L94@nZxYmwU!HG+3} zcGzWG4Tlsf?E_c!EJJ)jJE=0Iu`DpW)#4)}CJM5O3n&1HrnnIMD!7<0@m#?`#a=u`Q>V6R>J467;aEvIg(z4Y{22GgIG38j~nh%kAxswR~QWSX#l@gXOrAt9=DplC2~B$xfE zY-EF1-RRxW=@W1_gEHH}Ai$n;;&3w>jAE5-0YFjjU(IXL*!zr)+MiYDrZcZ!h{ATd zWm2OdH4~3fuAp0m`ZaFx)QI2iKS8@@6IHuhzn?n1yp;38O*jh6xGaNrRHUlT$l%dZ z>vUdLy+dlJ$fKQY?1Y9XQn1RJ%BFg{_(Sv6GtjQOE=VXG+;osu)&Uym&fOg;pt`N9 z;b}wSAfZ9Ulo7jj&P{6OQaxcd8|FZ?fj}{ei{SFjDJ{UN=1aLG8Qqsj;9K5xf1(yH zJS^Fe*Y6NMX-s>T7{Pbd!zfYbR%d>_lvhh$3z+&S3bpMl(1>I48HE}MNSfTmsj8I* zVepau`=jQDY4Bz2w5LZ?I_GzH80eqSg8_<|QAUz+FzRgNKv!K)GdB3Uti$2f7Haeq z;gzQCTU(q!mVP>ULA6yxe_S=5l{r?4b0M&8|@olo_n zX6X>*rP!pq?*{q%Br=7>B)88B0Xx2g^Qpt5eJ0Q+y!m(HCvn(U1*yf>iV;TR@48!EH<*0Y1(e+<+ z_2HGP_1O?nD-Zsv#pui{C!v>>LJn*?WZMB_OiCNq+i7`byPC=%Hi~}%D4sd&Z*D@qAkfv|8|z-zdFZ>}Bg&wW zY4DB{OOaax8EKAwx;1~l1|w!>Wnae6vLG7TM~5gyt=M3vCZjH0y48#QVa@xih;QFe z%NRy~F-)S01TQyje27r8bgyCH#_XL*5^&^)t*v8I3x#EPpU{CpCfZ}I3ZCu4SS8xO zG?q-_GRb2Nm(q^fSNE=R?)_Y{b;7y#ET)Y`>5ix@uag=pW^tERk3!_#%sDRLReG)! zl|Bo_M5Bk$w^OI)zN7D_^H#$1K_N9>+qlJ~?jDt5=GGkDe)H zwT!Z)kju19An3^Wn+vKTmW^G6f8U<}f*I#C-c0DZqrk3?mT5z?o-;{wgRjBSX1yVW zq(83WWT|KU14mp0;gZ{NmGTD~2fk>;MuR6muZT-6sfQ3_Kv;;H$Qzp0vx_ON1**qO z5_j~V(wThLL#U>JSzQN*$v@7wMi0r>%DT!7%X4K2Lu31%-IOQ{Q9jQ5$9hb z8$Ko2sLJZ1mEaYvjGiBW5|uG_45N;JznepCWZ(Pw`#V|9&bM^&VYUNwGmZ4p8f_lz z5&ijjGE(&V(X%*jDmg8cVnuHu(k||t4IM!3=&*WNIoF!sm4C*ThvAK))lcD)FH(2l z4u?0O3erf)sY6z`K-fa?Wq1%>IMLOz-a`NS?$jV#EGG8|otp-KM^bU%1>YD0wZ>x{ znXD;yvPiV&<ve(ne@ z6^qFRZ_7@xt1}uPR9i(~7y3LQ3hNu_^fu7|DllEm^^p>*r|4h$fnLdLw8b=onQX{& zQ{T?u8|bZ;bU*zJa$9)EAoJ&dLKywin^?0?8AfR&4>VENVx6v>kID5746+q?u*Z!+ z*%c_Gs%bWxpM#?6vB;Y@#hW=v*h2Q>%A%a0{M&D325g$G;yqwcx8=tIhoNodxM;7LJ-@>WfK;L^8&5G!}>ok4Y?)-Q zXF)K$kIM}0E|~FP<+wqalM3KH^!y9OQ_}3YqEgpS{0w-E^8v?Sn6}$IG*TEU=F7P< zNSI~hg4K+h1*dA-YRs-zS0{uoAJ;cfy8VSq9(2^r0uCjQ!p=A;XNgb=o)=KnS4p`Z zYjKopL`@;zy|YZv=;3JdeP2*@&8hDxZeJp-zQeZT#wob__?0V6Voh1iqr7S83jl4v1f!jA;|cj_%sk4$1)N0?>_XWek?71|&V$>=vq8l~Ee49AsQ z1wJ3%6RwliOQ$GDEn4!Qr)ZwWs@+6wSxfkxgqEbxYWl70#qrO=o{x2?75I)w_%ofB zuYOo04FgXU_RGeGI`9DofsLK|HaR|{=wA~D4i_VfY|d;qP6fSXxyCU# zvuMB393-_@g|zU^>4c=Xpm5lw@hBXzOEvgz_F-Yd5cgTWo5{7clICVXGqk(bsSIiV z)OI!osPQY9Vt6gyCHN+;^J5iNw!}b|Bcl~PX0{ECs}(Vp3+<>Fu?m>MWU4-x5diuP zmGhJHI1iBlD*ASsWh*a{ILD(q%T63(nIRX_C&$}P8Se)C;#al7&%j#EG2|1yFJE`5 zsBwS6#AaaRsYW=wDLAdUHKitD1wqL~>>w$H-^S#GhKr7Wr^oYDB(n(1_>E0yQ?u|z zcO?EhVVYaCl|>R7F|a>~e=hgKN2INLR0`9tZZ<+yw!XccF*r4DDOHB?2Gth5HjbMDHhyX&Z9=rM9{vg=JI zzfZ{=Y9#g{7_?yexX=S$QXZkueFMqg4lBMQU(F)uGHEGr8r(tn8>6 zS}hh0i`Tv(k*QINa>7!Xo_KoN$b^No0a;nHgmo*yIc*;58IAn|JY{>mODKPuE3rsN zBuRjfhT&}HiD)nymg{W=y>fLn8A<&!MCl%`2Er;s@QJMA*L$OVHBYi=ML76UoV=}M zSv4oWFl;fKPu?p^5q-`oIYeyxU+uF7ZYr*Dipi5yhb5&hS*#@v8*SOrAhP4%e$N`& zAZr8rz^<^4yY*^vcLEb|H7QgsqS})rx({ubw}#!gx}Q^vQ_UM->v1f6viJ$Uj_5~M zrQx}*eLP8igxQpmf{?cCu@NsF{=y6iFI~lFG!)b*0*`$-+@#k57e;;IGeTLhAKc&a<-e^5v~R_@^S;B@O3EV!q?=5Z&Mkyyg35*4*~x%4;&~L zBAI9LT>t_lWG$YZ+Lit8(3>x)wT>NtP(My)-VY^ik@jU2_ZZWB zvEHQv6s^ zu^YK5#zURWE0QmpxRHblMQI{r@|IIS$Yv!;GMQVljj1@8|4c?R6sHKA zh9Vtpq5Y()n#X`wH&B*e0w<;VG`q%?gdtvII)p~Xejf7$?4X230H^m=+2six6(sR- zK^ON$ThmMAjD)00HCZXMw!+pcAW1`=%V?>rFxFD^jOW*Un#-3nqhAZEHd=HlRDxCc z;6evs-FrCz4T{_QD`SGt%26>&DLWD}%Q{?iPRM{hIJ4ePrX*c;>C}eQ2``nSy zgnR#%WR=Dsi~g&$(7|loZCB87Nl@$3hdI-x9v=iI#Xqxh>Wa_3aXX4FZ618H3R3Ob zr?NFmsi9MS&VvYK>d^@7{qtDw`4>~)YNA`YXE1s)UL1Aoo2gbs|77Lxph>vu#e=H; zLs6=$@8XHh;mRJ}S!DS%RhrfS-ig~nPVDNep&7*R;emP_#`Hx@M||9<9&CPy2t0Dy5EulzjPi_J+iidDl}H{) zMAm%7@z8&^WKf&72%B4Xh`G~jf} zzE=lnZP^pMwP?^=HMs1g!&Il#ro?;1<7+f@*EkeQhz4MnfB(|BfO1V-YBqB(6U<(} zi*S+b(qRdRs>T@r9T9MjKc7-)Uy2$^qM`%W4FW)_?6|R<)e6Z&AkI?Y3%|hIO`@ncj*MQX=~6EP)Or| zs7f!k`H+3ejX`B{%HLb{4Zv^|xNXbWVgeoJ2g-W__bWz41oLg0`ihz6Y8Bv=pa{*} z1K2A%zj)2OPW#HsBs-DDRjuOavenF)h4-x0>6noL?u9i(%RypESgOmV{b2dr z)&0ViGoN|NY70e0c3YCI68u9v><6_UJnhap9VkpjwP&FqX_4@cj8hqg?m+ULxhDd} zsQs{_i;vTcfb`V8cK;P>L-guT;mFw41faZqlxb7|L){G3tW6jx$lo}m?E|80 zgu%3|EA6e8unuMq$Jj1y1QGIb5QZ1BN;j08mBSYYm1`CGszA^t;Y{vV#RSu}2CkPa z$RrX)l9p;7u&amHnwTk>kOtBhU{AIi=;u)@#pq-_Ue z7@nRDmeQ-|K$FSR%Y2F`ujC_jcAiw{d4jpdOQkKXWvCncsOMX|Oc(i4eP1SP+pK`T zTfqR@Dp)z_GQWhoIv>;(M3-9Dw}W&~+Y+Ugo~)reA#+soF)2xVR|G!J(d8uT+__`b zC^ixy@j@&Oj8h>JoaDZVIUb z3q=m}xFnq7Shfo>-D2!RF&I@x`7GLL+S%B;1R&d(-@{AWn>WR=Svpoxjw#zU@(ov) zh@~se7E+FOdqXHU$z)?2U6d_pm032l1_r5K$ssfjN3y2t^4h3{mU#;Y93v^F#x0>s zPf2XuN<<&e=50}K;l_Mahp!Eb{JwmOw+pu`UcyrSEhwenr>UG;>!?`;t;{FG5sXoJ zakC%El%>UFBc^;Z2y<`yBL`dr3i%GHF=kWBMaSK*cl`mT^e_lmcgkPuF}wIC)vLhl z_deDmkrBsb}P$MZ70voto8M@Oe}HxmzX-q~5?hl;}K* zWFD-j1rZ^$iK6p!g-`gpGGDb};;uhqOFV$15;`?1`89o9>tX9Dl?_P39`1;DpQwGC ziD5pLkt+-R6lSk)8Eq*l)vAW?WsDl{jpr)XK>oo+tOf5{hO77+rLKu_v<_*4sr1T{ zy%oTC#Lc~X#nx@fLB>H9fV7!|TRph^`WcGO8kTlz%#l#54#S-3S_z(?fxxoPqoHDh z)9j=qD4Rb_?u!cQ?!-rzwE1!{C--yPl-QjYs}cK-DfXLjR;J9FmJ8F)(1v?H(hgxM z7jRr<#D2gyfKHoE^`#h=|(g3u+YOVrr0Z zk=6+kS+Y5{au|@|W(tgdqBYWD)yTlnRaPfEAlHac6T3L53eBYhP$wG*U^N5L+o`j# z>|_XJ;L1Gjbg|MC58r5AbEB=Ns&S=L=4IoQRW|4$n|w-uiA!4d8VaR!2IsJWr@tOj zJNP$>Y~Ur2=Ay!{5Pb*QOkn4@pR`#T4;+9F2ZP|JeDiP38bkkZ;C6-7x}6)#d zU5}T7JG>w847M)DK28|^H`TYp{~-1Co$;}fS_Z9V1DkYN{LJ!hY~r@m{eP5sagBhu z+=4EPE`UrM{UXILtM>~c(yMe4;LU&}`X0!Ez*n~ShuFqFN0`)X`p3DSHk&fZkmG9}zjo0*3=?l$bacgBz>17ALL4i#r9MlQ5FdNU3?#!Wy4>K3qq@Bn^ow zs9xZ;H38^eHjJvS9!%qPK-D*!>Ck(HYd;!h^zo0e+_|Mxf@mSEJT9`=V9xSc9l4E7D8~4Fs&|!H zBD7J&5qU3qu@V2m>j$R38{F;Upo?(wZqlU8KhD)sh^9E7fw|lG!ZcnZ$mZYz1}7TZ z`%Me41@1Mts76U}3HcLc$@dBUsQOev;TU*9jeq|RefoX)YNV2Ozq3-<)aHrQ(dV{+ zqX$g^Ld`am83LOm2W%1x9bBJJ(4hCx?EdkSb13}o$lBsW-ggL+6;bIf;=i<6zu`yp z(o_AE*`V1rSR>+(;*{cMB|fVOpnjadb`L>RU-8FcGW_>u^??i@hfFK7@M%fsn6e_1 zhsjv=r^CXd&ygeq@u8tRj_x`PSM$8g zY8G^=stZgCmX>kP2D82ous_6pSa?;lC&t-Ys7x3}R@azLIRb{YV3e!XlF3ASS)2Ns ze=*3Ar1P{54uicN!_W2=UWG6Yg} z9)lpsK|N>;uOL{&@o%0?sc9B0ePjiKHAmSYHsEm;#;3q(E<<-6zJJ$02$vZv^1izr z@%ZEsngXijw^AZ$k_-!y;T7RcPLyUF+iN3FH|s#L#_K^uiNrlo_vMH`8bop~G^tcE zW1)kvGqi{#*EZ0=hM>oC(1L!K{#|g3+2@wke#cBm!V;EV(+SQ8-6V0Xla50UrUNWA z+nfUT&&2_E{H?PDUJnBb@y6^e@9z|c0sMiHdoz#qkOsa|{HX|}jiud6u3F3gxj$`G zq}kG6Y%(go$4Fb6mibr@`@C3*)*k%gx!&%^F{?gT&VI2d;#kYWb+z)xv_u0x|974QUCKc zf&cd$aeK#wOyn` zI;6W~=u%3gQ<`C5kOt{ex=ZOEN#hxctxn3h8A;*7sqA^2>ZBunb^b{T+sR;Q9HrJe9uX%jbINDI>K-aK+@XocDAe* z_XW`8(tFzl)As%&so@e@GoQFQRDSp`NDU)`8a_)8<_&wbKI7Oe=dRMk(4Mt0PARK4 zUIG}syt~CGagb!iAa&KAouvX3PmG$|&^^u7?vW!!vpT6UCAKYtFF65c7V!2P9C!7L z=D(;CBZ60|Zv0}SvvW_I=nw>hA&|$xuo{8x-YRH+u6K3)y&grrcCH2<4!A!5J~OKm zsGBev&~H|=^9#;W=W!g!lzw_oXu2E;6R54gHd4cUA?KE{4mZ3n8F4d&c>n4M^S;ss z8a&3R-K=XoUs;qQekt(ol#P3}aYj3%=f&Ju z(g>nR-hXcnHsSYQ48ly(JB9lD#mL1Bz;`A1xBSc2+WY7wT?9B}eZK439uSW53xfy%It;;-sB z25h6=952X0?)!=4sG_9pckk6adj=*{2d8W!8VBg(M<7>Uwbea)9r{imyB!m=Zh9&n z(Qzc*5LKO;FX{KJ4&FOoZkMR|`dfT!CrbTnCvLZyv%M!0quPr0rH(>Iv|Q6cw)c(a zoZFn&<|gGj34ulP#ZwE-Sgz@?bX~vIM!6^9jO*oMagv-&#}NG^9fLJm(W0OU$3u!4pws^#_Cr$uQk`p#&|dTUfSnNEip_a}O-S)Z=G-KGC2fSGsxHLh zy<3!$VvyO41R%}LE;PQvDs<~SZt(td#g|nUVjOxKtp6j-@80bEC5|fQi;wTw6*yrK zBlOr0-3uwiG3hT~JXUeb7q95?Q~J`~!?d})WU@Z*N39~a5|Z~GQas*3_V>my*&kV{ z(6gXE^P7F^rNN=#*lz@ostuwW_CEIZAOpt?T>sOM5;q=V0RO?siS~f7MZgrK2B@-g zWz@uzbbziDt+G)jrbS2#Wcuz}k0JxtYMTgpG8v$Nt2$(QZ<%o}cVuJ<^_e z$erUO71ZDta<<=-OFT01Qf zb|9NiZdjY-)zSl~V>VBEzWMHJ+DEhL--7x)q^)sNl#CY6B&_UO$DAj^-7343SAiA#lh_Cl>R{(}X50Mhd^m*gq{C!)pq2C{ z>bU6TP2<&V&FPhwqX6OXK1rAn3vMBFp@$>Bj-R(yPk2ul>urw}t>m zZAOYH64ob_CGb!P?c}?|jBt)sBRU&H`34HL3=*zl70&yd;Tn14Co-3yR+uNJk~vdq zB2|%~fAG*N0zLPxY=iv$%+OGUK6ug%G}W};VaU1X9J3)yTs;47zf(bO;-i-^7Z!`vD2|-YXKw>u?$5Wf zNJ-HJ{oFD2Fn;?ez!eai?pVrZq5V^QOSRcYR8qh`h;Mnc(wp%pKpa>_%R_(?soEKv zSvY?Fho$jVeAciZ5%WWEMsM^jmC z%ynms;Ha1(Y1ehwp~2wjrl=Z!GjVmbUt_&IEd z>-$Cu8fVqRkiq0J4n0cwydG6YLvb<{G(Q%@?Wsowmt*uhoPu0W{0FeaD^qFSTBT>j zI?%lv!%`XO*YeSu^|{*%ebSNcqHqKZ5)~<)o3@a9=(_Y6mapgX;j-XX)I3WMoXm;h zW(Uhn;HW663jBqd*n!tj{V)G2?rkcjxC&-jh4D|0QD zbh*=oEGdk2hA5A2mEBy`*C!pTO6Uw$Pv}p%KD*TY9BFnx-CFys)lET}EFC1X%*$ek zgI{{HzM~4*Eo!VzsKh1V*&0;lbKa|Q8%13Ap1vSHcR^NLwyEvS z;LMFv`ySV?hOBfo1=%$90d_YZC=4RR3rvJ|T>S7fChlmpf5#deE_@FF(|{}&`Im_) zvWlM~Hbj3>c!Eg&c9wJhgO1B5Jfe@TzO(!+;F=i%qDg=gy<84}?d2%9LwWK9cxV~C z4xHkFzDzbBEubM|Mm~Fszgf5cpfljkKgI|nedoZ=?k{_9WIjV?1>bMpsc0S6{?P?= z#}lu#(xs5&a_Ug?cpd^CZwG(iLc=H_as7svwmvfzKq;c9KM{a17ETV}ePu*wXjmQj z?EJtF1jWN^$J0p_U{M~qgG9iTE!H?UZ-+W&96mK7{p zmLWw0!i_V~Zn6+%=Qein2XJVH6ab#r7jf{Gql=SH@#Kc$ad+-zomKRA;gBvlx5VwI zoXAKfo8;rQd=;%QE$V8+)Bf2wCaThb9VLi7mW`GdQ_H8aC7hAkS>xN(&)TFAdoeQZH@sQgV}Ng762pj|L3i+S=To zW0@h08@0CL_j@t)!}XWXoT}8QL@ilW--@EXOa$Ws%N9JX=VSUKunYga^c+ZZ+cx{> zq(l6!X~5OaztEBt{EfIE(3Cb=r+k&T_!Ly`Yy9&`Tv(7&fI>1Bz@!Rz68ZN*rND2o zCU^zxP;c|X*FJ+P+d_dr6>0`IA?{O5M^E;xS6a~mlqqfah|i9`fN*Ork&E=|6k=<$ zZXp0^lFhk*fA0=givliI_y5#(lJhK4!ICQ#SLkWrEZ?q4YhBxZ7QhrkX9l z3>QIa(2MWk6tg5|>4h?1k9I(K=P0mzR1X@grZx8_I$qO04`Fys3ku~iF*dKS36I3+ zbPB2Zd0fdQ)b{jcF2;Kxn#L40nTt!iLds@d39D|j;YVD>gQd%LeOA-^pn7hT~%&dXGuNPN2q%Wgza1?qXd)k57SnT29 z{M_UZrYYi1F*xbJGW;YBaq<;?3bc-Ba!(a0UpL;-t%I3~CmU3ZuH?G*jzcmf=OKhT z`plqm3Q|C1*H^;tr7l1b6UzU%XMnCh9a_AR6+N)l0tE-yTk9e(DUbYvLE3@fSFv=lUHK35$mI`{8o3n)2ZL~ zW*ABxj-iM}_o@+k=^od?lKmcc;0$`o-z!CBc_a2z72cTEtFeJ}Nq^L!w=U!ql@0hV1O0X#*`6~P`R-#o zi4tLT(XB< zy}YKqQ3`zwWWw;H?{m#Uzm5`u%(`FV>&w52jO(ZOyW4R!QOWOpXhy0kyHyZ)k2|LC z*7N!{H1(Ig;{Ba6tCdQN*349AXDw1!hZ5<##l8)^YU$s?Pr%UZ>1CbRcvo)X`>RSu z%pCdBm_;2VhNB)u!c^mh9MF^txqMaSA|nNCN0Z%}-0+mLlnDM^aBOwD{7jdE(zgin zCjBVpp+lCRsuf%bqlBGUss;GlWuO~Ps3!lInTY z-(O|upA$$MWlOb4;8&3*89?OpZLfTFmrQDBi-~!fMkP1s9jm_ZvXCV%gv7FUql)L) zcH8IEm-3#$Inu{pMkaW(Nd%5a{Vmv+UR9O+V4D^v@ZO2!0b2+(Kl3|P^8I&0J@9%? z$`3u9v{Nsr3;~NS@4+0}_x5&{Gs=*9bK^FcOk&fRH~9h@6`;=iv!vD>KG*+Dp9$!=ffhe+whhgW3^Jw?*l}X zBlX)>CzOp@mo$>nJ{bYH?d7|29;^wzq>4#k7TmGkD0(u)4Y4A$b@8WQaFz&PyM+0U zU#!icH3htO1dx3`AzkkpFv|LPEP!j6m3|7XcR)$ccPYQHWvLy%ljmWu!zdc`h>Cyh zPlw1ZdFmc9-l?LfPrAtpgu{yJ8!H=^sIhMR^+Hs?OFvyd(0GW~=2eS;U;Zx*p4>r) z#tq>yY1;%-(NGV$5%VWMOAi(s{%XtCp?@4*A%0hb)->z0?tH=eCNT{SLkXl%#)wf2 zafYgAq4?;#$ZWd{o5MWv%tPgHqFnEUs8yfN#2jvCV;zFYKe}NPg^cCX?$MKgUacLx z+^0EP0($lVw4@Sfmpb$<@4VfyQpsS;MrOru#l20_NCd}Y$2eMT!kCY?uL2i=bPW5C zRa8&7M8nO6fWeQp{Al7V_%>p&ZYA&2p9D?TZ;oD8y9Z`2G@A2hZojO{lQVKecB(#F zd;0kLfc_uD>%0B|R_URI_NmcfnB$;*yTzP0sm)oZMAH>j7&7Stsm?r{sE%{KEN^D$TMJ)s`7X@;4j0I`Wg6Edf+Jj5if26sw0Fy3jCTITRs)T#==dx&S>=?m+FCJN8)O4; z6sUR7UCR2|ate=M+zU4=90*h>C!NzlX0c!_hvvFUz-dmOQQB|^(XQ$uecFE!T3O-d#ShGCg)F7Rbz(ne ztT|0Pll21`E=^4OR(-zQ!ULHs9Lg8JUX}%8<({gi7Cv6@%uQM5aiC656Q-C3V%hsvo?xc?}n3?Cg8CB zDHDLEZGkz2%ejh&dIwKSGFSSF0~JxX!YOZeg#Xo-CH6BS_&zYh=kj<9$beDQ{Dx;B z83!8}*UtzqERhEr@vu{%jeA_U57X(!_A;BaY(>AA|7TZ5Dx=}uR!Nr_IXAlpaCU$! zQM>=W1#HRMSDNR9BypY4HnQB|?V1uR>q~AYqeY~9}MX5^0NZy^=sSHl>hF(NI%&7JkD_F7< z8K|^DYr#%mncxbPnslT=QTib)I^SW+{MN69I+}WxR-la70)8)=M2#;!k3}aJZkwn1->VobHnL6ej`%wybrOH|W0~ zHNa`oPTgxUO5_kjLQpDzvTv{3Cmr9+TPm-w!yjlR*dSFtSj?OV=X+f}s|`|3EvviB z*(Fm8SA*~oC!wcBR)tmML!I6z>3)$5bY=r@jAHp((P0;*Ir2+PY%yO zpjML6XrO01XVUtcXT-A97*d&!C~L^sC(vX zmSJ~zGXfL%x#)-h0GGMxa0}qfqlnKHpAYDkuUkx)s}``frfFc{IHfzXz>;bj}jd{x3SMEQ^bxBXP_oVj6;r zdiH2E81IWsl7OD_>Y3lmyB^g%EPW3aoAT1$^sa=phyh7n+qm33H9g_o=505gST|$D zq)*+>IhWcAVMO;IhGaH^$vLM3DfcGp`g8pBeacY+?cM;Yr5{0d#yy?mo#FigvOlM% zBC+GWt}SmelppBw!Q(|Py5xjh%W;aSh-o`7ij$sUGCzDo@7xH@4{9O{qo+PFA7O{v zEhCAq$Nw2FBKZ~`@D^7ns{fYvg3)_#74v$#pt<4^6kRJ5I`%&6OvF1J@*_0QS1~b_ z=l(`Bv-Z?C$}&6AS}P^B2$`L;@5e#kLFYw#K7T2u*vw6yyx|okB~W5UXri$fw@4sD z9LiNWpEa)hJ69@j273};>=pjDsmP%kK%9EVFR~Oy`!b^@?j5j*g&^(k&2w-=*c_M)bF=wgSL^x z?1{^kiOQ%&Hbj@z4ML9!tbGg}xLH~fG#;g&_UKEObA%J=(8Tsy1iBu`wn|9L3%^i_2E1zLki$u0qSMkbE{+EsEsXx)cl+d%reJws$BM5_dXx7apMoY%P0YOk zjkMB@Cr)R@5*f7e?-;QT5^mj)%12rv6>PT!5JoruuMsODH!sZs7&e3;_OjbuvTW|8 zqO`jwRDBZf>rjuhWE&ZXtwVkKEk@t$vTna+kKA(s;Y&<9(O-%w^S!NKFo&pK*Nt)Y ze~uF>t4VzwI3en&v)ANVqUz`5b+zWt@$qh^-~m{~IzJfa+CsIh)XY!c9c z=1ldh&AjZ5X~DS@WGJPDsr)-pMZiL|U)9oG-rAw@q1stAqgY|-5&C!u>qac4wMKPPPjsnoo z!g+Krax(cnAXbw@D%I*Zd+ZMnvmZCK`>Wz$J26F`yjX;gy%C<+ZM4OP3T<*FnQb?X z|D0GXkVzOqH)Hz~H^Fq<$I{ecCTXl7@WIo=mLg5kYSZC!aUWkTxzm{?;^E6O(Rwg* zEr(m}Id5a^kq>PmTUkxs2PQGEBd$z}CVEq7blqUBdoC3+ydNl+1#%w3i2$^w%mZPVtK!i(14ZV`vQOK%yduAMg=^G)F88E!Cn0aycn8*M@UAme;NI^K_RiCf63AjH=^gt`Hh*Sx)*JZl zNfC!$>%3?lEA-`il`j3H<5Br`5fBFIH6ZDlCy= zq{3_Q7wBZkg>w&YBZKyu*(nKfS+KU;fh*OctxkCCjzZL$bE zD;A-tBqivK%H`>FdX(F}{!W9%o6m}9S950YeZ!(&uPGH4IpoX#gw%Ft9wK<7Q*56a ze3$q6v0~TR)qWV%LcChZAF_!`Zz*FWN=5_h>TQesY_1Aj>@DUuxT*2D=8bOUVJ3^L z5%0QEf({Tv6Nxkg{0j2(Iwa|*>T|nk43d#NHxuaVCLxj!=kX*2iG>HZW8=&7;~E_@ zgC+G|f0c_fVO8aoC0D1oD}Tru`6>^K20}!PJ|kB<0G8bsi<$O$wlI^O`P7<>gXYsY z8k$h;!N~Op?MZ-tj+eY7LxRWG(GnX!?|1E{6TU$T5jP1i$4_4_lYjDe)y3JU4>!jX z)7fhO-1qW2-3V0usWxU`IX=>Srt;ZKH)}?SBQ6;c$nGK}sM{(oV3}#;_N8@i-obmX zq#w+g@?6G-Y1(V4)mi$NPvPPf>Q8Z~$6UPD;>Zt3!XvzET0SaE^Fe8bX3-BB)r-Fv zr%{4YPzg|ucusp>4^t?f7*{&7TPf{XdTlrGIjT5_TGm|4X3=}FAIxCD2+}8t-Og)I zL*CFkzjbiZqn>>+>r7ZWqu%6qF5>t78PpTL;2Jfx?O?ayFPi>CgS-8O==fQ-jYyvH z`0CdqxJ2gSgnGZ)seVOkZtVFUSL4BU)BI7!4-KMZKPkunN_laibFO|y%lkN`0^#90 zyjXSceCUM9X;+`)Laqbx zxbwkPq0?ds1HH!-Ed$x-)OJIs%*Lzp_hLaIY2bPX)87&M?eGU*DC7cc=wlHMm=9%o zf8@J8LC^Wzu3g!YBE`XoyP)gYaynXYSRhs?tFAFqoB^zfY zIZpyFdxYh)kX8_k?T#Tp!{(6xkB(?41M+?@FU=kDYsj zlA)kbM+KvG)@R_j8*?z6O=QNG{c=@{j29vPl-2XumC`1eUav91!3`DHOTFIOh+Lzy zem{N&o&Fbf^#0?h^!Xe2(%i3Iel9;$^X(6|n6vj0Eum9~_YRc=`9@CTcX?4z;$%DT zFs60snYqx46`O~1?)laIA!eN* zjuuzRDRM{h zJ4fg(2$HuKE?8Dda$Rw&d$PSa7_nK5gk|~_&UD*1Pb?Bby6>RawtZ{vo>$4Y^19=1 z4fwLhw(6u>3=gCc*{>~3sIGS_Ja=HEcZ!+=|0`NnBAbe92=J^2hD`UeqoGHAtX*C_*&uYJ_Flb;&eAzvYD7W!WsOHnca literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/images/auto-enrollment-event-id-102.png b/windows/client-management/mdm/images/auto-enrollment-event-id-102.png new file mode 100644 index 0000000000000000000000000000000000000000..39383a6d1cf51534ec301c3b31cecde9908f1202 GIT binary patch literal 31984 zcmeF3cT`i`y7q%8R$wb4Te^avR7Hw(6%pyuJBaj>gce$8ih_dl-bJYbp%Yp_Md?Lq zgb;cU1PFu(p?nK<@3Z&5=bU@ax%V62KVQaR$ilHg)@07Lp67Xg?|k`CO@aCp<0%jb zM6LMXo+b!%v>F7WU_U_x`~;cTJ`Vgt;i{={7li0$UIY$~+T2mS0|J#soZdA*1{|Ms zdSKuR0$sRr_(h?p$+-ps`8-#=cSqaPbOj4_I&YIcv7K>dhq3|BH8QbJ$igw`fqe!?D$aYf5E1m+SjX^8}Zf=BVLwh?n|ydvCyPeLi%`&x~{dZm9CYJ;)5#h>ALEpsydhNA~Ar z5`&z_q99snjtC5=NM+?*&9NHi=^z!g2HwFzrYsc7gw=o7IpIhE(ZaYk#U{)DjouPA zd5T|w5g3l!^#@ylR3uw4d276@Rsp1>qaC1Z7l|uEjz!nhM9kEUlM%~b8%(Oe80(BW z_m$+`xfu1C{(=l8-@O=@iT4ywjevIn1?b!fIPK|qo@IhyQtPHD;O}H0v;WPa#&56I z1PR0GdQH9Lw(J>`E`yHC)X{uDWAOIj8L`Y0M-C4k@pHUCCMCt{eDM7c1fsvz7g+G_ zUAy$pV;(uRfP&myZX&ZWboATmEMc~T(8itd6^21V6Qto=t&{u*S8Qky?-&ls;YSbO z@_jpbrRSg&e%^E0f1iZ!UD6NrI>Iw{P*eBqQpgT($U%#wSk}S8w*Hv!stMD1OeOAG z-GYTlZqK4<{;)Yc zp>H-?E(iP4m{5m}IfdD_G|82!TG}7ymS}1ouXgJ$LXP_>r27yQy*7Khti!}E?d_3C zv)#MW+ar7=JXWmZjmbOK{4(h}H#V%;n(9T#8k5>lGp`klfHJqgLj3+`Q9Jhn-7Zp9 z+j3i)&^Kw4*xJMVxDWp32zeB1m(Yc@$31V+I9YNIxv2yV?W|0%Fn!*)uw(N9*Tq^` ziQ{WDZZ$2Q>gz`O>Nog27iJqx(&9SirFxa)9N|&F3vSxXs6+X{%jDx?-TcQEsZYu& zLZ=^25;*H;_~~30MD)Hf3L1y|ly~BU)MYOBL5_o33tntlJtkM4m_-{npmxpLb~Q-S z%ZHbGce_>F@aq3s8R(bWe%y}2`E($p^4n9uUi;cDkVtOAKY zU0gha9Q5j-?to9{U@2Lpx{_9H=(961S-9R)-n+QA@ky{!k@0@SoS{!IU-7OkV|qu! zlY+PpvUzd-dqW9h7Sur^A+O--5{fwAOyLHk>Xu3k8ou7xzPt+cK);DUeHkl`qw5=b z@3y>U{+vL+rMf*m9lq{yg!b>sCS=p)?mhit$4lt7I~CgXt}7njQwDT9-1-^ zH=4;fh;ecP-jY#(K{Zt|ZqvpE`I5x8PfP^MA zoB2KV_jNX(L~MI}*sWvtz;|MN-NyU)T7xrcfpwcbJ7+VxY4T1d&_kHVQ*{r@6-J1*S0#msm2} z{f3xRQb{wWOP8wr;QR}|=`lJ!sYKw#n@*dcho;-DY8T6@=B9=Tf zR@B21Uj##8_WM*Xj&CLI+AWKuMs|BV6}>kz5>df_SK3Mr_tr{Y7sENf8u_&XwGy~R z2YMapw$l50uQv4~EI#+e4v)gehUa)!Ev&^nB<1T+SAK@u_%eLGdL{Lf#5vlxZ@7~5 zMqHJHxxD4hGJqp-QPfP9O+jH>;w%k$cdn;7?nf!qd({$da^t7PP>{p}e9i!dsZubT zf8a_#F5FISlYuqH!2ebR3l}}))8K=q`HaN*U2_>Otn4q_90?GdYa@q0&yLSGm{b(x zHQcRQeUn(Q&qvOwb2=Q&hr>c~dT+&%9O!2>!6^y7W!`+8xxK`m20`j1Q~l4S)Zv{( zJzf^LGE0>WBj{j;$z_b@LuXm8u8f;WOI`65>`b%s_^H}5ZdEb&l{-V;D>4!_dFM&{ zU*e-agatrIa^jm$WS@yY;2xDZ*?tvll<3kN$E|aqmNg#F-7DI{)+VO%wozZvu3-6a zu#IOc%r;J<4L+mw%oSnUA>`3m($^@ks>C_WP*_36oCW@~URn4j?`VnlmA+*68eejO zN)JCZWE)i}T%CPKfEprAXyw>iU9vBCEUY3gG_-ZT#ElCtAz#lu#?X1hkWhwp*Tuj| zOcMp@nSohGuO&%5G^Tso?0N9XB)5a2l)8=_CT|%sOep54eb%k#=e-n(=>eyN*5~Mp z?=OGT1K2_|l@CG)r>RP7%6!w>U(96c}N5)Q6vnNocAhEGpH)i!J ze5XcERDsVLuPXQWHu0*v?NyGqH@X$u1oOaY`<0b2?GRZCkP`CD3fku`EMCXWcb0Qd z!w&D-KV}h(>{4uLGm?E?Xvy*tb_EvT(337rnC%i=88y7))IpxTM{VnM2cfY1i7+@g zXq_JwHfILh^G(Vtlr5~I-#5njcj?=)H!5d5@W^>86!(p7Al}RMd_s^YO;zYFX5m@# zu*v)Kx)&{NN9RoIFTc%soGM~>z9ppuwNFBgT~rp7;v!;LW6W}PVd%#M<_xj^TWgI) zN=xR>L}hWo@yKvrOqRdV!#2vR?D^D>7^kSMv1~6rIL>ai_nE#vy&eX&+9JP2GGtZW zfLwjRC>GeZ1Z&%FMltgyiGrl0qA~94D`=}29UFt}Aw62-qUGT^*0~2pvKkSYB?AFO{UQ(7x0oaaZhqVh()fLC}D%1RxDIfWhJTkrl4+uh1iVB)Ij+4){a7r+5c%h7* zHS4e-D64K{416`?-0+kOaujP#RovFSD)`=zXi&6?tAQ}EbohVP9pe?LsrRGff;X(1 z_82+N7LIG~Njl5X1p082bHqw>1a`voG@7XTzm!enFqdJo{cY!Ow=PnpC(b_{TOOr& zKBi1z7;h5FMstk)jwTcP&7+@~7*l;ss1K4-T$L$@6Xs^G`L{mfJzfvR!@j=hE}r-H zPrmZaS~?tE75Qb$l-yM4v5~q^D@)IEWU7C{ea#rJK1`18qXM1h&jcrY^)nGL02Y#p z@9dCQ^itkzeUC}xaEr;lqmh_E+DxsWx1gyK%gbPm!Dz9Y_1RDI)6-f1VjB){2}mnI zjW!(Ytzx#T?!{Y9--k97Q8S5sH4pW`kCuKY!q)jK>?6nF+J~+IvqACRo1l7;%uq=X z>^Q~vn`s!|-({;)c+#>z@4w1g6keH_JDY7b1Bs(GyS8!K`1P*`^Y|%0c@0V(#*!V> zxI=t|?7lw2&wEhqaxto=p<$!aXKQ%gWfpp%i!k0cDp%Fwsy_BedPj4lokr!y?*Ih^ zn`lr7WK$Fz?D>DaoV%aPJ;Nrw5php4psUlzmch3Ww<(Sdnz-;&Y8z_Eo$vVYi~Ql? z`@m1X$WL6-SpIPcxQimMN78^#1YVwz`xsir(YKW=7=JMwE5+64&E-loPCs4Cu$rj< z-VUq|f*UF#e4_M=#SM-Wa;|_(tz5Tmv6e{h9pO|=ZXpxwO1#|{DH-N`| zpiz%B`VuuYb(z}!4x0>CxiHwe^DHE@mC5U^g9DW5tp7gPqh$t~%vs5Z?C#2Cs7mcFh?M;ClJ6&I~1{#gp92L?+iF z?jpTR;pVzPv;&Qqr(aDZ%Jg$~8kAh(vwbRw$+7!d%+q?V*s~|SO6+Qg>%~R0*$4Fk zlbcxAQnsKBQL78DKh7$8wi$8Fd~ramiI`S1UliP^?Tm?dQGua&zmp^VR>@=xoD$RG zH_ab>fL@=dnUsBDmf?k`ox!fvo>yiz^1o6+BpB+E5WEH%8hQw^!wb)>Pjhu>p}_?7 zM}-0QDJHNBW96M?;s?W*jGE|29xLx0H;9zn*w8dGvLN;PhT5oARhcg`8bxQnG|l&L zU`s8GK{e=c#dBqmKG+=9r?j?0JG=5HE)< z$XP^s-giBY(0P{Rt!&Zv6}^a%=V!Rr>@viiRTKyR;Vnc3a(B3}77?OSYRl;`uP|PY zXo6$-(q@)k^YDDoy$DkT*TqC))s0}&9f_t7m0Who5@$EkT{ccibs7fm;v72Wz+NNYb@Q)1#o0WNNYg@q}yIeZDKNCMQn2j8|3gI?<`>#UOg|0~<(RwI=O$RFbWF;4;L8wnf3J8u#M# z(MqL*fYxEL3a(IfI6kcWGUeV4OfY?`UhC+@$(XT#Ye_!SLJ}hEHiSynA7)|+9-)k$ zF*w=y{QiddOg%R_Ip@yI{?U@B*11+?cF1e_sSmb~f%5b_23Yyyz%A~Z%Ki$*Wcu5w zz+)DNF188cvhU$fduR%`^Yyj4v%k}n;Ln~;kX~%ns zU?IMkKJ+h)cVCZ3*RHso^mg!Gbo0PPGOrj+^|8=ap}|c}Pd+xCyDZ1x_@)<4JM{d` z$76(Oa(V#lvSvQK;s``abBx8rg|S>ndiZMHQkUpWt-kXiCk9vTW7`(#lOwf)nV$z= zPIhQ;-Kjpq;_lBYeIcyhrCsp!?us0lYu-!EI_JBcD6KoF7T!t|x)RZ|dJ-uW#`_4> z0j9i4;;%Pi8(5bq!eO_H6tW!3)Fmv6C!e`l2maAcq#U;yRf-!FZQGXQ6a_=culJ6E zUXWg6-nu@XHVVdN@0Wx*C5f23BBao@@*RZZ&a24}bLo{N2c^C6RWG+&^LwVo{72o@ zY<(-#K6^g|Za3{)qqQDAH1hSX^WoG^I(ld&m};7Dcj~n*%igv*7%Spq=gV8ZpKv?k zLsw$9?ic9<-EBHif9dGlC-6ed{okyGYWo2G=A5{HVuT{;S?k3FypvI!TZjysAB(!> z!p9PKim-VCs}CFS7$#Xqx*kdg~a5m2o_F#rBayN z=?}V_-?XLje9TK%V)>U&z9y|Q47CTNgGy~%*mT3JtCjlhTHDo?JEEflmvV~e`gjy- zgRBMwEi1TFe|HqjvR8b=EFgQ)_fjZE-Xkrvj1BU@K?aMrFpoM~Uz- zs#W`*i`5vZx~^ButFGcc^DH6hLCW;2nvcONTb~~&8CfASK%n7vyNGzs(ewgYN7m=? zH8@fEAyVoE9GxY>FF$f^wT%Pgz2WkyB5Zo8JSdTrp}i`VBnGCvN9rq zkyM7;**Pg6m{iwY9Tcf7E3F+8U4AD9i5(d+9Im&E`95Ql#Lw=f+~2#Pony&0e@}GI zy7Q*V2WltZV&>K4Sa$s}OO8>B82m*sj|5e*O`k2CC0FoZEA-SgLiCa}1$|b7$HxNp z@K?zWSG1kOBI3;^4~<3sp|RMQsi0|Feji&gjH}biVG8{4{8*Cj-uA&9m89x(KQ2Gk zKmmW-98-MGo1v%d-%Ulb%7Pz+2afJ2$Sl@qe%uFM5es`sXBttuu9ed#)4;fK;Rrns zg8EB|QF0LGaig>hW>IAAEs0j(5twO9pfy{JJI2ICDre$FmAWz0hbsQ3IMh4vSHMsB z_6L0HIwh$+3{N!G9MN?rp9KA)AGBqAvVQVqun8PtT0y5bevRRj3sKp=1DM0wx!H=6 zE7D$`m{hmadZNLDKKI&&Q3-kn!zB=!PF?C!ZB{9$ZZkFGv}kR-(;Hde1+kj*AC2P8Nxl1{Z~?{Md|*NcZJ%Q4ZV?a-@b z-H5^-ld22#OjUUVvAY|d7=q9s$1{9RDe*1q!KG;oe&LRZ@$HKwpiM&CTz$q=tXBQW zu>(yX53Hfa+#J+AV9+tnN(z-G?~jF&9BEs%wBA;Bf?smJHCG6c({8*xV^gbrp@28B z&@>?xI@wVgZAbauyTWIscgnI-x~uQCEUU1TeY%(af;KDOJiLN$U2YH0j! zZKgz22#lUXYI;!&y>n*4;+Yb9&BerPO>ZW(%_;-_iiP!j3}QuRQV(yq4R@u>5*p(N ze?ICjv|($9TzxouOOjnxl~SnS&{%K-#zOR|+8O193r91>t2Jkb<1fwb=G{kavO;4U zL{qBCRkXM7e0LQYEVj}4o#+nLK4u4nEg~pM7LH1%|o_uZ;>bGoI29a4?#2 zEXHw@IX6C|Xmqw%86_5-7nmSv3}2*QJy2o-MLJ#?d245DfB<(nk^B8lPUB@w_M%5z zM(el+?K-^8m>Ih!ykE^`#Z<{CkEo%!hw}Alf!uLx1;b4ws<%t7?q-kH!!TP@eUmTe zyklA#bhyX&b&It1^f2$^yBo79O4`~yR%B|S+nuU8xSdtvn=dyiJFc7Eb7(yCAVb(T zIj#TPt4D;OGsBRu4|>S%Q?tkP3mC0uo{^~(gV$RVN##vH-9-}^Pptnurea?la^r`& zU}BIwTOr`SG0R$;Yjr0$wGx}bw45p}ZboxuPCQmjlHqoe>};Wxf!40mRnW=k5m1tO z=-8KuW!yVhYgbM7ljR{3p%vOEPO||d)kYelfoo2+UE;KSJ42$c$W9dA@zQ~fdY%c2R5i4HA9b9o;<&z%S1LOPm z?=P2p`dON&IBT_1T3G{$85kHEX`6?RR+|SJ{oT4mW8v#wmnXjscXs)5j_-|mShZ}elz}m#IaLmaR=-EyDfxqu%GsRqw+zC5NszEBIk7ayF3Q* z7A>$E|M>R3p@t@{z>n`A@n3p>SUmzN9U;1eUp^}*2(-=83Usuv`SYQR&5*b%2$n}( zYW>;raGe4$rEJiL*8#kE<);mHLoWX~;L+`+0K%fMSFc(>el!vHTr(IhwFn*<930-m zk2gX|bue7KG0IzK%#X~HpPwJUwdMZw=ZDch%b37pPb08Wll`G+J{=bs6ht*#?^T|9 z5Ng&zOS5b2=egEn<-CrN0+OgQFizB~YBpfly%+!8cz{5Ku>%wWX+TDJ1rS6m(RsZ$ zDyu!!_xC%zwpSQ7gc_an=H|N^J?5>Nf~d><4}J@9h&~K3Kc*FA;6y@ztmGi_vRzTRUMjLoq`I4;iPiA8;bUf>M93 zA9PZS&c`a=F{NvN@l5J##pupA^bn!X-!#E#2Ve7*wn_c(l@DGec$v(#Dcl=b0fD@( zRGtkr$O-GaZI3}V}(%Q8a#{t z_>?cvYQOvGXi`SP$Oz+Msv_n3xQbdC{WY3TbyEptM4qrT`IU$gDiywjqLtxz&v>1; zE#RVvl)#19Mc2) z1zqb>>#*#HXlaT^eJ>G&fctZxT1WIR0^SW+W<6(A4_#|!{Z`-3PWRJYVzAh3UodhO zSKL@7cb-`D`Llf80x)r<7~)tuSsUKsFqZmU*~OOzSo+;vH>>)u{F*eK-H$DjbE&X- zsq7*3)f7ohd;FBg`YSie%9r=eWc3+B*cn=t@$e%`w724-S^d_Jyxng98DMAOdok4!gRX^I*HwR9Zs?{S*?OfUp4^*!$mkXch*g& zic6Q#ep%qNOV^kT$E9vf>%J?jQtTeTRB8vu9ADuEy*IpoD3_8S(7RYGKsH4`&{41U z<{I>^!VK*%vT~1daOPDfhvwP)%Y}3wR z&~yY^@H$q|O>{VVIP*?db)X#rmVdEDE#hpzFB8A0vLv;wLltpqv zlGm?*w|4Nci_MRm%@wxLl>gSy^Sfb`x z#k=;tDGkNwivh|j-E->Xb{BU>YnKu7>BP`efly5?Et`a}!9i0ehYjoD-G#ShZMy|P zImIE~-KJB8Mv|9Oe)Ql7ZT8TmiycSZ=9itS36SuqzAqEHxqc$&PeQC{6+2n?8Mx^Z zjglidax@(WO2g&Xxg0Z=H@t1MMK;@JEHi|&e$V`WU2Dt-GJg$!eTkXE`WrG=xpSVL zV!chF2nI>sK=_>=wJRpS){Ead0uC|mKWp81lPhXcC87N>>{!eoE_w;USrn(j1S**- zTjDDi*x?!C8KjfPMrb8mY6Q{;X*j7hS5H=?LnnzuX>4s!?_u`N0k{0i=j0`O;MpDp z6uZmp`nfO|Wgutju;#9!p>4V$=F*gDs-1mGoyMUNT{SO)5k$V+HPb<;f1>JR9&SLfN= zYGdoOq=Yr~Wgi2k2Zw4p_@ZWag#Cc>>iYdfhw_*G@Y4?pZZqAcoGH)AmX6yFsZo^Z zR%uOq*1*rkcE-CRxxh5|E{45|Dm^7gPEP8S6F4+=1-56Ik?Qii{@sw8oTZW%2es;2wU!{qo9EIM$j>9r@*CMne z?#c-YSF=bZ?DlUe+EIdd?(3#m(QBF2z|xoDSe-&{&GCo?P4y{rt;#HubIj70yuH00 zdkWBI{@5aFA0S{B5)yhGd<8##zyUB1Z-Iiabd@L?9GyI3D7n2G#w6zGR8Z?3Sb;=# zOh?G#H9;kQz+HLc)n)>{uwl6Hcg;zAlWCKW>wUIxEAj89)r-#vzoo&)X_(ooe~Mgs zEzN)qkHx+#HM<|Iw!ckB%V$aJ0v+!84j^?!qv=6WMyXF z5rvNN%^ysm34xTd32dypt_H^Syb)4_7mk=(VA_j6sxqk{|M+wuUZCcv3}__tmxqOO zPJ1^Meu1%=#se2qKl11LPQlT*ZLf`0tk-afdEhee2LLo9)2|8mcaV*P^UZZAh;>(> z(7bL@a?Kq(gnj%6ot_gVjB}PH!^WZB(#hG9_#;C&k=|oz zV)T=J-PKa6ru*`>_1tM$#D<5AIhRw!r%a)CDvV?aY-Qf;(^mcNoo5x5cVA&;3LiFn zY@XE~&w?-a-fw-0Ef*+uwz{X8-ldV2zIlk#L@xAp402MIkBQEGQ8u%wK0C;%s>S_y zOba6OB-j8K>7N#sgp;by;fjB&84-KaItj~vGka_h1R9FG3;wjcrF#S1ZpmwC!=L+< z)RIjF;UUV@50FAYm4Emx1yH-6z{T8???Ve~Rjf%7r;>|whk#}Tj+ z54WZt1&Bv)U-U7g?z(Tvx%cf4SSD)y_Pnia-)xQcot&*q7(#nom?@U6zm_0V&u`|x zSIP1wuZLeiU_>5x*t z&z3wy+GjQk$qq?&B!W|dt815s8e2kU6CRq~^2XUvZQJTeqp$7wj8sosXDqKp`&Djt z5?exZgI3PWI)KpF8dKQKQ~?Ohg|Q;qCC`i@B7{7|(I+y@omPr=x+_tBhv~A*io(c+ z%=EHMVprfzNOrq@%FHgyxs)oT?-#!#psaIf0Uyv$g64A0uDZ@~>Y$}0r?i+fT3>;E zKZ)Js0(Ul6FZD_9!3PpF=Hi%7vyu==?s42(K6zE4V#l5$IBEIeCrJd4DuZWktp! zeIs}~(M|nDs`DZZQb#d&VPg`#ey{ck4bCZJ0VhapHSWgHeds%QjJR$~*>|tBiezHT znX>D@>AC=38Y~pI_*{pXNu}M`-<8ljtQowLq*S+2==SweqCrruB@!ngGnD8S!_?y2 zG2fp4Z8An+(***5 z!rXX?;2RKaDs)Q)msnYT`7*S^IO7=nCxWH`9mmZj>GH8dC9BK1*?6+ao&1UOuC4AqQ$xnlK7R(h08msYax6qtQr9hoF=ba(>54)}EExcUs%ouvq|xaM z^p2I1by?3P5iyJO#Z!;~9DLRjopm%#EIEtAMZu;|dU_6DwiuM&5&_D_%%))Ms4in71+ z%ZL~YwWezGnG9`w3i}2t;|`-09~XAWPpc+l&HGhYh7kSS`d}jRm%NA0;D8`(pYZ4f za@XpxnxHK`*tIU85^P&{NYHTC&3LMOI1A3G7JUjfI*NwtU`q7T7j|+e)>G)+^U6rq zQCSs5hinpiM*YgixC`&f3*X=hN*->TL0DqB*)$Ab-S(rw^Kf-9oHBQpD34v8PjN(9 zHjR_?`X@Rfx3KDYcL(wsl3)wk2-2zMn1*nOkxvsM9UInX|Z9U)yfaY6aO-y2T z*QE-nJ~+mz1bB(~{0DP?6xHs|FODM1f;p{e4?<&3cJiyXp4Dm-Uea%Q<4N~IZOaRF z^Bv=krAwJQW10UA?mIWU!h2H4T&)ek&sZ-IgR|wj+nJ^VT^{q~U8gu7IY4!tdhTR7 z{*~JZPG%u48+AKnim9x9*`t|LD0NZOpb+t>%-bY-RY|GjFzar5Q}1qW@KajrUL@Xo zEJM&QCr#Rg%Z*sbW67_9i(LW2HW}1Tz5$}Wo^3*?V+uvqG%>OXzB;6>r>v?PHUNGX zqnaW*JZ4(^N05ezMjon6pUynwhq3=#*lqAL?Dn>F**^C<+q_P^CCj0ag%Re}OBIww ziwN^jHoEbFZSQ`YsBT4pTi)YjmdKnOilo7G?VYYj*{n9IrJ!u((@*~Z(c~qJO^5ZN zt?6<}7b10^hz3x#+Ng%Yc{Yg97`N1<$Qvhpm8E5VWn`SBeqMFQky=WOy5$V`!4G=I z+jYaOo&MwDZ20npZSsV#YthD$+TgQ?N-`ui*JPne|AqlfSO47(Pe%08YvY>jR*On} z(*`P6m}r#@*6wo$R+^PEu+oswi~+RlwblBK1ec8=FeX$vm^&F~$V%2t^C25mYMPjU zDUBo!;;G(qagSF5PrKQh&tC!ww|oao3MbUb&^sbX*~d+tY&~Cblq0eJl3bOtx!MWu z=Y%7LI@C8^?)Jdy7WDYX)QO0J8Nx`1Vi0B&=M`F%O2lOTE#C&<86e+=_}G3|-RNm5 zNz(0ZhMV72cX*TF#(YF2pF_y+FdXsk+A<^3Wb_>J3l%xIq7I0J4pHO>AK4*Z1 zXlo8*0?!!29l<|9dw0S%z}|nI(1j7H?4ZyDAPgSO20hvXbmH8_ML}NM3TC@QxvB3g zQCMPb7{1ZOsUPV0OKBn~p^qJH1VvqOb!BVwXe5~om-^N@Vye1ia=+^m2|f)tgyoh~ zz)!k`9#UV|uC~2?JIL~gJkPcFvvqEZ(Z>4|Wj?#>EiQ+=ikd&a26rr492sw;|08Vn zT-yxJV9XM{DI2erthUNusA_fWrwR`k%vmoSi0S+p4Lh9uO~Gpm&;6kBLAO8i*wG01 z$)EipmmTE)e{lUj53Z+&xGT0p0HI!aX7(Vto}}t+HsEmr2$cX6=H6YzBDs7lhl6Pq zTgQDo1=+Frpl)|*)V!vyg#EO2Qe!#0$J{*dOl$^nr3*c&dEll#kt$AQI+W(>kjyOu z1|{EO6+YDmtAT(Mq3Uc$OwSn#qxbrj15_%l^a!p(o{yENc8pLhjAxkW7YXTZ(L?0B zc8N-`xfgI$_6@sboZENg-Qqj)-Y)J=F1fpXiYY_+T?^`jIe6ji=VK2k=#B^)Ecodk({g_t|YD5ooMBb z?3{^k0#xhWQt-%(sM!tOithH-T69-4N{~l;36$`gy<9w&;|jqV8OMtGZHPl~m#Jxvch&k(4Z^g%TRl%fBEgM?Srs8x1$6lVC<@ zw1+~0(!dy&OX~;d9@-AcegbUVBRUPze#n^@x+B)-77ufUnDroDYg2ni&xc> zAZMr;E?906=MPetmW9RgZKmcgEf9jOmu4Xl-AeWoD=Fbr`CN3hrFBqrC*1arfj0>} z@as94>9Q|faK6yXw>#bZTp#Lfb2O5>UfK=zBOySJ?;KIIsZaRwj7RGmPO z-c^|wOZ5^}DW}AEmmgZKntLnS84VwnWRmHB$aJ4`OMyPbhne$z1Ja6^S!GFug)vzl zD1x}WmiNt!b8+CZpLhNzmhZ!R8R&d@$(fE60$c z(D<$h8J?8RMnJ;WS=*65c3K9M3qAa_C%E>|o+Y|e<+evRO)zgUdxWxFpi$b6hze(Q z9ClE$j`w#mr9DrhMdHGLAyfKM;-)_&yL%TP*`a|;w93J$abnHKXYZBLi>+N(wx>*N zUVmobabIEu#`c|kSB-Lz_;@JU&+S)L-!c&pgedy!MSoPvp$1*ePBV->)LNAd-jDi* zq&o~07KPdInRenNT9si|U5Rs#-%UF?n;qe1HCq~}svHH~r<8Tf;&{xYwHIoHVd{Wl@9RFxc+woVF)>!Z?-blRtmU%g z*f+0HEfB{1+jMalZ}8PLJIJcv=r(HyN+)1J0hV-IJZYvBI@pG6)B&142SrP=H=uSP zM;C(0VX<4rHDn*FhQ0d68?FNnV7wN=iuD2?bIhWEoEIk%8!)L+`FSxZD zVB~8)g!lGrAK|{ylUYB!eXM==nl*n%@>H-K#RI_lwVt6^52CU$(<_pLbn{bNBJt67 z{)tZk5c z=}I;=NMBSQsTCRvv{!r{(1WCLkE0+}zE2zSHci6(%sE(d-nBDTaD!HMA@m+j{^3%6$YX6*Ek!GxD8JeqA)zmU_;Ld0SdTOa5I(pDZ0L$biP(TnbBu0wzA;HJvSTM*AptW|{6)0+V*JL-HtDGNtLV5fI@4vDEqPT2kl~u@ zhHq2Khqt_Bu3_v1>k)nVe@Lp6|0Po0{nh_6ss6c20Wbz3HkeYDy}oe`Q;GLYoPY)Z z%4T27=EHrHX4Ki@pL>%Uua;76| zQ{-8##}YCN0<^!5C7ViMu@amL@c3%CmcSJlX3gofQ$la+mt!fmo5Vm^<^$I!hh+7m zv=`cAtVID#5wRW$38~G6D(a%`2=DT)&RF5+m+unm7_D5qhxRHvD?+_IufD07lgy3i z_+m~%_F44a;?LbJdp|By0d+~Ax3q4LyI~beS4WOewiv&rMfkRx?)03}9kl5JLl+Aq zwT}{)-Ee^tW4S;BYyt`0ygC_N6fUYDDk6 z3yHU3pK^*`q^-V88i~i2%bi^vt+Ajq9vlP`E-jmkn>HEJ6tFU{wBUm4t}g0q>$QI2 zu(m9ehC^KDm+MEMC!W+?XWYr^W$U&GR(#In93xaoe&yB8HfPZ%eaWRcTXIzQO4^&A zV6zswi?!DaO>Vy}ZWNC7?Kin4ShIRE&oK$K{tt1NrpvB-c5;~m=I|WNRViK;_Y>Cf zlh=k8_Wab#^7%)IMdJ*fA9!6S;QhVSU^E zYDzBbO$c5f1+uWcjBZn*%IlpuuQ_vN5GaB?@LheTx5#`^1g(^($;`&z_%TAYiJbFb z9?9dCo;q|Xi6t>w6z=QM?q+elx`h3(?{$3iQErW*G@We3ogaC9|J5&l0MzjflR~SR zzXR&jaX$g|OHMu_bNoknw2hfwng=8YeC$s?khFky=un3xyE1H1_kr^TTl+^-Zw6lS-yMdjS#G ze;(Dp`5x8ZZ~B|mzlqsywsQNb8je7#SpN*`?;M8p(ga?QqFq$YNzIF^@l}tX$|iYL zRGfCt`hG{J*rm_y(G(S3iK#6_>!}LjzO>aw8mJVeuFVJmXPW-h7!Iamu4{I@8Xu0?3upy zZ6k$2qT<_#LvS;rrp?Xd0A+e!Le1miT&V3|lznFFjK{@4>-yw%KleZD`V_^zE!)50 zF-MF3h{q%>QAvv3>1I&-fyW3woKqKfFc>;7%Y5qg(=5^3)-Rrm3Ev{u+OxR0LhRV< zUUH~c`Pe`Z5kug$4x)krJ-cNJj9RIyx4DjV}^d7*JqW{NYEN(J>?6lTCR`R zJfK*A7cb1YyzsLBpC|VB4F2uJ9>i)bddpDdAMb?I|GjgLB|c9YNyB{W_V4s~P8KL( zwJ%%QWjnBgu-?MfLByd~Bz_}u4b#nE{s`1>mz5p)4Kugz_tafdocjTc2UNZQ{oFl< zhtU-XOAlYKAIAwFXJ~wL;`>oR<(mai0u>U#>@9(PKbWPy6)t}*m0Ma`TJ|HYjw8v~ zT9`7z6vYE=+zTHV&{l@SCGY%XbP7*|DbtG_PXGvki6Pe>*aJDaK*zCqgYJXR#k0qc z`w7TOeVZ?<_S9qbnmIdM1xt~_xV(3)vnBn+*>#nGnD(bpiKkHaL#C^K)O8g4vLa0i;}t_xswuyY63UU|T=oyo_ox{C}&Tm$=z2l)aE z($78;>1=ycUUPxyEv)P@daMxb@a-gguh|%p9!aV`TWu z8t%?frMR|du@|4Tx_6h=(GcRh>)_zEC|j(2%a>%l96Xt;nshAB$?KdcA^xQJW-_l& z7=wU9b4R_v#tg^h6?afTeTbbISCQb|ZJ2I5p)s%4A^V}8xff7T{5^@6fBml}@ymZr z;*I`U694ocXzxzy_P^U8`egC{5=UMx;c*faU==rTU&S7C1-Ttk`UVy+Sc-42J+4+X zuoo~J_kHJ?pP^4&mZV(BoJ&gmZ4QOC#-jt)OoR0^PHdIAJLpi(u-lS^H<|KF<=w(^? zMcxs*$0L@&lGE;^imwNx}6MFIVx_vbwSPJgJ06bJS;_-B7; z-|zjQUU1>a0ne;@!yEsMl|inoJ-qjCvNDI;%`D6=A1Pl$yN%@TrOrDNlUs@p@7rNM8lw*pH8XvovnF$b1~i7)noW)xc*c+OzKbJ`l+S=60Sd3{8z&D3EbZg z*PH$lu79V=?Sz@l!n{sDIYp1Avi-`h+5|3@=IwF!zEiM(dU{$PBUnEg_VnKYVIFmz z8Z^-DCF_64e<$PK$mxn}E~*NNd)3T8io0Y_~c~9e2g}CiYT}Yg#tR-k&f<+cp@w4 z>2`ae1&+Tc*Et09%nwu8*)v8OtSDxq1cgj0MIMUrnHc_Jxh2v!^OwfXTPS2e#i8QDb*Y_*-K*sE zn%S^Dz3XL0NdI=%7&q)(w~zpmKP=Q+&q33xSnYhUY#9D}03h3ZP~5l8%sCq!#k=h( z6>Qrf&Hnjp@Px^?(O#qLawuX@yWdNgrf+Fdd8o09xKG>d*cj&tLQ8txx2_b}G$MJQ z5Tq}#$>&|bnaL19(hp@AyS+QgF#iE6kNyW#jz0erRDO(O2UI>C@lzPae=UOapP+KP z>>r@=kANSba^}s|#@veCyY!6j4DpVb%Kr5WTyE(&l5~$NBM6lt%Oun$s&Pt!zs3g| z`YoTEotY`sM1jIK?^Rz~WRQ`aZEa75l55y>Kj(>0FRJvzSHBI~RU6*9<2gS`Q}r2s z*IfMlJ13q%kYnq&)EKj6Hx%SXx|Hx>%Wii7{zo#Zf%Q65`F{;)*=1>BxLb~xXPh!g zJ&;0Tqt}z!Y7Im8eiiyEH9nsBnGZYv|04DO!y+}bwc@z(o&1xsgDlVpYD-OH|F=2^EVXi_Z7AkcDE0+p648X_OS$6+qt=A79Q5DxpKySS_L)Y z3E_6^heCr_ze@Y$l^ms>28l?Zy@RAGz=^^+Zs!A2%!C7|NHL(=o4o5z0MHIC#Nl3I zclazn0J`*KxMoZ?T-Il$tewxRRurXGuUD192bk&$!fNU3eIC%rOwg3qqRfYpEYj2` z$to3ES2`Wu&6jpFH}r6()q4CUAVk+>j||`a_Tf8w59~~^FYT~EcFoP;P=8$?4q-@` zI^XBc8K;Pr$jZvLBNBSo2x!MklsJURt_8z^l_*%vX|41)I%2>DGIo`^-N|G3^8S+5 zeb6~;!OQ=)Kz9iN|El5Sj?2rq4J}FOD;)TE_}=CXfGnjw68LgO3Zo55tCzvebv%l8 zcH0z&`c8?_Qz&9-P~Vs@Dc|^|6+;vfSD4wh|I}g9K9{j_cU4=!DcBLHAa(O7Co|nIsnxQ4~ zNJB0|TNbkp!z%IR(r1o)&?A%)+<>HK1*vykkJheWCL8#`3bxg44naYqiqT={ZkV|o zGNgHhdI99THa>F`-&WizuocQ*Z-mTAf$=!4` zQJXrIc>;R9-z_@MNUfxfr8kg+^5|<47lRD?fTK2$10;J?+DiC&5&a$4ku0YK?c}<% z8WK#AxV_-dU@a;6X>O~jNyz0hfy;Lb+>#72KF-rD*Us7+!c`Yquzu#?y;5{-g(7#0 zCzler-JXh_$tg|fj?tj70U1~1Ra>azhP5GI_SKf4rNk&g39N7EG^geC{fA#HD*P~s z|Nh*IOwCQ}fTTRLQ6*398V*|A&Qg%cabYus$PIN~uys4=N}`>Q_VhlNBB$n-?{zXx zC>ii-Y>Pu%_Wo)_znmFqU-jKKkn6*>NC+O;>FE};@u3KI9Z}u<>XlU=%oQr`nwsmh z3hO#|VqwJ+oupABy_NR!GAS-EokPjZfpKwGlSy%!SA26bSIYEFBc9Y09~(-zFnwjU zBXWF2xlH#UGjC4h3J36*FU)SBl3yJbdX^8UC6=OO-;Ib{?GHUmW@})~ekjahl$5l+ z6hAKTXb5UHh?Jt9Ixl2pzr|iS&m&)Yyi+)pU63%>B$1Z-(iBS(zNS%tP>Y&m*Lj3%$1^$XI0?Fl|z>$y!&gIH#(xol1D?V~_>5a2fOMA9<)2!yq)0J!?I z&gNhrba0QItm5?6y4cQ{7YMqienMB@2kZPMp8XTpY?{G01cij|#q6B_ppx{h)M@z_ z+SNt+Tli11+O5JWuK}H3x)0`;{w)k1{8g9BKK^S2J?R-M9&P5F65SoX{`r36gz(Oy zaFFc<-;e>kU-@zqSliT>!lk_t`_rgDAD?;8tGmZ8>B$4ZA65n3IzIaRhKFX&a`~B` zY7@eir$-&*p*u#KEB`h|T3|F?AaUyL1@+|~xos{QB6#srUj25eApaBBduz8e-za|6 z@}u=ks{M(~DdUvVPabLafIq+Py#4qOy8y*+0}?Nsxbe0WOa5YAUHo@ptK=j2dY8z| z3M|+rG_X~(nxkaH#HOm^X-aNm^46&xQyv$YJn&rL1gH<3*Qe^0i+<#*cNs3Z`|;p` zdZmx2Uw(8tOq=T+8Og9#CCvLeCHwdmQs+}ro@UmBPgFKurv6Z;^AYhuSf8s!k;_19aIuMFa@}t+v=Ct9U!;gPHz222s%Dq?N$5vYq z)yMX|940ENirqZjcE_)wXz)qb6szyLVmGBOv{G1sY0@6Gzu@p(um5G`laOJ`?mqF4 zK3~g*7!ml!t%?k~m|b9MmiD7kE4gn3TYXXmT3%k$yRVi2;tLMH9esuCT`mG-HR&eX zyt+?4YG)Z}JhBvjZ_#9Ydh@+`wj6(XL(#BeqHACY4|DqBr%V1rT^)ZW*fwR$8Blt~ z@C#hGH6*CLNKL8msb+;R_X&r{kusNyr>27DmVq=bFnaMhx`LiD#ClS5ZpUNC%5*eq zwnZ3nQO!sR=}688?B>L&*Rg>}HeGBvLVvLK{oEjL85j|a-w1HA)LMky@$fCo$tP`c zX;Uw?2WIuJwBZT%`!pDdY@gkQN>uE~1>SPA^m>{tlzdqn?;3G9_~X9({hw>V7G6nN z)&jc&aA|p?&WloXkDaaqyfMJ$wAI@K{YhJA#3+=cC)k!n%w)!_hf7M$f~8v2QbEnU zTt_E!Wc}PWa$fP=2**z%sKGl(fZvNBk<-@2-Q&Z)X7fJc zo7HWW9etxEmgD*w&c)a2s8IY`{G6t$Hqm7!SicI{t)mVaBYWUF1@a*t;u z^G&)y4H13hdhNu9$H9IsPn3M(^1*}B+6@2K^*?WcjJN0KzfVrTYhtTx0-)4fTW(4@ zPAefF5!|s^*%-1m7D3IVgkUx+S7+RA7_wFBwvSt;g9=Z73Ct9@|IV!bEu=WbGi21- zHFoU2@R2P$@XuKg4-HT2KeqKd9`A_V@7kqt*|y5-_R*h({(lc#!fk?f^iaA8Tj>AC z@u!*qYf8ITzdiL=`1{}Gf`ymbL(&aD?EHMuPf{hcKgRPjVPK3riIRZ{JPkP){Rxo zN3>gCmZ*DCwxj5_geP>n5CBh?lRxstl*;C2WKbAGi#Qz++Splt38EEw?hxgy7SM3E zVdB)BNZ6)JuB`Tj8>@i$0yIvQe#$dg0W(;l$}qfK+kopOImw2|J;TVeHa(!n;huci zjQ-`j;qgSIPB7A<*yB3!fkMG^cEtVdx$~qq`Z)Rd+EsUpW7F%%o zRdW1{=a@-$8sEcY@@cA%oa{6Jj^~Jy=VsGL<8o=8M5Fg*3Ve$_y^y&Kz(Uh>9PirQ z%%c8*0kNi7YI!3If7hHrp(UqmPVrFgUt7_%5A6R07@&>Q(sV)>V%1YV&d#s0 zpoj)7aUq7mcc#4>AFzXz!w|r+6Q?myudN&+T<5?+TT5&5Q`=eVnULzXET?=@$lL*k z&y}6|jv)0}4eJ%E8guP&jP(Z76L8nWG{Op$mJp{Jt{UvJP^M8n+pe-m7@yq2ZUnxR z3*UF-@c}>k#Cse!5#gP$7i+nT^|3lbDxdaTMmZ!xGdksn)P_cANya62YvE-EAH1Q` z%B|=XsYJ}!6qQ;hY6rX{usl=rz*1`E^Bn{wX>5!?d#xu5O~=Y9TsMdTyn%Hz>FVCW zJ*^^I5yFErlPdJTZ{jMP?rLm>Uu)iWcP{OmBfmEBR4qm6%6M&I zJhei&+Ln43dufQASnX3TkB*%V-yJ>;%=}pPOWK3(u#HCU5gJYsdw!@iVm$Yr_}YwY2Lg{hHHzU z)24<~Q!&rLicXj%mpY9Fv`pjXlz{N1%pi^N=z!L0`|?)OfUy!I zm=oV2tM3$@b739+sSWT1L=eLO@@2obG&ZUSLI<;EI*QK8Z9XI;Zkh{oM+aO*(0U*q zOzT@!{V`f8(3oc!9PC9~>CtvuE4QP_t@}EShtYw9ILR)CaF^AF+p#UgxOp4ECjm>h zxh6U9&M#znHQ4&Ee%^tKj4<&*+v=JMW#j<4K81c4)7OBjAYFZI)4RK*?bxT@5_}Uo zW2+%&*dj;HgXB$yQfz%Dmy=XE=LPuk;FB{&TsCy5&9%YJv-)GoUF`uzlPdOM3#sT7 z00Y~;wEVP!X@3;=EQ1Psmk&Iyi;eB1V2u>#?W;7*= zfo(U3XQzsKCxkh!$a=56sRewGIl5Hi$EpyV<+|T#LQ|WfWdJ4#x@$BJLycrY?YnXE z->a7XT$)o2O|CvKDnym`rDt?D9B=A|Df2uvh|e&6ZKm!UeSM0PTrZahCGa$YP~nbR z6WuEJmU0c;YtrP`L-9hLA29DH=}?+=Lo8Y^m2=Hm%dO!o=RIyMxOHGHZetjcD-iRC zM~l&CrwzA6S$cq^7FXjUxlsAfu?F(o?T7715By5phL%(3MoWOI6p%rEtGOxHX*Wf2 zJeMf4uR~*t_B_n@!W%n9%$ro|Wzpb~AYI$a<0%xI7r6VAwCffuUPmn?OH)B}zeV50 zVrk!WX#%BzPh#fO8$Wp3T@9>jsY~eKL_c=`dsz}q-w-G08XE?#SeV*fY-R*Byw8w) zO*yOwqQGdl_QdGUE@s-OtLCEX%gY>$Sdn~^F!pITX;{sUQ_UEQYWm+aY&lMlVCZ_D0vR3n!z<2RaUW;54j5l z4Dxd9H-REAUdTmjQ0%|8KYm;5xAF-S+Fg?MN}>mb(fR220ozVXuP<1!RrcrnOW@H( zi3s95_29wTO@|142G3Tbw;Ql&Am4z^a>2E5Ikg3tIG%4Hx2zn3K8KAs(&Ceax3H=N zzPXE~iKWkv(V*+^VKTYxN@Fd z4oril9L-dveB^xqMIF&a5_^#v>^Et2U0M4iargTCTpX*-uRN80bMe-v`2^;m6$nm9 z2``gkeM(9GsUzZF zjFreX($}VG*Ke}&ZsP}(sIO~-0|su}NW`%2&=Lv>&Uif?n+@jwNQ@jyEI+%(=Nz$;8pC zK0MsiOj!ybafEOvGXj9rKkl7_M$JeC9i38VS+1&ZcYqrwvK(Uq@~Z7KvrGCPRh;PT ziFJV@50PIA<8-`x&=^r-Wn3AyLz+};1rg?+-1Ksiq0hQW2W_0_;7FPh?38Hr%$E~+ z-frB8dzE@unaguskjpqo_IiD;VsT9Xs$kXV>cZj&d@q$Zz$^0d0qHM;oPIOcue&;S zvCCjh@=79jd2C((BouaIpQ_rR(pXyezT^nQ36%tg%R2UGr{-K_-8ucQMrO`~&oIt_ z)=8;_dsZ^?YQSz6CgT^QvCPw_+sbHn^Aw! zdPE~u(UPbZA?dKo#K%@7b3?E*k5m`gsv?z6erU{x-3P(i*{X9@MPkwXdy|D9Va*I1 zJUmjuW!LFZA-Ss8Sk&H0WgI58n9j8>7}a*)yQsX%6Qtn5YY{Ey z2Kqp@9jux*5+;+%2BCK0825qM?}{>3py#G;nwb;QMTvDE_KP~bHn;v7?6zrLzq@3y zC4JTTou|_B>+4}-vk>u?wWx}w)gu6jL&V&d+~T+9Ilq>w-VN5#3{d-0skl$QCjhHe zM;I<*aB|C@dT3C4^u?ilT+6n0+v;8OJlU9YxY-{!ID?kRv~EEi$<;V%J;&MHCQa?w zQ**Wr8J3?*d$sGO>-+tpI>f0vR<~hsLIj%!UkGYjNGF&{7 z@r>+q%M_83u_85fNBRaqG3QVC$-)-uH^`9lLioJ@LHNsRLHwjx%(p|8vO=Pz`XG%v zz>Y^xDif+$rv4hDNTQ-(QwBXBn#89^Ox6@xQ88_jluw3eeQz`*ITFwm9@`gM6k^3R zF@>}ttpvcRErgh|utt;A^aVj9Nw>eAGQDU`u73wyBrbvX$4#ISgC%+(6ksS%R^K=n zIS`Mle(2q!jLANhat+{O2I`E%ymQ21NTHivdBROC0Yy)l$)xqU=iaL4;QP;4XkTCn z_E%WFi#p2F11jCf3ik(>oqTC2EDiONZeib@mFP1P*PRwUHj}p){OwUi?RU$EMS=RE zW1ZW@*$Ztm3^RG9P^%7E;1HA_4H6k#8QS#9H?Ce(tr_gShM7FT3`$r{Tk(-8EP)Y} z-NNPKg2(scyaA|E3LA_`J`OXXHh}OjQyXM#eoepZA|nVd94Vs?%MHVM05UHW+{iX( z(32p-Jcbdel`%p6e_KaCzfZUmBS8D3c{aUuf8dJ1Y{2-F+!?D&3uIqze4GS%GSQZA zKx@g)jI{RT}=q;&oVs$k3`oc!jJ z@nu&41sHBP6&|x8TELL-XBCH-uujaTZa}M5<)-#ynml@%Lf$+y`kFh)irUIYj!~$?E|! zhnMh@jU2$jL=Eu_lw~P-0@4&(bs`2l4oIe`J=NaoV9ou7q%=Olol(ftV6O#L4|!w$ zOdUdI%~!XUy~_+YPG@@%MGSv0&~Ue73PufU&*nPJjh^3mged+^&4RTpQMHjC-F zqP=Qo{ag=rL&h$n?78%8dAKU?1xBL`_+O~J*u{6@0U@ksvw)4`6IGbb`-UmK^@)_DraLetjw^mWeP*?1Io#`ez*Nm-dxTaB zt#M@~7}fwEdHd8L6zv_~>o0X~j=Shc^61*tewbnH3IO?-+<~*fRjOJW z1H^s#LhZ5=hUQZ?MFctb1!vpr4|fWaS+=%Y^Z!sUyKF5Xxqffl-C=tAKo*UZT@j;^ z$!l^r6G)C`cYb;tOdCTg(2Hel#;8YCO`_V&H_!&Y{iN>FUWgX+RJv0S#C$U2I!=ZU z8E;*F9ik@N&g9Y1%A&g@kGh4e&|WZQ1il6Ob7lSW~;#m*T-ExXl z5lD{kV+2=4+h}Ww%hn7n?p4e8L3yCX8YRAJYtn@=n%~*GM|RV#c39aUxB1hN6D=)) z9WfDQ;f7~rBPLTr&XjwU*U~W51a{3OKeS@IcZnw;zxDUN`g&mCcu9;_BAu?yyWv$l zu!T7t)RAC1uI2KrUUjOx#t&pFqV7u2{!wo9B%VI#XMbFPw)QczjK<~tMNB&OuW5#i z`j*)so!Q`GjcySDh-*3Ij~1QUPVhU^));6ol< zg4&w~HXz?J0!Zj&vgTeaOm5nRo27o%H?DuFx08Mv8vQjvI~h3#H>?ZiNGxc>K>+p) zE=4L!0gx!fQARe_Ic6NL!5nIJR#h2db~MWKnbE*zV2S$t#Qoib810g0Gm``P=D>zU z?g4=zr@2_BEvY{F$7F8V7mAGH--p+ndANT!7998a++&1%TJ3EvE;7WaN>sPOwEn@P z`6~f(u0bjIT?s-;$%Y@fuM-6>1YQY7h8nJZuS)N0O(BKnjJ^NLq&DBwovIc6<6tSY zw_icOOC&zf^daHTJoJ+u#e$F8^*OuK9gDxYy|H_x$o-{PZ%@?OF$C~9r87dLHe&4V zXORn`?r&Bb2bu9`suCO}9~pgNc`i|8%NcbQW;6pB=S=w0AK9YM-P>Lc1dUB32n zVk5v#17>T{E31dn<y1A7iXX34o#gsC^>y@n5o;GV-cHL?bLjAvM%@e zd){v9Lv)7Q2gb%>crvi#CTnSR;7|K!NS90MJPJP9^hdN-!Tzii?Sm^J(hoE1rRCZN zMI$P#EQgoMQPo7j=MYSs~m={W2@>D#~=*m(_} zIX7x=uL4bn)IAC;$WIaGqj&SQzl3GRKU9LwS0t2$`6+u&gHP|%?##r$qr;(Z)Kjq_ z*olU)IWxA?j|z#VZWcZzFhu2>jxkTGhZP0fOajO#89SFTj%XjrE2bqh$TN@J)0A;R znxoGq$_uGr#CkhRj`^BayJ&a)aI_@;?f#l=yaO}9=k>km^nU5QZW>~7SVuc4U(OX5 zmlX3^b8@xc$8b>B5EP%UQoO+Bf+FTfDtX<23C$-V_iBH1tK_Hy#MvC)#5+W8Cg}@V zy7rdSobwKSVl?wt6QT1+Qp;2qOo;YL5vM2dUOs$Q#k@!vnJ0|FE~$3*aDkE|J9}u@ zenoe(nEH2-1X;qc2VukA-{vYgnCrku$7{{JjrJ+q(~}>uwaki4V_AT_sTA|p*zCFG zoCCLmSrqN$fY6=L*k|!SJ+axaoM-d_H)Q)wpeBiRf-xQ`Kb#Y^)2aEJGmM5D78^Yq zkY#1#3O3+R{bSo74)7W%?KPYDA*K**erLl#9a6+XN&dn0GWp8RE17r6i2ZIC|9-u3U!%(Z`MouB@9<)-+KG@ZEk+Pz9~XurmuxLSB{%}laGLeJquZC zOwu`WXO+qv9aH2 zAfoC^NEA{J(?|Mn^VHw|cE`~)UrVPUcGQ&r21U-Z|kUzI)G*qYW? VfXo-15!&{Xp`Pj05*>$!{{!Cf@zDSP literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/images/auto-enrollment-event-id-107.png b/windows/client-management/mdm/images/auto-enrollment-event-id-107.png new file mode 100644 index 0000000000000000000000000000000000000000..ae6a64c6770ab10395f2f71feea47d3a2bcf6604 GIT binary patch literal 27099 zcmeF3bzGC}-@k{2NU5j@NQn+<86^!Ook}+X14l~d0Ob}z=@E`by1QYh^hS;zrF0|B z$ln0(dcOA)-{<-F$LpnRW4m_k+7-w7{v4k(Kt)NK_!{Lk002NNEA#9H0C1@Ycl+?_ z72N;+yu91EUw95Lq@M!vJMS&v?p!h#R}=>Tib4nvUtY%DCwMKR?EnDWd3gE{Pxi%w zpSTC<9VN9KCG5d39U-Les`CH#{d9CLiU-s znybOen4#6Z!T5PBE!%p?Eu$1c27Vf?s^->I?qWZ3gxn{>jq&&TVxswe=9aA6c_m<(!T5EZfqwTG9w2&>3;pNo15W^!OL<`*t^YlD0 zar^oGjgaSFckoD!OF``xT7Cl=ra9fOX;?Oe`=q!ZpP+EE#tY}SvpXDC4bN{TS@eH; z6Qgy0C)0x0f2QJ5pGeX1!XOGH$j7po*fC-^;r2ri-8b~$1UoS}yA`lK-@~v=aQX_L zpo;yu375p|u3+yY^IZZl{+;Dv7=bbL7&~Xb(tvNjG*I7~;9ViTvodCBu0lvixY5+` zzWC?CWq$W9QDoc6R=Ci~;ifaCIP2-+zL?$jzij2bKsRuBSbNyf<^3=b%FDsVHW3Xy z*pb!OkMHa2YsFyrii?Yxl@o-*CXQBJHhQE_^bK5p2yT!U9N|;7;+Al_s3C<*MLsLa zzFOrbE_rX#@N!RPys?Sklj9?FcQ@V1T7gKk>d8pzVS)Lvt+u{?5ni6~#5e=n#7RQD zW;EXE5&!_+x5UN}vZr}(z&U39uVz@o`uo+f8%tnpgC?rDw$}K{<{C0wXm`|M!`$1s zl|ALi9IPOBlHj#@atU~_QoU1Z7H!2y8My<@c_gSKej-Hbj z8I&Af@*tMhTeF*rjBYmdHiNDlH$_+TnTBXShs?!JMBCN~?Q&GijYfk;C>;|0NBrK7 zr0=$?VTKoKAYq1nBTB2fJ~I=_hxBX0^zRKE-W9BW+YJ+1co4-MB$rDFDCf(=Q-6K; zkYl5z9?P+DG94IO(m<+=+b3w^j$Ib);6Lh3qwFN;mlA9rsz-Kx?GLXAOVs3|YAl8t zt&GgYkmk4XP2|dvZ z{6wDbP7Fn9eJryu9>r$O-ET#GgS-0I~ z#a;fScYz=AZL6$_V!V4R*MwL!qBl_8EXQE_n^f&WD zbLYmbgz!y17K^j4H0mFGK?9<8-lUZk+8i&LZ+IV8P+&z*c1~a!%85uAqjE>Rvekr^ zA#}S;U&{MyAvc@-Pw?)IFF?y^=OE>*i;DJ*P=%TkRSLn4a@2Q{)&*Hu4+(Vz3^ds+ z=tT)^5Q^7HtYyX59c^i&0%06Rt%59~E7<)5kJKE-=1bR392FXG-Ls$Dy*@BaFM#W+-uo z4Ev|M9DpwacT|-W)Pj4XKS)no-xvGhM`&TZLJ)JqYg4g1-~f#-W@XQ79kosP^dk%F z(ZkEwN2yKu9W5RWKd~AIhNC2*9Oir(J?o5MH5=q`ib15TZY1X?<@XANF?8|AUe*FB zWfFSTFgVs}JP8t1pCFc*ovz4Td))qnba3=;-<`x}M*Fqd z8xRoo>yDMVnt^SFZbR(8HW(l!2J_6d3*sVaD*i9$Y##Ym&&hAD9 zjm*lepuSd&M=_XB@VF#Ks0EdO6XyrGSD9^WDs1ZQ&W;6jO>Z*AOw?dULgc$TO3>u+ zi8Qw zKs)MfIoNiVI58^|%t%Jd$3*d+1jKb+O^eS6S9pbekJffPU^h+P?HuokzM%Tgml^P-3_u z{@X}+jq;a)Xp&14kLO(GtFMlOBFP&*D4P_Yn6_O8=qAY+`tHtTn56L*aZzYad~zI~ z4cC^kMTu)R9bm#L@rRM!F-9qD`Wp@1gmupR<6O*qFZd|)dVs^50DqV+$zuk_iO3S^ z{Hk@ro9x$Ki4T<1+wDGO;~NdnFG|^=p6Iqn6=3pWk|C;}yLn0dFSM_#GxXCJ9 zkBIk?+Rj~GO>Aa-{argq&a(Y2K#~xUw9-|#dLUU$!wV64b9a;~nsFNS@tUH1_(@|& zG>5gJD{C;mY5yQM~_VmuliiG{rH*0=K!MaG5 z%Y)wQg>)rW*~*B6=mUjjo_k}oV#?VRX$Bj>O?2#=3M;I_Y^H5XyU0CZk7xOksUycx zZK)hrcZ;br){w)z#MXJ>m0|F1t*&>&w_X__VN(@*_xgX*>Y(=AuQ)H|B8L88X=4 zw_u_^qJ3^Fb4tbw@o<=KfSi;TIjEeFdQl4#P;;fs!g6W3&?JMZI5$+B!Pfzy&G>PxM*%(yUJ}d_nzV&D$8yp&eKp~_LF<>&0UR|FQjSm&C?mM z=$XkCh32bCK9%-9OnXW(b`5Crf&+yW=Dd#Ko7K(|?e-18upY<$))!lqD|Qka8NrtZ zxU2!L&bOFb)IaA0$wYQm@G77W&0(8aLsMGUHa0tM^)>Dvy*&(>I8usIEh}uV&zZ<= zBcb||4T~3a{&0N%r9L#iZ*UN`xcEVTR`ldRCssz=N*e9uK(U#`yC|tGKjYGD!I0~0 z<+W7CCdL!ncW0dmW^dAW^z-S%agb!%%bX3VRLhCr(bprNzdn?u5sO`phBaMsMIY%v z)Gaw+xJ#Oj4tpzG-i#2X6<(#w&3v}?cCt^Km(t$vC?H- zm;n&KUE+`*Q>xFl4$J=`TLm1~#k8ReRNo~H7ehmPzT2ZRHJe27G@DzsrCKJ0Sk|hk zimY|+d2(;HaMbd3U^EjC?%s^%1tht;q3mMFTlWuTv>$Hdy_osyL6oSAxY@Ok{QEA@ zlXCL>_`v%l((~wTsV8nbR@sJSAMPs&QHQNh<%rxxkuLVMLB z)PhXnXxK^fV=vLWiTNvFB2|Da2U&zf`<|sZZK6QFa`l7WLoweWIHXGSV&d7xdWG9q zaN392m2%U%HhOdu4z}fpfq?<5jvT*g_hD^a%h5#V( z04oL}QlXm=t@N<9!U>Win~0KQ1{awaW$zB0noqg^a^0QmSiO`G~d5 zDThkLS&6m&6L`k7OW_Cv_?ynfrD<>Xwkw6V{)A?Ae%O(Rl_quhM`AwqhZEdJb?@G4 zF`W(#4toot!Ok`sv!byTQ(Kx>%g9_-F0#}R(EtA857%haKQ59QFOYIjN0uyjRhBxe zt10Gq_WA_frf6io^ZWD8$egmVn7ZcT85{%pbC-V&8?4e#*2jRmS^I}Q^&Qp90OWI3 zRkAV0ftCugwvNrssffGzJMo zIxpv+UR<_QXye1v(}BZv9u=c|2Zkt@kfXfAg(YuB78caTs6$s9qV8b2Y{$fG{B{k| z`P&!Xu(~cEd)M4K?{0>*Ds@d3lH)H-afay*kmR zAVX{Rnja^Ad1k0WoNFyJJDRD;#rMFP#~M_+Ky|??il4%QYcRzCW;Xw^+J8G{n{mkU z$)tM-RY5H`a38c}xyga(tE2a*{U9eeaft97nSoPTe5~bY3fh(IfDLzLdIXMhsrHu4 z+4bJ9C#qoo`{00cFv2B~$& z8xM;V?yOaihwOxuRaY|?RMb6kX|A5u92^gwNqeXbYMAVO=vH0%XnWhqnPLTiaGgzE zx)(OS&Z8Z>7%j!;JY^cc6@&vP-iJq2_4HzqpCTpZ+P7cjAC(P@!xwPy9}7#~- zGwkK!6)fGa`}&O0#`8mT^JwU(@Q;BCUiOZQW2^3c9=@%voqL~3c>vV>^#$F|Sl~4J zOXPdgp`RML@ZKrM z5C(r>5&7Y8Igv)D%kU_r*6l~S=h61y25v+R|53C;wbYX$It1P#Cz9`FexI}3!r)`B z@ZRy2ryLJWxY;hJ^{Q|c#DCi$4;IZ zfvu%P+-~YXYZ$^vgc`*5>aFAce(6Hs0Eyj#lIiTAn{PVLvHOMO>=@pjpZi=>wO3!i zv2GhE^WAKRY@FYH3%VHA=(yrnfV|`EAA>?A7+W*mpkH#WuL2zlyp;1S2)OO!I z|6o;c&UBA>*F~;x?*VGj&I-X0{bD!#g5r&-dm;`>G5GB88fCd`Dcv7Q_W*TzTv)es zw|tMy)n@Yz?5&Qqu|sOcR2O%#YKF}Np@nucZom47)z5|A3|@bAU0secCt~Lqev@U{6zW>bQ=})`=nTLiy=#HO2!0U>#ZI>3 z6?I?-!6-Lf2c}kKuB-!ocmY$|eh*=sPF#a;30rjwV__c)>!e(`6Te!(cs)Ct|8s}^ zwaZjIN}&^LnYtZOdxM$CsWo8yMpZ&}&#NHb zwgh~!xKVo_3Vu7;D={r&dprc>mrDz6M?xz-lB1~1X8QVp9wF_wHk=T^DtG37(;;O> zJ*BqMjMBiD`9>~=k7FOq`4V4?6wd#YmyB9Uz(>Wuq1f)xsyVebX_Orl6k=e*k_AiTsj``Si$S&Y1X1(ZhS+ zV`7J%A_z?(Vs6!%ostHJ!!x%uH44Fj?L3CP{5MC*9X*$lQa_NFL+pNXR#lefoeh;7 zZ$E07RSok*1)y@mg*JiE@twI2*_O6gX}1Bc#Kv-CU#)uVitP-lC4>tv_aU_g?h^Nv zM9|XG7cj6oR(zm45w1ULs6U$)ZBQJb_At->(`u-##uZ2j(X9ba)~SW|7E|<`Inr}4 zKu&_|#0Cl`LmrmoSeR?h1c#F#@)X+$U<*9t`Wb@r51{UJnc(NW+;qLY7twtKz_GBY zBeOSls5`xm-KK|G6^eFc4=5)>RqfTsWABD0r2iQ(DJ090EOKvVfL6?M*BWjUq1 z=9Z3Mb>K7kpPosf)fwb_mdaa*!<4Dhbh=9Mz7O9p1O~A;Xegv@<`MHT&Z;!Y#7Kul zCqJfY++XhPYX6zVn*LVHOiTMn%3_Ji%HdlzMkgyL2j-_wTx>bWu4^eD?KacO!W&jR z6r6fA3z`+TZv03Tja&=tmr7n4IvlXn^|9bh&O@sLr}zC2eq65S+Ievb_|K$qfDh7l z8TpKN{}k}&VV%YogciK=O0zt#x7@?H)$+~_ZryTH z5T%|C^?Jekky)#UwVKRl<_=BCTI5L-}b2!*C1 zCt0)e00g(m1{^gzm#{YY&?7D|*WC7ExBi4#n@onT;p3q|%?VJ@M@yPd!@;g(;*3!O zL&N&&v)M_z;i~ri8t-k2kM2fn-X(&~@^yYbI?Px0(7s zy|ni7GH7mYwj%o$6}8sZ882wvaUsvGtmb8OU;p3;$prbGJ63?4a_9GsPEKu`U81z9 z7mQ-zp@{Mt`}Eu|Di6`8Tu%=k)6TCGUP)2nAsE(gBV8gdOgXK?@^DdyF6l=Cvl+1~(aTyKAm@7=co&eCsy zPj+(w*?HKXw3z0rwYj+o;^hU(%cC~-mkQdBj}Fq3lfQQU?BJVd-PkA=@;cNKIoeXi zHgSlAR#)pREH2&;{k0^g=+z;8T%-k9k`@(ssHmt|?6GT8wZ2;)wMKKGi|rjeQPR+e znyH#gfI&TW+bmaF+G|;yDbCl;h+&8>ikH5RQVZj$!k}vb2CI9WyqCm|rATV)=|nY2 zZmw;7J{?%;=pf9adyY#$z|?~Du0zo`0f;0@t&!07s^_t0HZm9sjOnXhzDq-_4xm1> zeCax1M>o0CjU}EX<-)<&joUPQ25z`(BY0qN*3dJ{Lt@AEcBC@`3&oy7RNoyp!w*zz zA7dCx5})thtus$gH}9HCm-M2r(I2e_m)9Z>uf{Hv7sQC(@nk|R39c{>ntEQ z)*y+;v47Rhpcy_mol8(P;h!1VukH0(!s{hns_5A_HZH=8b>gN%XZg6D^m#r`P{sXt zMdVZowZH>dA><-u<-r5qUg?_d3@DH13EOi+xkoKrs4GRKrz1&u z4x^QemQG+vuN`I5)VYG==i{}nRS~#>7#0^GwErC13Bpy2XqQ3zgnns|$Ogq#1|P)% zdTPqV7eVh+hoK6w9?JQ=i4GK|DO<{LBIw?4@ew!p#@BlvQ`mT0K+zB0>yEVqEP>D- z->iZbL%DqKYfkj)F$=6z?dE?VN(lHgp=nejGZ+eLo5iF7s z%#;URvTIxF>n_Q|o)r8CrXetrpK5~FaWF_t8ypc=FB}HJ-!w-)2l%|A z(g((qQ8l=yJg1x}e4d+IZ0t;vvb!1N8XVL%axD#43l(x1A6jW`>;1eVY9Z1>Mcb)a zM2$P}i+Kt)G_6a%;tC`fIt^>IIA>$k8pZQ0|x6PCa1sUHi!l&v$*0hZR zrb9Wav})UYjHbOl+?Jb9b=3`Hxv-Z@A#i@rCIu>IQXF+`-q+NtW{BrOvk8nDD%15f z8a>N__zl+c#vQ5XyPg#n_R$m_P7Yr0^9il12UusC3MYF%%`Zj39j&t`hb~C&Q}(?T z%TiocFdKuaE8((mMCCd{Xfv?A_2pnLq?Uh`{)vR8Lr`hLP1UG%$Nv_Zf7<*Wf<2ZG2Rg7l}TW?_a@qRb(~{&Pc>wQS-Tg2b*kEu#~=)I7EIX^+LQ^p$U&iX%j0DzlIr&HIuGmnJ?#Wh?uEU4 za1euwgOZBLYCaqt>-NQZIohGF_cR^HTy^r3-Tkm6k4j%s>@rZUmJkWT07H#*Z?2FP zHgWGLU*Jg1j~^PqPn^ndb<@s^IX}}UX}uWVCUCT0xLY@Y%VdIJbNhPD8=nI zKE6I{&=L#(5dp5USDf1)YwX|SUd;;0ToeQUg->qpRKe;EK0;vVHa7|`cbqdZW4K| zJTR1(F?ZMk%Tj~h4^>4gvBqBia=<-PY;0pj#wIl_dw@FMtsPYvCAL&q7eh(+y zp6)O)R-5GKwW*UuEA4x(cE!SiVSLJ)jU5?Ns1D8N{Z`kP`09`HJh6LrK%cVIh7W!H zJVP(dt*x(r!PMzGdoSr0qYiUWrU)at8OEv*?!zfWBAe8%qlj2?CSI!nwxUc zcsQqd9InQ&jo?!dvsVPWD(>8T4GxS0J05QNq#Ay)?4A6cl1xqPVVhM}FTBh7fZZA( zR=fQO229?yXXDzRkvS-C5`G^Q))KLOkE&w)g9wANxj>N%PrW@_HYTG9w{Mtis$1dn z`u7j*6?^{tD%u(yQeRwFRLYcG6*V1FKSt-hwc?(Ymsj?cWrbAUSFg9176UebZmY-2 zxV8Hx<$R{?GwXKFyFFi#JQYZU^x=lYjNxiZXqkggcKsw=1%~lXm^(=^JY$iYt8AgX zRblJjGu#JrBwV1e4;kWZpkIw>@0K|?R#wiwfv@=U(U)(6sh5}YE$r31J=&P6EOPkx zhL2s4?wqN+B?I?!A}@ATSK5nJ2fXYKiOMk}bu7mIWgO{RI4NCBdjm^`WPI5i;FaVz?ku0z~=9ByWrL(o4`hf4U zFbF%hc6ZU1=7I|QuGTa1CdkXXdrsaQ4F|NMhMtHID@n~nmgfv=7JI$C)Kl4cbrizz zO=r`>rGY&wr=Wrw!NJNp1kkWvA;H0CI1Z*oWG;W<<)VjLyUZwPze$!$Jq>M*mU_v% z=VpFdfqmb)mJb=FVOzAAtCF18RRVaKpJJ!USIa`db&JygPy-xu{p`6u<`>0TBRD|k zRtW&0MutmAgU8MTWFHHu>xAc^s~#e9DkR~4RQmUvo}S-St8=_=c|PJWg+R0oypMQ> z>%Hr_xw(fZ5ZGBNZ3Ba-mJnK0MxqyU{azFP3r$THeSQ5)#pf?CTt!pYSQ4`m8y(F{ zXQXCj$vUr%v+*4t4{nT^c(Zu#?@zQLk;SJ5O0n&lh+E##C%8)!`>%Z7>JnAsS-C(y zmej&jJ});Hxpq?csNSRW(MNeyapkLHeS-*UL1!6x)b26}TI2wskq_)JAe#r!bdXkcoaL3SNK1IdX%28|rcBs! zNUhLXIytEu*m^u)4RmTN$giVE$;%g;`ZZ<9Z#ddLUtC(keJDK7_4a^a{`+-Pmc_jN z96>hA&280>DG$IF)^huNUJ^dcoGkA<;Y&Sw2bLwipkDYw1?ivK7Yzm_ z-F*X;M)z)U5W{|q|6?>g6&yFA`Krc~%pPKdf$rb}xX5a&9HP!EE#L0BQ_S!9>gS;a z97K#0!>vevF3;cX994F&v$V**N#QXsV&XU4U|-Q_P7Dx>WU5x63&JDM|hPs5ci z$iZ9*CM5%Ktt=GYyJ5O0=gEAi(Zc0is8L>iZfn=^!kewbeo6pSAGvfVUWZYva>SW=k~<2wiINC1OQ_*O zFG^NWk@BFn;wM zgfGT1sNj_V$^T*Ts(KynDI&S)!ROsVundJY096or&o9UrjEvGagY0duV8vo3n2zcA z;vAm@oO|5gd zpP9fv&eFRho-5&3w|FeB?(Oi6k65OJm!r?k+5uSa!^_6?zTgw2Vf8B})x%)=gS<;> ziBz>@#=#Q7Z!vcRU-5MO+#mESq0J_=m0uOX(=`;h?l~4Wk-YRYHlIh{jWc%-SC|q2 z1NCFGpOk+OMO-PPQ?VcuguQezj8rYJO69PrEr-jW6C?ho;LI}f3!IgY@7_EJjAyLZ?h?A*bq^QNcG!Be7>ans5g4&86yA5j z6-b7(b*U~DI#I0LfKHOzx zvM$rE^;6sSQHq?GKlD*$RqEW#s&F8~V9kLrd=)W0{x7$dGukUz(AEV#=b{Pa1a~8= zOVa~Tcs`}}2ZIV>n^rfNLGZQ$6`(w25}BG7p`HScr0?i9J?5ndgck=GZ%Qj`cMVOe zW)l5hqUihQQFO_lQFL8L8m_E&W4D3OeJoYbk>j}9IJ%^Dr_m zC{2-|qwInA;mQ?kitV7hwRIk`0mNI2aylmAxcg7NQ?$zfnn5&`Q>X-YeTDR1nT!SbJ4^yf@7!{HR?(dlE z>1}>#cW#WmK7uVKao({WZCAoY&XO7|_z6ySGd_-7{z(+JJ5K$a%llu@MoumCRWOTv zm0r_>YXsv1mN=KhZM$7}tCeqnUYw%gmKYj!Y34fD`1X3%RP{{6V8qi?lZ0n*Ti7|G zvJ?+shl7(l`WivJcF<=!4h9Mquy1PC6O}?{@rfo3n=QFc%_1h|sPTap8)9@iK@bJ7l{#8Hy7n+8)f}Vz2T7`JI7z{PKzyD#E=!s|OH6LrU zr~8;yB)s^7M5N3)(jC=(jiK{T!^^=vMQ{8ceF>c2g)>wYua;dIC^BieYV=EVkofJF z4)Qlsyw{MvPieG_G#ANDf9V`K!vlzn&tC)Re|9EMpFf@ybK{pgF4mv&%iaK}@p%1i zVyJUaH^$(EnW7?2Z5^E`9FQpPtW9tb6B9f8*&?t~QPI&e>r*Wo3mJ(>4zKk$ef|A% znwsQq&OH!7ZjEEhDy}$vQA>2chY4a~5k6Mqf(oiXDf8SNnm{HZj$LrhH*1&hZrt)n zjk1BIsM)N35$b&1090RbX(U1Nz!&taFXiwH7M7fi15sAw8VwtA^3-LG@s1`3w**t8 z(Hp`wfjfzjob*s0=np#Ne9hb8km2ru$L{1BNR zwFPbTHZsES*1GD|l*)=(At302AEtp_hgT@BY!i^5zE z_bi_7((|!xpk71lCoZs_cukVJtr75V#eA$vuRT!saUhf6cvC(`>fyj;z@zLycm@p+?g`>EGEBu+RU!5=t2+L<0WF4EA{oY^iXpXtPgW}CR&kC{b==>zGh-cx*+GH;gH&&O5Kbd=Te z3O?eBAEp?MBZ^PN5gqkcb7EJ0@&#g`fZdd8E%&V7^eRCGqRb9LGw(c@GEViZ*`c{5 zH4ksT6$^b=j^d+_zLGv>ZixG+S*Y^Aco#$cfA=ohk5UI~($ks4ir%ksnSBywb>W-C z^$e)k+08Uof*_-Nlew0NnU5U}#R>1pSe*Eiig7XxPEHUh+?pN`!R3Y;)8;2zV(!O_ zv@;!qd^1Z0^-%?geI!wc^@LUk&Cyr(lzJnr7!Cf>X^{&pPqup+>@uVujcc(;OVkKvC!oLuYU_NH&j^$u5Ph7TJRJQKkIvQF2*R1lbfa zwFunLEJ@>Mjl5Fyq62p@p2B-sUV@N*xOdfVny2F$i`&L@fVEO)uZD)kauVvaapP31 zhP*G%(OukAq6mXfyxPcCzyP6NJq1j4x-TtkZ9{q~@~9`#@vZFzn^zPq56?7U>(4*7 z&70kB%v?B=fO&5s<1SLNT8KP12qsT#{?F;Q-{Rk)+k~a@+M53*-9CDduTXsh++V!O zW@t*2zG)^(+LAZeCE=*EYTqktFLf->rHX9Xae78~>1p>xsT3Z}0}mR2ojnTA zY`XCw#VZ<@slf+&x4Q8!kL-LKBP<(z%#xAMJM3XPixr!*4A03hV?Yx`tAci!*i1gL z4DnEL{%1}_9PJ_dGS4$@F(ox?P^c{^q_~r-ED_IIS#?+b8XWovlE| zTEA{NH?M*b`i~mL+YFlT+}BvS?D?RauCuE#Om#Rxy4j0=P>>Ctum=bK3MMCNq1d=en|yMP*MfF+({!pjIFI7TKr61u#QsVD zZSYGtbzGQ|N019De)d7o&b>2Hx+>Xblg|BNhGA{xI+!iCp|0bv!7oJwd{exmAV5A{ z?6nQo{>@9}nVI%ty)Plu3xTN$`d7^8$Qz4~QOO#j`UsQo&)p646R zY%qjFn3m~Dba^ofSGmYm$C(r4Vecgapf;Vb_qpbXE7LFkO=IHQr`1*)jVm8r5tkFR zsT)8EB%__f>6SCXr=W_LdkU)8jKF^fRWj>=b151Js^cpC{{X6Xwk69VjeX&-JSCLc z)ZJ{2Wjeb|uU!IM^Jl^5UL>uakNsie5oC64>onO#K>W2=KggOs(B~<>RRZhx5UMVgscZ6#O*BX;CeO!^j*s`0@^hwoXRMIvCi%V=3{s~f(Nyg-F zMf&C4qz=o6q8!JpKVI>F;0Cb%tSs=6;OG1ZkV*~B+;7kpGYMuc%0Zq`|bd*@#=Ts?a}YrpnWDn9hUhFcTGVx6i051=E@-leK!74jTn~yAE*(FLE?Frtu_By zjacE#5ScmCo?}*#Zo(5QNd+&{t$ZML0*-?f8X)xV+OxvcWDLGpIm7s~?trvEx%5vJ zLg5b;!rT9s3c(c+0~}$LRq<7eHJ|UwsiBNE^SAySb|->U0q;Sbf(i-el>VvWtgGbK z!Ora;505(F`pIMmxd`}hM-#|aovV|2YBy^vp+Pvh}1OkE5l;l zD5$7P6tC*)AQ%N*R!e!Vmi~Vf{r@O>ilY9^j8SSDY&w-h2y9n#4;EQHR{{|TsVCWZ zf*audLQ>P7|1pxr{Rbo^{I8Id6aw@W7G>}?7kJwhGi>mGN7DMA=>HB$2_+lw0J_gS zDY%MrV=|ZFq3PC%(@%#>tisx*q`Cc( zx3R;b!l4QE`_gWk-xRSpuVyBv00C++8Q~j9k@hY`&2!w1N>?Z0s|o?|YX5^9>`ry+ z2DAQmZmDX7U zM{qlX)aozg)2n2KLBCy)#p@`AFrE1L1%ZtWTUlHu^^w=TnBN;C< z%>CB>&SCDE%J%D8&GZ#tt@lJ8{nve&{bzr(x^}iLJxkAt92>s13Cj?iwNcnD+k%rF&jV150aM`HlVs8l^NRi2fMzb`4=HLx8l3| z$`xzL(K;0raf$t+g{lU<#y@c@>_2mXLn90|^7Mv#e_CRtHrB@0clS)YYL=o;A`-ir zQEXJ^w6My#ok}5r*(cAeZO5Ts%y885Z(6}WQfa=QTfyIT2xDSh755vR9O_)(j07w_#D}ACU4QLqQk}F3PG6UAIufClzXv*EENgXFxfvm) zbDzMf(2Wjar&xtmIi-5n^FY=^-fSlslBC_tuuri3!~`^RPP4$0f6*8Q(h)d~!M)*~ z`rv5eolt!`RGp+Kxm%cdw5p!=*C|r9WH!u6=xz6Q#P- z&I^^^sNnm#I)+_cmrZaPV7ZHp*G^QK@}tr#D@>hfjV)xk5%d|;*|mI}59Z84 zmx%$F8zV0&h`S&IYwnNjPqs^1aZV zFp4D`=pT^7O(MX(Y!Rwo<2jq3I`lB1L zdwllAFI%|I22EWZ{fL=ZSD5d<{z3Cp^~fFK>#`dF%(FztJ7nK`Dx`QbQ`Ph90BQIw6jjek5sw(^|mpNjaLT8F3P008C=K@3@Zr? zPNWHyUzM^t-7kn&REBbHOXR;&40&%(ZeV4qIx$^+xhI?pjHu+X^)|srPi^ngRooRAq1;!$>7O z9@qXi6~m5q-u?%@8pCXAs7c*$*8b;mFI+Io44+4_+&l1lUM(+YU!tZ94||8o9-FmF z^W)2*TOe`%#y}US=VGM||3mofJvctKp!ZJKmyD(~V!$H}EA6syu<}a6H}BQHWZmhY z*3T~O!XoRNHcVLM3z4nnW0jMa4{jZe(nL$Q+ zWO{0Z7UhdiI{l;Jy>s00wdAv+uzETH{dp7`s$lxNkdO)dTeDsu-JSENWYa)@CA>-5 z>r20#KbYzMe{7^n6LcP=)S~>d-xH!FtEviH9hebw$-BzpS zOee;n8#)J^Tx%cnPv>sI{R~~jHQ1a+)=|8)eXUVC+S-v5Coi9S?Y??`Cprpj*K=4? z`$*7vITWXC<5b#{+(3eboCU5EWuwm=nO6pQA2{G9*??1pm&fo@V77?ycu{dgW$>lv z1+rXQlKPGA9s6XRDHAQfmpb90mc0F^LbLV!#PK1}N zuA_F|lzG?Jxt4n8;${wUt6Pz*;u?5ZU%lhU%E8taPH`uZy{)%NGOM5f*By8|hX$km zoc~sEK^sP`p1Zn;ig78`b~!q$jA>zFj~FkzG54N;dA_v6N?xGp#^{|*vBucl+Z1XBv^(x_^5o8}qAM~=H2(CVX4Wg$& z5(D-LZO6-QzVwj>AooB6SgT~Mb$bQ%n?EOKIbAKIO*ft*FS@l+ozQphjP6>vq_6-D z#bywP(`CZNbAB=*RAi4)akr|>Di&gDH>T=KQM9g`a|OFKi&*{S?L@Z2`%2#X&(jvlQjjED9l zOtC-dXSc0m0PU14KN?D{J($v*R(N>fMcUqU{^17x`)TlQ#ywZn@myEHdC%?l;V4G` z+kL^;cv$+(914ya6*x<;yig(&&>UH0999H49m-Nf8X`kNV%7;pn8y8vF0^-Y!9?;ZE>@BdHbe?#iwz0O|JH!t}(qaT0ZXsy9Mk_$P5QV&ZimN3?1$3 zgglmkLiv7t$7PA_Rbk9Ee!4po2|^Rv-u1jatbMm`o_()I4zA*?kpSl<2qLyQXV4rZjOAUJNU;@H_^OkX9dcLu(%Dn@Fz|p)O@RB2qvD zPAvDS9Rk?{4$Fd-X&G+2=s6vR%-q(`pg0)>0aKihji*mKMMSm+%??%CzKWf#tIzhW zUdAXwvsY{>JyZ(-R8Yu7ScT)aBYx}ei&UF+mcm-XFT+Lwfm#8PVSrx-YtIvHC&16#bU zJ1|+dAR3EK3<_}N%$vl<7mviKI$OmYU;BK#@uOuS+f+0(zy7#NkE|eSU|PBMIKwg4 zi{cW7q?TP@^wGxMCTdOU6BI3~hMhMZuSvn-Tl7pfsTb2iWsI}mnuwoOpUe3*rjW#V zzi~r=YS1V!5IN71Wk{g50&-lU<|Is=;~3TUsJXXhxAf>qK?=|3{D8R9rEX?b(cKsl zulp|E*bm(MdEXC%=U}hA<;TNlQO^}mIM$FXSut7*KtGS^SB)IB<)l?2g^v0wLAY3b zG#G;@^|F~81o{n5-(I_WdwivG%A(nDDXa(fwX&XjLMEL*d8wvdal}DlNmr6-M)172 zn@NHLjox(d$eUyI_n@g^>Z0?rjO1n>w5Q2u!`PDr5n{S`_3f1C+3Ee-|f&vsQn`K3R*iq7U* z!#%9B{ZA)K!XtqnxcRz{Tx#|^T@X_u=ij|iPPZXrJApB^kZZTsxXtQV&F^btMCd;I zR!f&yobUXdER5B8j@W-+GLDc0obk{8BG&)sIapKYy5(sbkVPtxr-1Ykqe+k=63^;a<^& z^d{N6p#raUfaJiLExg@dpI+{Tr^B~_2K2N@Co#lF)>ke|Bnz0@Woz+--Cl$`Hzw+h zAmiws0i32Xf?v63iBeK!EC2*G!Nw3to~#1$;&8sSPkWG%!Tb)e6`LW z$+BYf;z5&A>Z5OH4h>%L(y~G&Wael@iFC&kO-svS(cTA~sxX%P z<^gEcXac<6sEOljTl<*n+2L#u33S{wk*38+J6&BQaf7ToO0F=Fmw)*dZbC7la@@t& z;>CVQu&icw)eoMqkI{xv^qa|y{X}+|W1Yhy5s>hq|JT@cM>U;oYrQk*I68xhfG9;k zdXruQA{_)oiV6rwXrT@ugqEN(6hUAp(u+umQiomwiG?DBBE2LeNJ)SMA_NjbC@+XJ z_rA4e-S_^@%KH6I&e_>#?{9zm+wx(uk(M8O!AqnRFW&&>T0w52 zQzyeexPI@EG$SJf2Z+{e!~=6z5>vR!7~G8&oU~6AQ`fc59TAQd=^6l=NH?@>_tTaMBfh59)0&KmqTvAQ|Xu6;McB4iUFpD zS2Di59cv)b`-%om5A~&Z={W0HpUzo~d(qc*OR-F|RYckD*LWN3&(EBKy|qu9nfFzl zl?n*Yxbon5o9O8roijG=_-EnLeedm{eAe%4*mJlrkL9O4E!P6tdx%pV`%% zk>Mf+KaY1BD+4fs21C3l&E~KQ$g$;LyTv50G-T%;Q9GDv$IK9VfT`oLsE(s2F)DUf zz_l-%IKREmsl!9>+TRZ4|A?Z<*{f4L$IG-ED$^_f|{yf$4hpBaK2k!MN=~b#lx1&^06@ zg1(eVS<}J-x^=J&CTf6w9DQ9g^i_$2##1_( zZHtK8N743UV5Lp)cA_8w9>-SCI*h)gtf`Wey;NL-G^ELxgmW<-jMoii#v2AWxbQ_j z6kZMgyy3=hHrtzn2NTO<$YRtGeR3hz=LkRSov+x&3w>%a zXNEooT>$6(LO!^h33IWUw>LbZ)--0%Hz8+eC>%nnp^6AObjWP?Ju6CVv7xkHs`q)R znQUxq-Yf!we!*|Ye5Kry1-VXl24XcumU_2}VInFVMFBwm90!)6Xz^xg?MiA9%kbbl zCr7nWa>J)+yZ5*>7;B5FxS>o_n!qG!xBoY0gE+@QhJ~W=(rmr+UO*V%dN^M~z?QaAhjL`}KngTp@-5hN23a0H^vpF6q#?6!yn0ta3cYDno7PS-Nh48%}bYY|7WncXkIFNv9C~HPjmM(LA}qca5{Xwc!<5b#KRNwGgd)qE>D7ZSy+QrqU9QUdS@i^)o{Yi(F?6_S#^v?&afz1Jq`TaAE|DA)@z8F zFXjeNJ*cvY=fRSratxr5TE+vEuI$RzY`9$vbooHZIr$zpK;K}!7w#J_?x3gad{rj^ zA?UbC<{yT_kd8r)Zhog%^r3!2_Iwr$u29pS0=Pfg%E@l@qJ1RDh%7igd3#6QXw4EE zey^4WYXOqZ4y4&C;plh!gE?EwryBO?mI6sg=%lRQ`mc!XU>hm5dTc`T(g!=}jVYdw zTbmYWj()a2pg?l6aX|k<5@87gyxbUBL{b0gKF{8xG;Sl#nZ58_WaN4vhCc5D9E8Zb zMQ$?&NZ}K;W3HsmIAAIv9L3%|`(+_h)A1HMM-3UJAcre52^_%@#=1NEy+lOl(2tW= zb(GIP@k9bR?-KiGZ64O(epI7|=<*Px9PucQ#sTe|jY)6eDonUlr@xgR+5PuC;AQXd zWfiZ$f;R!T7I$ZB6WYtp@j$iGYS8jtH_75vVi#5Uq%wm&*~FU;zBX)WcJm^g zc#42)y}6MvR>xIx)|&XA>m@jgItm~h{Tdm&ydPhuHyD`ff(YVrnEAqJsEOOEyFMsW zx6*+SvZpk)G(1+XAEG;<(|GKf3ysL^{Mnp-r=cFjRu2ezMJo?(^$2LU0=DuwQts&$ zRET|9c(9{}UkgYYV?R-+fOTjj%Jap>PJA<{ot~e9B z*>7T*JA16m=Dn(G^)<94c+f7xR;Z^(NoXVcY|xa({IVWU`dVv7_-$c^dD#0Hm5r4W zKV#*7e|;w~W*hjA877;@2$kKqQ=v6M^y&!K74-Ff6_ z3sDfNRa~>u5~%E(yXjLgF$I^ZUqPC%2lDl{`o$vC#=xABWO3?2I$1O4A|mFQ@Y^-F ze0nunpb5U%E*?)`$7)`rxJg&2j_()dz_rU`9MW5WWqTUJ>pNM~0yL?W4GkXubH!Bh z69pclap^tX^=ZfmB!~dQz6-+8FJimDLgb;5I;K|@<7QJsO+0aVo^$G(S)C9+HwG!F zBFa(p#mxGfK(l7W^}Ru9kt_uuB_m5tk3`EQ=NJd@;?)oO&^Gml#UeDr!fc8Aj);W| zL3u%lDhIrY7(OS_OoGO1-5+Y*57p22+ui>?_p~|o^2>te`rOS$bq*IjTHBa~UrL%?-hP1SD&jQI(6 zGj%#d3fJT=(S%7gmj&tNQ_8b|xqBMtHku{2QU}EpIwVV>F#4dibze~Xh7wHmQJbY% z;->0Mr_+{;OG#j*Ov}k7OzuekFZz7*q?19>R{$ViYKUo61m1)zSeXw}AyWO7w2L?7 zyk(wrs!`FKQgAjk>=fX)U7z~fDNHVzZK`5^oSH97HpJ8?#KW=T%g!>3zd4pFZ<@GC zZOx72O2U1TE;+R?zr@PT#cW}tMLph&nPvr_!~=L^%(OOxBd%^t#WjH?S@SZQbxc1B zP+@bmFKmUuvosl6wwIeqXfBm0wHfrKDX#&v)!QNHP~2S54<+h2e$6)^`5_bp7SY|y zWYP7@;qjQ5hIU+yTM4ufAd3U_Z>P}UacyOkJUG`hIz1KOKu+{Sbrj3?NYrLANydy| zLsCb@Cx#`K@dilP@N~f2gZ18oIIzDb(NeOM1DjOGyXJhzi}13qe^`1@FSWp6l&pvz z5l>tnpx^={^H<*KoC4F}!v6BL(AY#G{B{_3||B5LINTy2s9%!I~lKj7%$%Z`=SzyB%mtY zImzb&p-99-d`GAG;b~n7yL^bU<-D{4!1jY%3e$Q*hsH0nt13%)Ekxbled6Y5<;73V zur~w%bE0HH-M^R=0$yduDpeT`-`$xLPwW2E=*AexdpJyvCua4|*r*}DYY7h+qhv3X zYz{v+t0v0X@kDpWd6J>Ox)yuNkCX-xee!ZvQgZvmrNSf_#IRbZ{e)tN;EIIuGxf-* zg;a*H#H#@WrYCE^SH>+nFX%K6A9if;k0lgZOAKy@XqNayBKx zhaE^&4!yF0zT79cM;0BHO~S^sP_CEG(Y$oY35WURB%;ndO&*_P_IO>*zeic#VJJHx z;Ku&PGwgUo8ivsXo2ON8w;O~{$k+S~%3LrQGynqaSeTI3h9wm zfL*+qmwG;dSed@};nY>ZHpA($c9G|m?p*TR<4J^$C+-I;7v_`nx_tHngO~>eh2>Eb z>VTtLC#@p+Nx^EEX@Q3y(*jJLvD92Pb$K-pO&311?M^?gM&-OtZ;_D;sO1pKT(-FG z$}f^^jgxpahikexN%&C(RfIhpbFo?r9m7-jFYg>KrK!1&pmA|HmC-P8O~A8nN*Q%9 zAP{mQ-rOMkC!^tm82biw^2SftzHr%OfsjUL5)J=)%Ab)&zTYjCrc?1WOu5XCv!rzC z8D=DSocU*TsdF?dlRFDx{88-&ag=uCHr0BJUxHl_8&c|q7<6qm^OK>RJ5bX{1ZR({ z&WO=ZM8P3wxBX}>p<2d0H!pAF%&u9*lcQsM2hh5U*}e>B-E0jV8ET|vh4>|>mOplQ zY2b2tB0~wNBH(U5!=_aBnRLB_nZ#%oK`P#D^iONe+Nesj*{uXxPs)ec3}yr%R_pv} z1MO(Oc6J`32_StL*SypXrv)T|$5eR_J6?YB@p@1G9N)?+bbfmu@96%Nas#(f^W?KX z*31HB*$@5#o@|>PAIp zy+J7gZk!=xZ0Ln5B;-)lurT>}(PpN|il>E)U4p4Z^0rD-7}hHrD?>oPdSho^w4%Dn zlkih0a#Ul|LyWK*R*)++vvbXcVHfcJl0&kmZXLOx#Ewx?5#*UZav1&RO~xO@ANXNq z`e_&w>sWN)7?pN@?C$U?ejO(Muq_%V?lo}DhgkSPc)7p-1$Ye@WM3!-buTBbuw-O6 z5n{TPiaSg5?_m5*+7G<121Ue|47_jaezvdh(THOB1_ztSla=^XIeCt%ZGn??WSfk* z?O4%L7@cTjaHM+cYwvN;-cy`+^JW5fD`)%mgssZktCpmLMb(TA)FuA)kd;LFm(@J^ z<#iRf&`e^XSPNo4YTF-lNsOv)EZ}z4nP#U4K{}{W!zqO11G6Zgb*CaP*t91fUW-om zvzvUd2vPSK@u(0Z9`s=0o6q6AY1|7=ygqI&Fm&*t(a%4gX@-xri}Oi&^aNe1Mh~Z! zJTM*!4=Y$;qd9qm(pGb&(~Nb`05jDL+>1{HM0uiPYQ3} zc^!%4-QMj%(I5m;<~;!JTr_!Tx<_JaVvhhe#y~`qHE@3KgYW=W3eTbQb(P2_>+G5q zFC~$xsc^3miZ~AHh6+Sv?`^LM7R%+pjG(UrC2OuF&Xb8oFY6Lz2^H2P`u&w{cZrRi zt^y#vI%=6xLn2FW(AN`~nbK$3&F}}ps@lUIb}L|vV&b`SCbv~JbN?t(N^>1>! z_qx9grVv}$-6n2+iRJ54C$}$jpDdxFR8uDAaZTvkH1*GoFEK(+Qx*78W zU8&(A&Cilr(MK6zqQL+-5*6S>BLWjf9mC-M?OCxhPQ+;&0zC`^dn)M&rI(U$NL+V% zyoKmN$(O~?QbJEQVpc9W~_-s-gH+8K&_-3%I%jlrPCI-#sUu#d4XRTm& zRR+gRa$j1xMk?N9@u{aoJX{}rcS;~G+7z}QxJZ0+^`=9sgL)gCkrOt_Pp;=F~Cfo}P^Vn?S%sr*cR`doKtD2S&Cu#2u415 zj*_B!3=&gdRzF)~i`$eXMiaL_kpH3nLxt={-1nu65 z9@*@MHEjn(hS_3jJ-%h6W16c-dQykQYTGeLInmq3QacmN;qpj3)@y_b8?#-jopCkn zF-fp*am90af)^mlOC-INN2Uw5$uEvH^yRoqKnI9W>O;=+Iq3(*z>(6GDUblCjzogp zq-iVU&gfOSz#WB-`hZ2-Kd^tk=zWuWH^deb+*!qJP&06?B-;G>g6rA9*&6pR6D+Ne zk+X6uwXI-Gl?da0r;np?5zz7Pr48*WisaoMpBT2)D)mS?`w`X^JURx&oO;*>T~_m{ zi^OF-_@xq4s90!UCGZf}Ytb4?PIE%Ew{Jz{IG|WUQC-2m=0VYwC@}@8VDmv$*bv$a-sJ<6&Ei_MeL#8NXQj!h{JBk%=@5csVzsHh3rZq(=io&U~v}$ewA%Cs?eo*Gs1r5Ti^+ zSJR|xj2xbVSegaVOq43rG${o2W5SQ1*ZhxyD}Z2VhkF&S+>;qQoI&O zFL#?b1pTrwg?kGJlQ>W{SnM>Acj#qzn#lBk~=jc5|jLt)33>C|z)v#)61 zDinF+vZr{K-<7)_#>aww;)#DF#Qz4W{}I#ut1kBHA3^maMn98%#OPrb;JA+}Z8pig zfYfoVLj>b{nQ-c|`oVVLtVjwVoO*}tuiD{1;pG4EdKUFy^VR?DGQa)axd)p|nT~x- z`M`vDF(K`q_2XUmPXfg>{`dC=#~;5^8?WSAm;b&~(Ygnby=U}89+Jer!P-W8X1dk4 HoSyv;7IG&4 literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/images/auto-enrollment-intune-license-verification.png b/windows/client-management/mdm/images/auto-enrollment-intune-license-verification.png new file mode 100644 index 0000000000000000000000000000000000000000..aecb539266ae09fc86baa65d960a917ac381ac31 GIT binary patch literal 43801 zcmbTdcUY6n^EV1AMUX1J1q4J9f}n_W5NU!G=_Mdt>79hCAidY1K#(RKr1#zl5|J)F zltAbSy`K2^eBWQW&iUg#b6qKSa_`%Pi(59buVwM@Dq=}5%m{GTx1E&?-0<+|xc|KH zmEUmf;o%jPDZiA}2Agcn5xv!xzarY(b>zhlbPv|x`uOt}sjT3GTN>SW)kfshm#AaA ztGg^)(FNQ4!E+;wMtt7G&MO^~US^33kmv`5D=Z%G(RE zD@BO7BT1Q!uc)j44II3CgWj?bQ16+O04+{&k zozzoF2|K8PWs@rRax>)q+alYLXPH_zgXcf(b&?&GD+oS{DdIYy-H4XR;KcotJ@{6I z z|1>X(+S_y17xO?{hR%g#Gv3?O864FTY&~y8Do=q~HZ`W%v zR8ouQ=l^*R$p3UzObK7yb7wYK(&q@*n{Wh6iJMx!mhL(W71c;jWB_M4uD4;+P;%C{ zw@Jx#_#X;+?sQ&Vo*$O{x>3&h)lChuP(FcUBs-G+T7eojf{eCWhZ!_G!B&6&RJdFy z`G!H>>ETAXn_6(%#K!;VbRiFFLZX8D{&+mWT(MWp(#i^VuR%FF-%YLd$EHUNjtgW@ zTRe{Mm#A_pc*=M8omqpqz^8tSglg%}vuu*Bo9?|prI)nXk2PS@d)rLJNMdYf^c_)Sk+jl7lmqO_Ux>g&9xMDZHWZsN|JpBBwcD8TX zRakZ#KH1YQ{Mz~ABVFUz&4x^)n{d-_DFcp5mDB1v{iuyiwk*eT0f-u#0x4fZPCT&C zN}Sw$%INfD`EJ=R+2k=?Q{osZF^iEUcKqqqGVu9{jq}l#!BeMsW2km#S-?_CF`#ce zQhl-J4N(mp;u$M`{jkwF-H7nzdRYhi)wke zX%cA0V^Vz4px1ZA3@d({QGg+Dcrtz`ASD3-6`K^6U}P-?aF(hG^pgVDxZb33X2_JluDF8}@ey0YL{CPiRAc=OcDuPq78)-qIK z(f8Ql_tT42fq+6^%J+KIj#qHsMKr47fb2Nuce4AFCrx0)M;*SYW!uto{|43F z(_=IEuXp=wMnU;OZJnh+?4$&1)Qo?67RslRR9Ph8!?s=v&V}BMhb0*l_GAVLI-XXF^(8lz`CL&N#=q?EJNlei{~*JCFG2 z_S@uXPfkvfK1=LZr{`PNgsl|L${D==))7R+DIvk~#CmA&`GN&?evvwJfJ80klh5hd z4f|GJV!!T+#^lL2m4>CjQQfaYm%L6U8^LxWgtP@u?MO!iRoqE*utnuV~4Fa zlsny~|9+nXg-CZjfHV#%ggCrJUP*ZC*^U>{UY$+0nICOUKL_u9?X!Bta~eNN>Xyx1 zym`MX#<%{2#fc0M>eZ&U-yEgJy;)XaNt-#KOR-9uhm%pn0PmH_^LZmPP2T8@I!2#a z7-Ep?)Ns!?#%_ByQxVfW>Zk`NxJW{}PWe2n!;0b8~gbAsMO=#gKJ_7DI2Q zj#atu!Pmls906cJwfskJ4XimvM*Bgj<*n`cTVA5%lYaBTX>=JM5o#`~cPTiPlQ);+ ztYR#tf^Asn4Xs$xW)%uu8|=xgvx(~l#i)CP!sXj3M0Ym7C`(WvUriZgPT4e+b0hX) z@;)v-dY&cMyeiOv?Iek7U>`?}L#clLm{g=T+W0y8f%t$-&z#pn^rUIP-10?&vZOk9 zpa4dg$GV_dg3S#uYw9%Y_XN>qeDqB|G#VuX-1MIBaoHI;)O)x+)N@fw)=~u6;Hag5*A;v3EiZvvi{Ne@g|W3a5-g+ zN6l;Y8DVOjb!?UIHW4@%;Xr)p(6ZmWJsk`R4bwBoZ)k=1w>*X*-;3V=m%ddda+Uo~Un#G(;#Qa7M+q8i zfmaSQ-tF1gpgDlx)t=PxFOl8!m5;BB;BlE_@_9~tq6`=B%iQKxb%)}yy=R5qDF?sc zhy0yfHM4>ehbZ6KZ!G;k7S3|{2Nol0gxQ!JM`!4) z7?FWhuOFMwL_lm?D@ytc6sJo9Qu7LzPjsVgvj_Rlv2jH)d7Ok+ES-y!qL)8_4JT&x5dRlc%s?~<8crCl>zlKw-FM-Ae3VEC;fBB0K+qc)D=RfQw zQdaXIv0SbqR&cF#04spVub4k8x9{DwGp3}5&g{WXC0dvQA446qpOqTGLc>g4n{@A> zX~P(eqOmy%7kP##6_~}O>*Vs2e4Q4H9~O^cJf~-oqljQt%;n*jSPKkp_dO_o@^e{R zGuKU8oQX&#BqmA@d#Sie%cCjJsqeA*n`W3Aw5}Bc_O7~ux_wVwX{(M zqx*Q+W>wVOoXRh{V5^PH@{OKSxD`T?a4O4iHFd|gMgd`jX=S#XjyT zG1|eNh3;1#X4=mG3JV>P+k1S!ok8Ha`!YAPi(W^iFAf_yG zg@-Taf*KKW2cB-zdEaM+`lr-!s*TDQQck~ndiE5t`{h{2dx|>xfljQ%4&?ilmc5%t z37CTH#W7?g#)41Zwu3*2x&r4uitE}0Ohhmzt5Wron_!b3EcMB_v)>(pDK<%piZ#eV zQoDXxS6(G~#ZZj7eI5))54Kkpjq9*lcLVsXk{NP|;~amndG z#Bu20Y1v`eDX`C6)beIXUGEfd?Lrp}uBUYi7?#(!3-CQ(rIM(aNVn-I<6~xHp264j z{{1VD|NaqwH`JEVZDtL_oexUfl!)J*p>c}zOHfXc4<}uBilr%NZvNnGG!cKS5&QfZ zRx}xfJ`3tW8i!*&egBXsBdreo6M}W)bULwWX0>#MyZN`%EM2?O_>%?!d?3|hx`m%dAMuVr)VWNsXzF!L#lDR2z6Dq`)#u#w5I3zfX*ln7P4G=ZkbYYzIqn0@v0Y3+*jo7h z_tM@9XjBDuaSkT&lKxy{R{owJ6vYgpeI?)RHUZ^poBKfQw z_`o%n9IdCMn8B9Nymz^hsO~(jqql@EEUN?gq+RK{ALf z85_8lXRJpkW?ajWXzzh6SRT=J#A+L+g>F1(|KaMFtX8-oFgbXNVHwE9V%icmp%DKc z4t0Ut$`fhfOC^j> z3w|x&A2wc`NV)G?Vk>O6m7uR?+^*=G_G$bK8ZcRX7P%2dOm-Kdsa}Y!A_cU*8}{NC zndmx5TSTF3a?@50=+P|OGe@Nrpgs)HqiL%u-A1*smEu6E324I-X432TyMGWPoBGB$ z3Q1*JaLKrrHS$7c*sHAgs1p*^B-Q<4&jD;u#`ESkA0vm$#HPNw+H>^d1ULV1vAKkK zp5zJdcUBye&1_Y_hOE97telkaSAZ;j8SC9|Xazp;RN4(yX@Fl1$d_d%f2+$IO_Bv3 zLe&3P?0Lxg>av)TUJ;ha153dst~8M^J3K@T&CD zwOdBY!&v~;Ibv~6m~AaNQMW{YiC6>tWmm9aE7ty-^mb zk-ai^0Pj>I16Vc--%mOuE0tk!kqiX1-yBS{NQzA_ALx2IdCEPhIa)~@NETp#UNTNf z^gr9+q5XPtxf`(S(wfhOK-8JS+{L8>fG$$}OAZyDj#?6}g6e!WEQpuTNwd>J+AG0h zA>R+aC9V=S$tuPE58Ib3KpGO0+&vMKzeI>Cw1%K4Bff$ZVZdC1cZ+yklbecEH+L;u zNP*J20X#Q=QY5q=YRrJIuhhcgjZJO1Q4RMQ)2Hg3GC5_I-hck3%$g8S5&0r&75@%| z{RSuD#wl`r^#&cBJu1zr<0j||?Mp6ic&G=sGyRlw`2f?4T)W6fb+e$Cpscu|HFU=E zo>nUJ=(+Bc{r84k+F13jNHxnMBW zhOVG_zU})@V&C(2amR9er`I@V8x#I76>f1su1@nCAy-%5BAFvei&QB0dpJ%m9)j{X z>TlU82Atmaxxm^{T5iY>f0i z;_>khFyK3NDg^pCT_>LR zZR+mCHmGD(*qIrbb-ac4qu;_wrY3qLgvsbs-99fcDvxY@f9*21mUJQdttZymQ8AK< zDmE$C((>i&j)*X#p9Yh(LGSjxk9?0F^{vX#K;J(}i~qnpJ}V6}GpL}eIO}d0Hz*wndeV>j zdDv`7Wc0mr_4HAs#dS9}LCP+1#%{5k*6-~f@J}9tB||2pzlOx-39 zO#5+^xA{MCuT1;bnosy2;&8Qph_{`c;2-FaiV8wN_@AHqA3au*{R4gB$mFB!|3Ml_ z{u|Qh+(fW}1KZqP-j_PDWx1(^LV^DairblMY9f00QUSpmef$B3XJVrM1@tm|%+0(g z{sUi<|F=$`m+!FQp1H!<5!{vY7SCn_dCk3Wr?xEt;(;zbOp&#&}db&(tISM`D_O znn5>htl6{LahYD@ zorpL^@s{b9C;NkLaayihq_%AklN<`6_{A9!cUYpk9XP=DSNEDB4xF0nq}O->Ps`DX zO8*GRJ-#q_hfU=%Wa(LkR}C2{kHE+&bqvq)0BnwuR^(=Jm7Mctm-sBly&o5GJzQ!WugVsR4_bbj38=`-1X#;{Vas zb);68Y=qKFg&S?n=d}J4+~mwxL3;kTDY5718>241RMK~x!XM2Q9M>XO;sN^`;!cav z-A-{3djToH4Eg!m>_-;>lw9kM|4Y8(5Y^qq(cLF5mZ*G&86eTZ#VJtrya5^c>oOD3 zo_^unj6vv8#+b%^Z|=>Z5nfgzNl39?)USY*(J96yRMRky8@;b_ZU)YuvdoAy2S55w zao5H_$X@cgc}u;AaQ`PVA*A=|U(3=lBqMrwZ||pE*M~8Y{Q>Vuc3F-I0e>O`{_BuX zh4T#|{$;IZK@kAMGa@&@R*Vd&(qkIILXfbQty`KT%9MW`NKyF*=GC#Sx+1D7}9=FUy8*L`b=-moB+Aeo`v z%nv^{O}pB4aj+x1;iUMTDIZw^qD6{f-DOXfLJmz+3z`NU3~Vmt3_9`TH`_wUCfGhuFNfj2Hf7d zk3w$k2KctQL^TdyE^yb6@ifiP#(w(YO|g>7;yOg|Sv_1Xb*7aD*?)i1Z)DE1d;ht5 zX~VVC+bg>>29?9>LN@=FvW~Z(ry;}!7(q__%hg%{1OQlA(Av&%0j_AZ+{OZ!BPb7z zjVPzkwo$$gj7J-+$L_#!$71YKNne%3*4dfC9kSb=V}1dh)=*T^KYCMeRlL8$<`5zs zQGss&_8E3X2~1AI1yS34#`_m7^}~A5_tP_z?D7)xY?8MeqVIWi#Mk>JfmL639CayZ zLN3nkv;(>=CMq*o>G#+i&Z$RxLX4z@?)Z(6iohSpPw@FR3`o{jF4aiY3;I(X9f4`8 z=r2j{&Rj6dU7x^UrZ0ZOPr6Liksl$~-A^V@IqmkB8N4SoqI};`C=8zwk1Eu>m_VZ_ z4_6XM0>(|Bdoq}`-%LG5=()HR^Og7mNz{Q4ElMu|7WQo;sma1D*ZK!!tp*1acM!in za+>Qx-w8^ddf8U&g;ytY=F80ocX0h%|k&H2dPIJ%u^meUS6p1UH`b~ zqpakoa=CfMt`K08il*n-WqIQ(8GkX$$nSVU)eI12=#X3ph zrDI3W^4Bp4@a*nT&F57$mxf+;PMc-2-mZuSpTF|?csYYIjJSAw-mGfjxYleIv%y-$ zIo{e`{&X!l{m9a)xkUVzluxK2=t}I-_P#mWJ)6iD-pGbn{_VSMlkyAd)sd0*KJ8QG zTlwzsmt&|S!OF5n^Oa5ye_EN(@jHRCY60(e;u>DhI$R&50)-}fXpi0-c^G`u2g)SX zq`wmpF`B3V?N88EaLaWJf_*+bu-llLrtYghyDcnzu^N3;W!tKuv8ZoqpWA))WeCMT z3w(z9CR4I&3pZLa7lmS1_a&Ta)SF%;5kyr4IKqe?y21QXXDZiDso|n(N2iZY8z1zm zRRxIEW;`JMzHk-qFSwKH5SuhZPLC+m%(l+L*1>UzOZT1xstI>9}KB6dLo$<0v z^Ub%8$pdO5p_7_je2W^P3A6}PVmXNnnw07ttq@HtcS&cNxpdzdEi++-s7TM}hf3f> zs;K7LM~xx3a*pp7WTU_Yx)U#wZS;K@ znl;8M&O5?yiDtJjxLyP@h@yyJWax*T(z3?a+ZDgRXSnJwdT73pjy@2Xx5w8YJq==m0_#~AkJ%?9o z^2;@;1%&*mkzUf1LGE<)FN}>k5tDtXQuO@54g!GrNI5;*wG`?5fhwxIwTxBB?4N~j zaMBh?^F1Q~IpL_uQ1>&$DD!iSf$3G$YbPknUbS^K%VPtNSm)eV2j!1QYe+r}zxmgMJdnx`#yezRX^8!t|%x zu=Y{d7l#Ma`q*7jWVRrl-le9=P-8Ap_E|Y?fRI*~I^6x_mM{<#JGnj%h;svpUjKFw;4_^u(&TY~+;{7M{PY_#0Cm>hlvk z?Cx2Ot2i-&^KH#QV;`A^wr}lg7#ht=+T2FYta6@au@yDF7#dYy-bl?Nem_1iVjO^W z$O|Af-H*{%1D+pnGC(|xs$;=721*r{a#qWcy_JTbt!tLuVcJ-n*Y`>oGD<}sbf`)Q zqxb=5}jvPv|y^|4%DWh%&dP1T<@GhB>b!sjj?S>eCn0$E^3m{@Y7!POgkP@HwX6Th3QA;ll{fX-Bi`)C`3!{5$I3%NL zoCD?fXZda<9y5%);eY8|-iQQ*pWA8 zJiGi^C;k3BlO#v3fG-8<=;5uuVJcO8d&+;MRkk8Z@vW2sy*(Vj9r?LRbFz7@Q5UeL zNR2*rJ`${+`+V{n!@oJ0_U@Q%+`UT_=lbD_{SfSudS?sAl+nnm*NEOlPPo}8Zt_Kq z;*r$LpV77v|8jxOXS)5y-4Rka+_343qI_$To|D|&!6}X06p2ouaSM?6#5bOrP3C=w zE?K+#cYKjg`ycPjDXFSzL!3mm(-P~?PFs`= z(@Is)K*$}8{+CPc9Brlp!~0jqUGH1C{t>$l4^F+B!|rIzy7aNuuOz5wf9M?YY0{ZN zm|ryWT~zY`juB$U`2xrv7ICpWh$$9jZ{Gs2NoB;CZ;?+7tN6DYAB0#Xz#7m$>s@2 zZ&w^Qsjtr$uC*UUq^2^cragO&*jE#h+5eTj%q!63(=XE#TVAbKSi&xE_>19SW3=zH ziAff!-e}(yz);mVZPY@ zu}D5x#Fb1V)$(iS)|n>EF&5a4tEY)N=zI$@OaX?$nr^R|4=)CbFn=6a+kd?i#h94T z%?clH5Un z)AnrJ9(ICwX#7VKH$D=^f>a@^h(VvA%0}^iykHh>OnM%-S=6+=xhl1gM}?gT-gE@A zu%{iFA7usnG^a=!UtKHIR;2eUf`*Tc>ULF2m;_rs{+TEhYBy`!sZs z*DzPm0@o%L$|_g|%A{C)x6UC+r>qWCG}Lk!g05UHk;%&ygiUxj9GZ{C=N`TG+SK2# zv}lkLC>NnCwg5T-V#Zp;Ub$@X_@dXzE1B3V=-E=@OCO}<-6({={5&m`BjoYNX2!K} zh?ZtvKOK$hVt+yr)7L4fWs|<1!e!+7Jmb2AfmeJg9-pZ_-=^&zY1(7Rt;a8bA|i%R zT>#@(h6A+!p?OAtQe;qHp{AdhsMCqsinIJBc5qA{XN=mhf;i|f8Cm$K zuc7*@Gi%}t(7SxAdw$)Pef4)SfnwI5h9~1HafWJilKkpsldy)D(8DygMDvcE^;&(? zp~%SdA@@0wmjsV@Xz5pHDr^8h%j85fcf18nk1A==M-T3&c943o(R0ezSvyw`)q4@v zZUP_V)omA+ke-p@rYltA zAf4X(by8^DLEZ{}dlV8YXZE{}sAl@tg4QFFs`2hY)NgZCQjDW=ZFa#JUKS`@aB0My zOY94myPK!ePvu&+4Qfff6&}1qOBEuwEg}RQ_GmidUPaJ!pu8ueAozD}pHR+2f?wTk zt6b)DIf1h}O`yA0vquTw{#{E>t)DOIR3@6|Z<*SHnd$8AbsG4$84I2RK-m^QAt5a4*`zPTocf|--4`O?L>ZN;>CQdjHLPWsfp(2Fy~yaJ z3S+T%2W+rp-@NVmSe-M!!O@65nQ!wKh1_={K%UGP&$k}83CJlI*Eb4H<(>z>J@CdV z1`qRSPu_)W-F_qXAuEvWiPSHAMzbD8dSBHD(|}8zIopH9jvzF-7y$u6k*bvLoZ!X5 z#tZv*{&xwDf%k*bzRIJmFSO?`l^#_^X-}{Iao6aFINwyDit{?!DkQiq_nlO4%21RTP;BmxBi~1eZ-f&yXVIwy(lK}g6%mtjG~_2#*E;$ zj~Sq5y}4Y~K4$oAuLA}lTaC$qn;;2Tpy0EV~Is3}wP{2`iFr zntIB*M@czVO325Mo9$IQs9OoW8*x$+qw8wc3ZIG{o*CDtv6UdHQF^-8C>84myKx`k z!I;w->}Z8#d0X8@07yhaP5nD?g@w+G?fAKQd4-GJbqoH*C|w2Kl+VjAhYZ6qGIqLe z^1k4B+D6UkWE(?9`s1`}@BP37IZ=2))2CFg;{sLC9~XF-nr8>DpL49^5awsSmlGLY zP&U=-C*J7M^jHrpB*Ss@uIu;y1=CR_P&+ihCbF?ltatiQhS1dVQM{P)JjjCjv6*8v z)l+s6AsNle@lS1S(o7wQMmLf&=6)6X^mjL)XxTC@a8B}X&=mG} zzd#$%FUT~T1V>2$wr*-tt9@~JL1`V8}jfdKGE>pv){y$99o-D82LU-T@w4nkL9sC~n>xB7e^iG73^`&Og6RQ4x}jW{&; z08_T?^S|RtQv_y@3D|ZYLdg^mHhs%%iYn1Ba{YXzy$K`FZW@^_+HFRA|9v`6qGMBY zl4T8tX6_Itsgz><&S!k-&3DyfnC=7!>owk~^Q*r(?I}*88{2ypx@Hyx3vzO!+HbRX z@chEbSlaJ~RI+R+p&rty_?T0jFJLi9Wq)N;#aaKN?!?J!Y2l_+$5Nn$J|nlTuq|bp zFNN2SdZtX4iY{0c`LXYz&ychIhkwUmYxH9-uo?#k*#2Z0I`NhMz9bDMpje(T@rG&Z ze~J*x1BX|dVPsVA z_|w4y241dRr)MY((qh#wj%J)8w7kgIFY=gHPzY^%*CISUib_V!98ULpK=-(IL49)^NM8nJR=zu06oWa4*F^2(y zrik|o7VLp{@9t%SAdUa#5@F5C(S#2dCjmKEba$c}@5UoLbl#1DXRG(_KPBD@fgX9u zIe|=4?584kZ8bQM)XE?wPsj8EMgIR`fO-6-xIzHK%6Q;3hV65Ic2L&kuW zrS?h0Vk40uvZ@7vv<1D=Ua((iWex6_I~WU2Otk4T%Cs@tr|8XaA9OQa;Rc(7RV4p7 zcARUknCD1ga#Ys5Nir(cdx@sYg)R=-s3S{P)gQ~qy2HrRA9R;GZSm56eaG@n9-M|J zx%yOkm1_qERILA-(iAm&)93DOx{63$2s3;7u*F=QaO~_L^HG!|4c<%Ap*kuN2_|gg zOaSQ#Hi7G`8lcN7$++^yfWOBZbaY!tae>ugLg~Gg=QP{{x-^<|%!R(%6w4L4E2a68 zWq*}r<@P_m?{rfQoi09I`J(o_(!8f(w2o%VF%&S`@alKshjq$GbgXsm{#1cYvek0; z)ros7tU&JQvPpXW4d;pV;;8tb)O_?^es9t3nf-M?#T!Q(%Iu6zI!Fo7gYzrNdF&|^ zvD$4Zxum^@@%ZE`wc@sVl&<|5Jbd7`?#r6q)Of~L0E|Id#$R0g+$GqT5?#RZ29;o* zs1n-YmX`wSKf9||30~;9Wz8h{7)`+|QzAI4s+Q+@!BfaSYXj}F(DoEkNsBVeX41%~ zJNV*m@4o;3ghC0giZD zC4)g=CU|Gn9baDHPgB*0=Qrf8kX!G}vI2rr+P?PQ&t1$@BF(O=I1!|cucW*W4!F`&l?>o=UD;73>m*Z1Flg`T(QZeWw zk#%#2g6%v5-q%mQJE=&RxZk$kI)6sRKpX6NZ+8RCGUmVGr_HZBG(nGf?ml129a$9< zeHUb8TVH+SF-f}dFytWA$iqxj!a;pv>GzE;t2Vf}lqlj5>V|TkMkJnNhPTCG(se29 z$a>D@J*`gmV?Ta_@(JH)b*hPRRHjJt5(f&!?{b9C{HYad)pwv}PhNobxRJ+5<03Js@OBmM%?D8ZfTTN5 z88_RgTQ%)-B&_Ur&!`wOzE8PSG`no{zG5})zO33Wmg1@0(Low7xcQwTvv?eLH{yf=tJ<*dtZqP-<|^TGbh%RjMqLHMn*9@^R4MS|J!_xP+a*0aZcY}(%A>F<3{)k*x0fI|{J z1{o;A!L~db$j%MVc19SPN1jI)K3ZVP4^Xvn9VM z<*rcuPpq{IKJT%gN=W@l@;TKrrzxSqDjz3w-H_AAC^JYLD-l7k^kXv_0VVzLqAwgOIVgXl37F zq=QWJxV*?i`Ol1{BTT2Yzbak^I&CG|k0e&KMO|vkKIeRw-H%eY$s5Uh9;8Jj(zncW z`P;LZ!qN`E4-3N7ygM;%CV0~21@1z zoU7bYV?o9*5*NKRds`wA+nZ#OsRC;wuVA3Jn*iZA?DQ6fjpI~R(;Oh_>)D@T;ktEO zeV~RQcnhh3ThHiYjN&>g?-AKVY!j;vYo6W>_IzsMVYnJgGxgIvI(`9aBbQdAAhldV z2F+h7x~QEscQULA$~*KzqsbMf87&})qod|6?UFs7G{E6 z5Nw=nwa*zw&Y21>FrB?&Kb~S#NSK!6Zz^0>HTNk3$H9c-TUg4_`jh*f4w8-iOT_wivdEd6dASj=p{8yEKGuN&VHh<;Nj(+4?xg{v>y z_|Hccsgrjb#sLko3a#++s|U80E8-Vh6e`Q#co(cA0XNbZAfGKwQU;oh6@ZVht{{WZ zA-I^;+?trHk86{Vz_Hv;>=67i@%$my*HKcsZsx$vClT&8W8)U@ZQ6ev>YLer961C( zj`al$H2azk97AyzX}$}%3jmC-ve>u%)v_NiRtTiDRvs#xE%(5?(b&EAd|9kOmzWmx zFr{n1xbougAQ22g51!(&OwMbU8&`w2|*$`LB8^t9Fg4AxgPesD}fZ)dGS;B-$QMW;B- ziT-9xXc1<6-uw z?@<_$$-@c|kLES&-MvTVEbx9m|Es%SQFk}BSzQCPkCR;kSuvd=XQk2Y1zfl?^4oq- zuO^MgL^UTiT<>6vBdmV7`74d_H$Cp(u9s4ekdhj|lqK`EHBKsCW$D|rgvG|Q4$hm1 zd-z-5%Mp3(oULh^7o!gAqo~8}&9T)hX69pH`SX=&A4}BB@*81E{#UaFXL8XW5@r`P zWnP4{e?ndIo$D`o!qUr0PYshmJY)VzVBo7Zy69t>CJHz>qbb8^(ydajxlD)!^@?r5 zXhC7=cHQA>D}09<^E~=8aqjhOEe9HkQYE~QXbX^NQRJrBy?M#hsGUxK3VV7(+Dd?a z=`6k9FN0VjD>Jk1u{@u^@xnT<`IwGyj5wo%Wc2wx0UQF2Tfc84Nc%dgl4OhVd40uB zwvcAId>!AW?{=daZ^;_gQLTl=St!n0KZBFU)5|IM21nNyBww!ofMD+ZY*vb>7wzn7 z|D45e`biTAH6@_nf4CByR;F&EKk#kE6<}OvL0(BOsCkqul2*Z73Y>+n$j9YJKF;?H zQ0J>2~gEF-e zc>dI}3K>YGb_{72;&UV3Bz>A~Gtpe|5~Le^rPC(IX9BUy$uYRZ7E-Nx9Y3(~u`UjS zRQ7~^DO=eu1Ol``hNekaiGdw%Yd_@bz7MNg;nV#uNfytaH&U(3@<{I5gj;|}j(6A| z8*(y~Lvr8>P10(vJ9Tgj%p~%@r~bXvfY;i+O)%z(VKd>Ok1`>VyC0?@ z5u`EbeVwE}R;MjcenWmo77zrMR`+NngqsZCb=etbpz{XB&l2tOG2i^NwIm$Nj{_3E zlg=f)NHG27%j8gHh<)2TAe)i)+ zyN<#?<&P=qWBP7g)o^FK4hXCY#M+kTr<1b?Xy@RByrG-t+QQ>#Hz07RZDC1In3H$w zCXKe_O1%W`xP-lY2SNx3jD6|A?Qwa`!m1a5?^H+3SWfs1s2*h1x<|o5vsnN0l=kmCkB$xu%hhy|EY!qy%PrHPWin-rCTok z=e#%2QJ5|F-J+3q;*Xnt9%T`_m$YQ^elZ6D1KtX>R$Onxik8c9MAjHFh?`v~J z&OclY`lOwg+XL9WUh|11i1{A7y zX1%M@a(O^tjRoxn9oz+Fqw|hEMmpm~V;|`R4V1=tOnJpC3OEaAKr1Y6y(kaVCG$89MuP+253Q0;TyE3|po-FOt0JH$tk|q0oa3O<;vFF{wsH1hyOYP>NnfL_g(tk~14ZHl0h|ZNUgA-Zu zn2icMCHWUrRn`P$rz$ortx6*I*CGFKhvSdc)@pI6QX8_Udan~_P|uz3{{dB~#v!hY zL%7}Den(c9{*RnY$A0rGg%^15{kyxW zor%kjwL@_gdw>7`bNTNx{}dxhG+z1v9eRI`F?k`wrYo5_%J+IXytXPe=$8y>*u^kdny@8GJo^moO6yLVmj}H(o7rFDS_ly#1fA5rq-$2|mFNUPin?1ylnh6F6PBB}b@$%A z#)3clLbPxtnE)3TK7ly?j}`iFR!IjPQs-65ofuNhhaFYU+G zQ@l>is7w(3M6RtJ=L6%+dHqWMfQ1#jQ^suOK?25XYP0g9B=? zXg&XtyQ{q2@ipaHrp2}Ou9gz>plWdJePvKwQMV-$B)Gdv zaCdh}fMAU~jRgqq!QG*gAi>?Oad&7eNC@uk9^9sr@72_+shXLZs=2?p%{}|rK5MVF z&U(}&%$v~Fm<#pX)*7GsE@#$oenb+J+jlQsaqOZB3kRd1^JB$7zK!qFe>4w$gj|MN zbJgzE;UjJQ>ks9>pSsgvAC+kzA3-FsV&Vs_nf@Ed_;t^*qRP51? zedXCNp+=C2vL)J4x0^e5Xa%LbS;dfd&ze@F$(I`f*WzbdztPoq);sX$>%Fd4N4>66V1_Y|&^8 zx+Xa@ej%=Pna!C`j>yaVc6Tzl=1gau1cjj8W!_Nu*ra-m^)8+Hg+z-eS^$S7vidoY zyGy2SbMo2Q3Z3AKV*ODcW%<`{5^BUZ`0KBDth~49Fq%4=$j*iX-}`e9id`QFd6u5r zxx*V9cD}jb-VMU*&sH$1of#^-=cd7pXE@uB>FlFWXH)g}zGZp(FWQT`cSWX11Wmmr zgP8Y*MfS7G9*l_nq4R6h#0)L=4EcX3&5|$6)?C$jh;WY*5VVq>orMtOWOf&_O(jY__#(*aL3mfT~ot7`? zSlQ*0Ob@9bwWp8A{$ybav*wFKS%cmf?Fd&MM+5zOBkxTL2b-GtEAZidw)P9PdTiV2 zHcmWClEK%95A@83loDA~(Q3SEFsRs5Gmx98#`LIRUUMw!Yp3MnczO;mg{xAMmQ1*E zWGJV5HLgZgBDD0hKHp8Sn5*_*3}Q%mYW*UY zF}M6qgX%b;7w>X*mq%lV1$5(|%>7a0(w==wQ zPEvKokH%3wDqk0$YeSrvQ1LScD*#9d{l{m5?Ci5`ZoM^oozhlL3ZYG(D-dyvgn_(O zotMK`t@t(`m*4i88lRVSejuL`#ZM-~4oxh^_BSJkqG#(APE>9kne;ZCd@1jmqYxrvS4aha7?!h2p@M|+m~LKK%Ma!CWo zP2W^!KSs%x?E*sI=C>MNTGF1})9Zxe1&X=O`p%~ufI10|LkEfHxGp--aDgmCE8%Y% z;cgP=erq%L$s&W+Bt4g=2m-#5HqkO{Tm zW~Xg=EGa62+)`X7z)}yEdA}>@!v#DDt-PZ#tVe*)Pb_3&=9#_su9b(teOS z3+^F%MEb2cZ_|1B3lq2;39a>SUXQHCH#ostEsJ5NU%_KtuWD!f90%-4pV~>?7*}Mk zP^$b6CU>5IQ)l1xyV9rB3I@BzS!(GAei8k{^>CUAxiFqL(Cu0y`|eI|P9DGr=X{-C z2Wo#79AB&hl^%ljoLN@CF}(NS@R=rdI`o==0~)NgBLXo8&8vWqU1mX}7y|FS$oFoya!#WjwZOW_9g>;?X!r&+QeBO&whdv*7}>t^Jk6`MYtE|%t<;k4%_ZmY=^q>oSA1)cFG7JXraepC z@?6K%Xs&Uw;TRz#gZUY*NtsXl6wk_86%iNr;hxS4dxM)pyj_F)zL2*0^EIxAl!wb> znbmCZ!7rYM?CcE<-J{MB32`+ew?sb7*QW~9)rU>7W#^XBz=9RZ{xJc|7|ivQiB5^8 ztJDY7^AW;S!X>0iG7-wi(X%@waW&EjNPD5g_vy>Qfz@oVviqwyGA_mOsVG5DwX=vJ z;TMLg*=enmV4)bt?!DJ%(ki#;okK~( z&wXFOxHHWxI_(XxYhB)`hFQTl6RzT4DSgN-2i$hY@6k0=Vxa0ncj>>|xvJqgRakp| z#E*i}G&H%0-P^p$(4Y-SC|c z7&K}PKaRePL)AigW5*(&Zyfo*)+L3pQYO67QlON*bv_HuJM>^nbR&!py{Kh3>dLQf z1bwJ7XFei|WUnwqBYqUv@+jC^lPTRGKnWP^it8ahf9iN<_NJa8%`79y$MW@cKS3C1 zrPcd9BtO#YT{b#W^N5&Cq?yl#xN6NirOO?V6d@%v(0a9|*<{nPd9UE4$&+7SVAT}Y z$8#B)!a}ARf9cd2Qaz~BnuP2SfC2PL@|SNl@htWc2R-qOSE`JhcsVF@U{1Jm(l}BU zy4;iUxCz9Kd>9CFr5vbN-pSl^aqohY@5^MH*KB}?^?yM*8wr<#1#;cPs_qR>9yfMv z;4g$R1yCfvtPA1baNY8&N3=5prF9aAZo>S`u3Q`G-?0C|Deu?%jyQ#ImGY#Ke~E zd&XUfQ1Y4;O@`cCe>V?RA;S7+A#yWD2uYSSt0hoqv@R$vQBMt?=%gs$aCYxG&e!Nx zk;Y4)vz}S-DJ-ExToA{uuDH#{)g>ve?U{$YHG3#?+Xl4kNbA8ljV9rDF`~NGo-f@hUFh|edp#Twp`9$^Q}=}Q7eBTv zJoo9Sp@++_#1FYV@?Q7yG3R_waMTowh^b0A)*f(B|F;z=K(~U#k2{}bW)Ixw{p?}m z_g->F#P1G1RgA`V@4_!MU#&@)|2&O$wABSG{;{d9W2doB2qC7JZ=10vHmjE=qU-c_ z7#otj+$@dE2J{FLn771TuoykSM9_GAwd16r_%?c#mEU#QQb4-K`mOLo+Qdd`kXj4&E+n9~S8IeJ@kWN^w7|j_}~Ab4ePyAvE2gq099H z=Bn_C6;nC!FK9&_`2c`cXJ@#txU_16G^dNVi6R>w0k1!tC6%Mz5oIL=l_1_<_dS z=(1+v(ruint%fN+1KVWjxHX5l2*c$?zZBwJGFCaiEr`oPyNR`XS2#^{l?!NzmmQLX zCxf?^Hyepxm=_!}6hMpO5*b-_u)#CuAB?ihSWy|lCy8-qq3z!td)T=ntZEwK`RcYI_uJzRH!_8d`*Lq{&XWW92bcTTBo5}QpBsG$i^g9mufmB8R8iT^X zGp3`VB)>{=x=Yxg8GNgUa_4w)V^dA1>-B@(bu44hNE*p>xUYqV%3BY~}u> z;+7s2d)B5Q3(mKKAXLCErs8+6aLRX)dx)$$V;?<)`R)p|lT zyx2A2s$fPZ4bJD>$R1?lzf~a*r{<^}09~?gUpAV(>{ELw8rL_)Kp?nz> zmh+z3b2=t;jI~7a$)p^8DPO)YybWwhNazAB_`TWVd?{;PVMO)$0A+17mnmk^#0=gX@Ew7+e?+p_bt~ryPhdWu2B4QsLpTnT zDZI)qoBlZ2cq{?vRNFtG_qTX&#v!*|aM4vfpzFm4;h=)PU6Xd2oU&|0D|RWFY@y8tCsJaks3Al_w&v8lxZrQt~b#tn$0GJ9dey!`r3uo9f&D zGG};!VH3e%H3-O+!-P&>^=I`hHYWBDwOX>n$vCpt@Anx+i(9#e9555|P{hOxd1bl? zy9N@jPUT8UnD^RJ#MZQS{8@Ttm-*&{$=-u1+uJGuly`Y=70kFuNPH>7e z;Cb7QT@1aI$gF%*;MK9S^lEWGy=}@h8gND=+%-~$YTrr2KJ+t&cHV_N2pJice0;@; zZv*kSp=*9)*ktxzUK5RvoQ<1eu3%~PK$mg~Y23f<#}KXG4)EG&KgHIM$auh>h-=3= z8E~Z}qnQX%r0%hq^dKraMU~vgRXVpCE)v#3@1y00OU#aKKHo)FKU&skV0ZGP9DrQZ ze)UWBakb-hz<<|B968sFK+-Ww1;Z=Gqbj&ItWh@)SR$p#bwuq@ z4$pat^LO!~WsJ#4Vb+` zu?l#`y`j`gm~&_`v~P*#wy;C~@hJ+)e-0^W<=d%@`G6jdzc&J^p~KZw#ahgrxF4I9 zgioE|uCIk<0nIhc2Otn1x(_8GT~4g?(SPZekdr{nTN zm77BIFD$FEt+E_@QIrqjZEx+0R)Z)u`O;}`4MYRTmp!^w$rgQ|T3y9ff;B}Ep#4t&ab;qoo z4oL8mOU^Dxi$(m+37`)<|9=WLSd_&S_z7}?nl^n!eZ?0e56aNu-+!Kee=?t<85nHd zHbS@%tFQny&}A)S_HIWYh*2WRuGqs;SK(Ppc*f;+dq0yg_b|M*B7q7xOmJPsXQ*3! zc`LY9#{3mDxi+8tLMF0yrML3oH2e1bpx1T#D6g^d-?pk7Y1m0cBX*9fq)SCpb(Nid zM8tV8;LL?!%%6BrFQf^u}*%ne6!ixexH|CmhhC$iL813 zeHg96ODX4H%SN=JzgP8>gsK3PJ+gO1HBb|;QjS+Lq!=l0K88^dgFZvA!DwFG9~}@? z!XBMw{)TXQZEk0Zun1HK?(4)*AAU&j=TX@YB4^nODh+WOcaAP$lJ5o@{S0UXJo_5z z=7Nu6UAgE#qcMcFn!9~;cM=;(QU#4 zkRt)N?o6Y!BcUV^^bkb#uI!lO^m4B5^$NN zSC`zn#3?lFAHJDmGvCm&vLjru>>wO|=pRL(k;W$B!>FSTDvgPIc3lboAs~Tim@s!? z%rUjn2aXlQNElV3ACEcWSIXAhYyY}D5y4QkLK?g6OEMz(8b8s=Jzg#Taj(UB_Q2=Z z0s3M_HYo7L)<+cQkI$}cmAgo?fY2<@x2w9=-z_|C>m}}E+IURzM?YSwx7?kTL)@mL zzc+I>wJx`Gc3Qaj#U+7N=Df{cGe-~HNBtcCV&WhMKAZx@MIYUj9-!GG7hi|@*?U%H ziSVBaF3x`GgUu~l^!r$3f%I)3O-~zH8No zS-B8Jw(FHyf~43-lRq;fvQd~-&}v6V#>|>XTGOzb7qU0?u>|PS39A-DnWlt+57Mf} zp+9s2fBlw; zYn%3Clf*erX)-8nlD0g| zPI=uE?Q*1JvJ)x)~ zwSk&N7CRusVnoDC@ykd2bx2>!o#P_c@y}r$ORGR>aqW*^{zNWEqCrwR8I`A`-drD* z5(s_CusvltSwY#F(-uR&KVrrK8Ez0lyeiyesq#1-_!Aj*Y}epHm*z2RqNNl(ZKSDE z!duUl?YCbEk78=Pcyya&8g$S5ZC2JZvT?ZHSJw5hGGa?IGPyKz-6)5Rjwa&@v&h}p zaJ=A;I^bc_@BVl^DdC}q`?l?ToQj^`f6X%pKQmD9=dy4j=5g<9{%GjveIi6>M$%f| zCC{15@ianl7yKQKnP_hfW8q5f!$Rxakj?JB`&b0VzOYWw=dd>(ju{6c2zN@r7gRWJLv5rnq)Y3At19v?jh&+VXj=9cJD>zr7K^{i0BaLL3z z+$J-vSun$+%Aq&mdYZ=N z4%c|ZT7VyP2+z~_Vu>h5Had!`uDVB$Li?woynOp&u=@6L^WJbUgVUfzc2Ji1k=jc< zd-r~BPl*|On`@#P*y(N0O;nB|nutvditUSo6mTa{Q^ae6JrI==2q@iOTRoH8d}&|q_BLs!2E&0w%RojLSq|1>^wvMqx5e$5UR4WK*ZC)`9_{?M{E^Z@NTHwNg=T3 z+Lasr?ORJ4l?yyy_>xphT*K%=j;BK4s)kZlJ$4(uqzjuH89haf3i(p} z=MI@L!+xrsdlgxJ3{9&t{Wn6Dmqe?FR%uI<^}yZ$ROuQ&3rC~1>^|mBr3|LW&%t&x zm7g_>kHIn-+%vuY$}qF=K{h_jj7*7WvysHIFjT%rP|PI*t)uCVukSrCI*F6o^`kek3FahxKaXS?qk5j|rWo4KoN^?W< z82z|tLU8B`;|AyyxrSge;$9()Mqp|8jRvBy`UMH|0JY3epydGGg2IE&{sylFMI}qT-mtI3C?}~3&T&f zfZfnB3Fqed3yKQMV@?h|&Qd-JTQ_sj5xr=$aDUt>{Y2a?XrxwgS%lDal;^rC`Lfwa zL`xJ(#nIsR=;3xWtD*|hacNnKAPWS)gGc@w0a^F32hfEy64RkLBGXVCm*Pg)cBPcq zioE73Y;afiKW_kUx)40RUn}_z-&Q1va;WmI@>_YJij==^1K9uS(8|&~#lT#~aiH;Q zjQ@~I2yy>^=+pieX(%)V(C7crN3RANvZkezzaf+PpKJ_;CWn(@bt5rM5F9b(0PA3y?p@L%nXAPSm@Kepo}Gd~@pvVHvhMr%IFaL(&r@wiFll^$ zrV9TCPIg=6Z%O=BK_s!6OKAs4qi?Py-$={JwR20(^%BsgWxV(l(BWj69_|wz$*eIK zg2#<@u`({|+jSL-qG4#mtxK&5@WLXwtAmjKjS8qKQ7Zc30$t3zT`=`RarWCDJ=ERn zk%3BP*RsRv#dk=!-0n5<@GWto?wt(3@!gvGwJt6!%KOG&cZYk^UYimMoSx52WE1X< z$A4D>n!H6Vj$pju7y%k_f7*9+8J>bYM!)gq=LTp1s@lfTob@&W=qU{ZkBcLy`+VIu ze`oMqh^f|WN-KQnP#5-`oPO4Q!bl;p=iA|pRluzWY*Sc{W4_QuhW&GZ6spL!>OKCQYF=Vm1YVRVr|Q9r)nS{)s?m@m7<&cEJ41Roth>OWoZ5MsGDbW{FZ0l0I;zPmxr|`QOk6XpSRV_}+>|?;qk+Xtv(Kl}``^(IBB2r);770lh5gpCK zR4NVemL(zT41Rx}Mu5U}_~mX(;uSJ7~=yQt7>vVJc(FQJV)f zNQv%`XT{c{id^!osv^PBkvIF%_f>xN71LNDXM*Yg_ljAAj{w=z>|;cl+Y~4f#Oc#p zvzJ5$18E{lc_qXx)O}K#q^E{zHt8A+Ql+Q;B;m83U+!Xpm{+Tl*QF*SyBl#hOKhJC zjXT@jGamI-*kqt*ryB3l4!%c9ZUZ zFiI$_VZ9$uVWT9g6dIfG>1hayIJ)WgiRXr_q2GSCce`&FC@}4i_1^*?gPILvK#;{aX(fAS(D4=0(nNd-@zm*vf0L(FxF)+ z3A%WN^nc<@ZUSc7(qM-%`7D+I-+dkM@2^@4S^$AkJ7m7AI-hM*AH7wI?ZI#ryHG}V zc`IMguLARRTT~rslT%ZklN&0^-Li)&bsMAFv(XgCjI!gr-EEGMS|(fq*6t2VbdUg% zk;*IrLmZ={HTDbKCE)~{sOt>WJTrf4E%Osw6azkw&BrBP{$e=*>Zz1rSAN+fM z%NkX05$Cgm=Ueex4Tls*WKHzMc}UtMN)357ejQcxhp$YfmfkdUKGD3Fy*7rtL{6e3 zjK$dPh4~?RM8pb+Pa8_e$oa@CA2dr5Ynzg9x0>Hu2hNGHW`ITBYz;j9c%Cy`#w&TM zwH7wdjOH&kU;VBe`)etkxV8toT{oyR-mm#n2q>GlgOqek#e$ByuG(1jx0qa&?#3Ff z*ArUx{#gj{rS`{umqYYC1YmDChdmL=T?%E3lBXkOOWZR7i4aj3x>#osW!lfg}I5 zTA7zcmr_NizQwszh@iNAOt&H@i)cgxR@WvXiH`g(7}`>QNOkGqLZ!Umv$;1WYNXMW z`e>pF?}LM#SuUj-!x6s)-HtUej|og*AjBqVjy~ip9+aG&RN=y1fVOWzDEF3N4*u`R zfT32z+Zhv)J_X=!Q(BfV`86|NYIMht_%hiS4XY>a-3OM8@?S@2z0>*JT;n@)yiky$ zNd))No!|G*Bv7iKn%#=yMe5+qLO2`Ao;3@o$-z@qdV_kZGPA8GQzkeI@31x1p zMQGE({!sqs$h%ACTN?>(9_@Aa>-zxQLHbJ0XarY@#qdz!%UTS`OQ`%7Mo0Mu_Oq5B z{;Sx<6S46_-D)PVbN&lZbMtKS4$GJ35M)cIIMwzU%lx5U~~~h7N>lDIs4241C60sTp#&{X*Pa& zRx3};GTd!)-tF#GcR$V#Ew8n5az^O&Sn6UlUHg^u>u6L34*kNRIhAQxCOA7B8nsgW zq%3h9Ra3hhCNx^D2^Um<$lFP)*0L>)SjZ&mD*F*rlJN?E^u(9hYZCpb*S8ie0-U4L zVuL)1#8A9CVofVpZYR_hEZSzH}UJk@3Ujn?;0Y1efPWF_^ z1>XyFS6&!;b7usl{Ej;cOl(Yg{NjRn}H(OXrDm&V6Hh4|26QhQMS;(lD@d^8!*eqlK^MX8%SoZZt;IH>*u8ZG<= zwM5#gqieYbIt$U|L19uiq&&~Asy)Xy&Fj7(b*k-LgY|+)P&y5igbYgur?ym z&OMy5d-de#a1}1M4VJhMo^To)p7_Fvy(LG5=E|AuS9n)#;a*dhMn%rXgIrP*J!wyo z*>Bm9tsTk`l-I0`C2Oz!Q&qRjt(vN?r?xHoD2AD#6|wEW)F{$AfcU$-!lf1QqNmP$ z62m_xo7*i`g%iQTROes?0uh2cBoQA{&)<) z>6SXGGS5ZHe+7=ch14H;P(fPPjbw&~4Ngy~LvUW7sTEdc>pBmiNe>dDVO}wG_uzKn zY;>-z=7Gdh(UkdLN_PmKE^hB^cmLQ~ewMjTEQz8T_|1o;g^KdY)CTuh9JGh5A*)ai zy$Fue&r4Nz22ylBge)672@B)7^OLsBpq*Y3>c)8-lh+`%H~Zq{tH=Z0xB(NT-LhZv z5%$-u%O>5RZeC?jE1lB8V7!J9DU?=0FPTJXL^fxzMjZKk^<<5{ROauhp6Pp zyAYVLXZVFmwxKz}tR^86apHz)+P^eyrkbLufT~sSx0Mo#_m_{}gb5G4idL3<=S^h} zl+-FL0Sf=pB^qV}v9nVtH|LT{sxUNVsI3kfz_7w1XLDz*NexPiBGj<5de>D9y+JJ^ zFc7BRcIJaBsL344uBIr7gTA0PW;DT$iG%d(-!ZI=g6vyx4j_rwBVeel{_I>~2tXf|)d=Q~I?KR$eZYNjp%0_4; zyZEQ~z{z4&O3)w`lL}##SBo1l)M1sn9eKBtst@mzBFPoD^lqo=8#XA>gKy#I7Hjy#XUwtrsMy?0tR=aLysKWQu0y?W zSQ`#a4RG9*E*SX^>LCR6jnVNqNrh1+`4(EwPQ5;%2d()HOZD;y?ThD%<+;7p;(#7u zN~F03FI=rUv+^#74C-9$QE1BM$ar8%u0tYA#0~u5Ff9nSg5Dq0 z#J`8EqjOL6@RZ~JjZN;E$1WIO4&QzO5{Q94BTy?6(H;|_9JS9$O#*e1o#N`&tUX@c zA#%Z#!IO2vCYq#ZY{?}5Bxgc7mezerF%t#UP%DILsm`=;ff~vN{$vLcsDJRZ3WB=u z9iMZP{z37156nM+8UPldcXCM~cB|>c`VqH=ELTJCrhNQUt!Jb?V1^ z3EyT-x9|Ca28_{A;nXayBNFIIg9Zl9IZ)K3LTR$i@%j{=2w}2&J8Zm!(WT^y``cmE z{iD*htZ^TiQyNHuuq3|Zrrk6M$V-Co#StPl416V(A9Lq-k?!WzSwraLRQ?!iQ+nM0 zD?pUBl3;4EE;^%?^VETSL^01Cg$i)6y{m2CYUtY6=v54H)YBGtb3TMONS-wYA%CK= z%0&(n4;rd_>>)H4N|!^Rtw^prufy+w?6M?Z1g#L}EwjrIHFMW<(e#nhRA|BD#q3-~ zKWVM^=pfKXt6N;lf#~!`1=<-`DM#D+nExbMz_LMrVYo_ zw8(qnfGV`NTuX%uDgUYWpsQk;Z99EfY0kWi!d2M^3e3?v3o)|~gI@nEUf$CPTf2xx zAGT%|;d}62Hc{8?vyvFXB@` ztt0`&wD$VlUnh|-D8$_p$B}I2(16{wpgumO!zPTDS z7wcHK*G=_TF2w($nr8wnMs&FHEED0xhJAu?dKx5ua2bofVrcskOZaMAs}y;>$FBMM zhNwewo4a+a&`$Bv3w4m8ZOqk;eppgEz}34YRxcy)Ww$o|b26A!ogBcnrJm~Rt4^n3 z2KLG}2=rsPyjYT=qQXMP{ETYyMV$3Ts-}-pn|QK@q*8D@;(M1EAzK;@`67%^3xeVj z1JZI*6Hb!*0^sN^u}$JP?Q+JZ1vC8NIR}L$d32{w!1Zn>)6p#7V=>kcQpps4bf+j? z?Z$$dNA1_{9~!&P9=B9bj>7aI?f|l$C&?_nP_u0xvC#*p`3h80WwC?50j(P_S1zZ= zLF+JD_g{?|Y91hzHTDqdqzSgNtj;qG?nq83XGD&` z(vUH47HkRkVC-(itf=P5q=yteks{eBZaq)lM2p!v93nbeoUCN}viveTQK+L9CX~lX zNr@WG+D)7-f9L<`za8amB+@83ExB-=2Sacdg98ra({V?=U~8o5_CYj~Nv9b?y7T@* z5Kr(}?#uu%mG+MvHVEj}QF)B~WZ(==t?kxOi|x#0$M-f}>Y1K*bPS>N*o|}#Jf-fo zM3);hjufTT(|9hcYeV~6iM&*^rMTIPIqRc&)%?gsG0*3dEx>b4J!r{lL1&~BHlzuj)M}) zQDvHEwyr-58Y&H$Tyy6g?=TqfaYp7jBId=PPYps-9mSbZcR7a~nuGDn4MHCbqRqa+ zhIbFnd!G}{0t zfd6}^YemQR{sMROvBWfNW)sr@WG_YS$YTpdQl$3%f1p6auz@>-g4`2NWdu0!G<__D{W5wA_mGObOyHH8~zUT zOu~iBqU;x!L?wgH!*P%f8sAI5+=J8~zd|0`+*?=sLkH z_@gH}zLn2)si0)DZ?GAHA1gp$YERDK9kEyWyf=0JVD<84u^H^5c$SD_ai9- z7oOmx%sW^XVG;5e`Bo@9i=U=``NP4=c`GV)p+WD2+4#CESv)9*EVPK?&u?-Oq>GlW zDsJCtJx~nnMEP3c(#Bz5+ZIhW_E)HlLl9YtX7b@Q{MZ4Kt112rcCEVfSK9b9a1e0lLTWTT^cV(0T zXsEFH5JapT-8@dz{u@C~p&&XBX5=j?1Tz0Xc}!8>YM>!8U!UVd7_5vuLGT^qIV#jB3PjKvryT5GYZO6cV0d-e*Hvvp}A*^r33-qGtunZo_ zQ4E#I_9#j?6xHsDx#)NP{BB+Cm9aMK#eZlI`3vKsYt`(C+D3Kh^l^`BCT>jrK?ZhFkc;0@H-?Hi{VnT12w8XXDv<|i9JbEff%u-Jln z-o|*XjX2Q4nmhVwO-hF`u)2IlO9!w0#p|7JtG$UjcUa@`7pLBJ2RlB#q0UXWKhs^j zyLlO+m`C=k|K4W+zedI(t>%JZyg1BGCA<9>*Ra#)>xb{q7x}eDv$%OpD!ksatMQU1%9D1~V`KTeAQM$~1`l9Xnm~2)n}W7*v!z zJv91LeorYq$4@EXSmdp}SR#4=SV9T`l6bbH2rvz+UU{bxWV?~*h#vZL&O~`H-x6M= zHIz4`{gVP|fJtm?E{FVe8(hBQew@VWB6 zu8Dxfa#;S`&ynm>+8Ou(Rt%@ilJiY1^Qk`xB4q&~Y)ry$kiLH)cWg!_*Kd-J7;Vb| zW~XD(1>DflRAXldfW zrwfs>+RlNC)ETUo5eX~tRF8TYOqX)tySqy;VWhS|###e2wlTT3qE4G7S&uUq z{l-R`_Bwnq>7dh-APVvzcC+rC6F9k*;(qZH*|RL`4ImR|FxI6<5wm12^b7pNn>bYd ztGyV`OIMSQn(P?cOH+nVl?Kagu;MLwL0JYu9i#@J#cFC}^lJqfN>uLg#Ys;fyS%*_ zAy!@tc|M#hpy<%yZH_)|v*Edc-?O?+Q?Eb{HU`~uo2DpwBY!aXqApYFHonpV6We|zDdr$MvpaU; z>ijgt+v_X_uKiI<+{)h@dNcZh!jS>h=;~YX%C_}i1n8!t6G2@ir2OhBBxRZwJ0C|2 z04KfxyTk}+exH0YQddfV`4$Of<_ujX9eSf%TpVY6ST(p?$g2?u^AXcNbd68o@b1Y5 zo1{`WPT+PQHa~JdukWuxD^tNiOTYo+0K0@kYy#PRH45we$l40a(APGJ37XxyNKuy_Fl6V6xrP17;x!q|?gB4v~YYcP~W!7v+ zD5W~5{Z`XGQBXf^nE|v z^k&42d#6K8&Ei6*2SbQ$N&7A)t#`4pn?9%;oFQ6}S>FR$3x>%yi|% zLwl+q*tXu=nmnyT?$`Ts{QFIuU(C7=>miOwyoCWueoQo4?9k^?SM`Rgsdj7$^Qe*+ zUC;t7D*xx+B9(7J{d5IUuU~P3hHLG6uvoL{MoT(}aRcD0@5Bim&)5R*t|Euti4PIa zBj1|5i>R(Lo{MSqG+x7+FgZ<-ykOwHjz!n;O^K0s>V+;|gt-18@A9~{?37UaKpbs0 zC5&Nwl-k+S+l2Tqo!sqMp~0J`_7B&{(E~JW{hJ3OE;Y9m9MQh;>vjVA>KPZGkORJC zO$|yZkMiSpHcIOr-y{D4=V~efwVvbQ6`V>+u#a!Tp@*b(gJbwEb9Gg)gxWExgc8pk zUSt0YImEPXhpK>jvQbZlw`P7_(-4ia4MAI|Bn%^dNQ$@ICm^9wrTi6@3|sv(F&TLr zyRhSYgjgmmm#$UYpFXT(YiuT_6+%!KvuNMm|%+bS}gBHT^f{(C*q%%Y^ zX~a!zuV)|{Fl8|p?KDxrx5z_*zle`=rUCI5HvrQ)$niF8Mgijklen*Mv?+K*yz;(g zp?{}K6$T~d34FW$HbYPk4UdqD4T$N29V(rEJgZ*NYJjH)N9AZ(6h4ZVZR$dXGBc9b zO!V2HN%j#-2!1}v8`-)7-AR-ah5^n`_EPJ>D~B@v@o_yh0LFzx?_z0qdfxLLQf-_< zwL@+V0b%bN^NrT&w+h9EJWj0>+HXLpRNb$Bb4S)K6)TSY(+|ZtOTepP(*;`A3aGkO z^~T{iWVvMU&LHCO$yg0+sl(T;0a`@RPc*WC0872gv>+4` z(S7)ZK*Aacxbl|jx`1rCmYRexQ$CO$X`qqk{7NVUI3Rwv=0M51dY14T7-R!53`K0L ztBKjR7J|o%=3p3LJHO>~c3<4ZzJALh1<%JO5-caGUpZg=V@3Ca}?R!uyG;nrjw> z|03sq-hfYCG8w*J2aDVol~f6FUTnhFe))w>I^grTgUQ=dyQN4_AzlpNESz6eR2IM! z5+Vq9W&n*O?p6APh|0<~u%W*PK2XuSu;*ERi)N?Zw;#*#*@nM>s9_l1`+0ErvUT&2 zKVN9B<>3JVu*n~%+kcD#Y2aR1G5Dl(RxpUe>=A!cFI zn9!BvRerM6lyA`F;8XVS(upd6@F=u^(l>`H7Og z&i6m%nS&hyGbnRLEPvPqN^^&R35K38!m<81if1Jgd-SE0P(@l1QJ4IsE=7Bwtvuv@3rQg(QPoLDT$(#2asLL!NSojrWUR?FMf zTj(?N`iki2SQ9^s6{}ISIt*PUB-F84Jm?+A8OxX^>Jf%rCG+vp>0mM40d9gV)HEYZ z4l}ly%f33O&cD171`|rz34^L#>U6(bK9Qqi6TW2MV)Q1(b#Mr74CjCHzN4zc3fn9X zO1Kjtcl|+$(~5A|A`2h{L+>8ZQjD*htjHzPzI-Z)@fSKTJeJQj;F|xuNgBrJs=~hz zJWX$+OJ$%zH2R=x8H3{Oszy0em0L3(Z{CI==hACipO$FJy|B}vBKC%nj%S|w_C4ae z-@H#C9mXZ)yXccQ-RACR?`ZUx?`h-OSy14iPBGg*XEPWFE$viA;P7sZ4N0u5u0}*>at_v4)M);HVn#v zoNHCmLk*B-)40jg#5_|DWFk%=ZwZ9|shm!wij;R!7d&N_6dN;8m%TF`)v<<$AA1!x zpBVB)B;(glBmr%>*72|!_S+7r<-0|C&)m|Z=Ygm~$m0{M{y9M|5i36m4i&mmzu`^G zZ$5^4j$D7XcuG%CZ|1aSiK@LUBP~8!46*)1vsbI5x5s@pQawtIs=yUvq9d{v?N6h|kin#Me6%jQ2UbvbxZ%f`a$l5%dsw^1fF|48HAD(|H& z?BSJEqOFW_tF3w!1)m8M`?1W1CuM6LVMThIC4IN-^R8y>h37hi;}Q+uUF6YlfA*Oz zi5+oArUMx&uS=?u+-&AObqRNi|Batzf3T)}B4wsJOPvld8WnrL?#-+{T-`KUXh)js zS*>}Jbp2=Qo1|sd5L{*j)k|fSdT5stV&+54bJ^Dq9$D+78rh+T^rueGB@+U=5?!fw z?V(Fcy4Sb2Iqqj$#exC?WCaT8VmXqLZ*3O1)g;9eG=MFMOe^;N`4+S()&L_k-A`hGMt47kv!iTkOextcxMTe=FYJ~#^ z&4Hnb;>5J?i-e)eJ)^(}nwFj=m|B_qW8{;#>Ms_g*49Ob^f%q*@(UQZSV<2_CJTsqptjgw+Nh}B~OLV7?%Afhr&5mlVTuke@}2TRKz zYo-4Ts2*2MMMK!5Mdxk(EydoM84LUPj<>HzVSnZiEEZ2BjeP8Bj`nSlZ4Qe9;ZIQ@ z2sGILj+i=ITcaU>@bjGvPhxPaI#K}ZPG-zcb9MPI`}}hS;(%t(XJ&IXisU6a2?#Z#j6(X6~?B;r?FDL@MM1OTGRg zo=QvQg}AAc%@;Mlu!b(Av3{ukvbhZmhq?jL1EABoB1*(L$$#qMrI=JnaB2h~uz}c! zlSG8QjdiTx$_@i4m{|B*$iDhY-+1J1MhfSCF7>X+>8&BfG+ZRIw5$I^#rYt~| ztk_{Nisa|?kICz`LXPY8O!l+x!~S4cS8DN=9mQQNS0%pB>ckh1>J3eN(sKUDPc3tR z_2Zq|Q{;H51d)u(5$Kn}>bl-wj7Y_P#gG~sXu_I78jVly;r=Qb_ajh+0d1}(fo#J~ zZcwb#Y}i|Hs(v;TWP8ZzCqq}K8!-|AGt zVAQXiai<)2b-iZ*|N6oPQi-OX##Fx^l#aS{XT$E(&vbjJFRpqIvxuQ35L!U?Y{;jk zXCE3rH5^klFqT9U%P}&EM`D(X1rpDI+G@{;uBW4zsVCjE~@pya6g2|hI;saN!v$a`waxUzAk8EvI0rB*- z$^fcG2Dk3-JrJqEe5x#8Ze2jhJY<E|8zjS*VDTYN5n-=RAh(U(` zTrGPyfN}N3Jo3RsE=%-%vH%+2pV31VAS2lImi4l_#(fwvI z7`<22ERRONL7hS#;17}3_Dj0WrT#jJ`J$8oESXtA94_}xu-Sk;yQN=@pUQVtCrevt zBeY_WlO3_P`NXZB4&CyS7fi(>wsa|IvPCwl*hYHuCw#^4%j;Baym7vgaUj&8_hRKm zZVaa)q2Ubd`TGp3yJxB-FB@KBw}0tdq^4y~dM2G4-oclS&!vIJ1PD`Y(FOK-#fo?(iEn z+2~6KEu$`G_BqENN2SxD74){kTymGMWIyqdyoxdq6wZD5gJ;8g8}JC?6GNTS^Bmvp z7u3MS)K~auYyF6JXW#YctaT;966-&wnC8^0z^!1IPn%fKYxRk4GLG$6(Is}qK(d3s*)?b;W7?NYw7KHf^m zE)aa4bMXGCJHmktD~&DlaySl_{GznRbO(6q=LiHA!~PJI$+%UXmKj|HHMFp=Km4Hq zG4^cMW1c$xbSAsn3jJtBR9uzlV2nlxmBobDMkp~=Poz-nbS9y@A+5JcOke>85F}B= zGjlb*>VnhO+w2N>-+48^sMu%jq%UzC`#NlKr!V-BNom;Q-~Zf)>~%INeE`T9&I3rA zSqePP;;YD9T>xZ9*Gbd~>sU2Yc*pVRD^^noO<0(h??7<ZY&$m7|#8=;Q+l`#Vxv#ZjQN2>(_SyA+^@CSx)&%(1(BwnvQOTf9p(|!r3U|tq?;Go3Ht^`iLN4VRt;LM2P zW++SmK(8=AIAJd1Cp4B3!Z|fe%$K!*SEe#)jwvxAPdm) zsX?~;M;2%buw_eHcPfsbf56hS#(Kqp4oA5)Fcy!=pk=n14mBDQR)S2g@i;I=F1v`5$aV2syO^6I!L8rii-rAD5_$q$Xdvs3b$-KV zjVz>%DX7<^jW-&ZHa0qHj*% zttEAD5EX45?DVG!|98e}9iLhNrLVuVcP@SR{%>A&`Y&o!#GuV5Y&XA zqK8*96}%|WrM0R~=rvvA5zH!jL-}Pr#82Kk;-$F0Kfo^P@u+Y|n|=1$4)x}4#EVt% zbFM9!r4LIYi8BS6rUL*qTD{ysq$dh9s?h$~vk31X&96glHZ4(mq+d`yxXqb<{yZo*4TftLpBu{oIBA<{+3sh`)jE0_v%tnDWeu<~$6 zoeVm>o8OZ&R~inih0LABM%#aa$AbU()eDjtG8r*P6Y%pI%Ytp0}bffi6Khg_txeqt`v_4W? z(<%39XvnjZgWpEv&XJl=*?P$G!Oy9Bbhkoc%U)DvVdemcqqjimP6vhcQmo4KilnaX zJ=w7xdS-d5(Zu1f zPS%XVA%cVKajx~h0S)W0s(U$(XS%jcdsa`HQMA;OVooUT#w2-LsEg4a>5~^w6Fcos zifzj=u`id7o>+ zfo0{0^jl%R*QoO5qXt!wWIaOGfOZc00(3m?;?o#}3?fitnJ-+6Tt?N5R|^Cy zl60FcX}z;SVx3#Nb8BUL1+Bu^ge;#~i!> z@mJ0mxMM`mU#*B4{5S()wF(vJqM34-=D!g#gl0<^Hl!3MX<3-nU(k)%GC$rjM+xt#3}NgM(P!42lv->5wFZ+B(R(=jT zTj4hCQzJm;2WA+cc%~f1Tz?WY0?@EHD5H6tIhu-GPZl?4W@xxzej#Z;Cs;` zgu9x-EZL6zW!FxbL`tXJ1_B`NNBA+;5gM%@4zcWtl=psHAw`|2x7_LA$J9-v!Mo)d zTU_oU`99Y5 zSIVS6g?>z)hZ#INP{Ghd^po#H;ocm+bZ?zw^q~a7jq!xm%Vc3=5W=3Irux2^!9L@> z!Kk1<1+lxSUP>M7M#uTljoxHZ5sbr+4yvXik7-q{lY1?g_Ptk4$9gFN(8<%|j|x@I z64};bl#6}1Ewp57{n(LHy~-7mb!T;nkhF5UwE(_lj`g>(o^{1{8Wapc3v({ET^f=dYf9n>(LzHuO-+GVD*um= z_#Rr6Z3!7}T$-;CQa^l*z@M1}>PZ-lbeb40oTV|#ah!|wHLqF(j7Ob?>ZJzw)C#oo zQkR$O^WtuAIfN#ii%Xgn)MR(=_8vsil@=(sRak2PZ{hR4c%;s=#iex+2xR(YKkmnm zA455MMH5>h;Pp|&Eha_!om_%(=8hss`&hKFUVOS`w#yODz2Swe_py$ee&p?+leU!} zFHm-`kHl`YLVIC{Nd0UbsCT}vW1fVYBbNvHxZn%1@Ju{I_D|1i^DF8tYTub^hnaV59d|8}@SkR8T0rMs!%MD?SZ;5! zt?50x+bQ7RyIU?ytrC35J(YbI8>K4V_M(6UXX^!}mA^JYi$6zyqo{?#Ct)pP**<3# z^!?TL-{ty7=NTp2R%bYJwjv4mU?Z>vw;FegO7AbHzoj5oDZd_6WqndNF$4lOJ+SFj z^xgYlvopB#JVyf}G9n5c@j1zl7nN~^ZIjf4a!J^MVa|HA83sN{1jnH7GYMHv|oiY1ps#?vE;kY>sEgFI7 zm4{_8BGu76=)446qQLd)Ju6rvh({s0Ul!Pd6AVjkg6LELIriwdg1_$=?m2lbR~^1EnGh5i0(p- zy^hA%m%}wIs&`SH5vS}xC*Pu}QGtdsV}((37h?QoT93$MkC6+3 z4C1Zlar_K&vrPVu1gfOC8&sr%Eu!C8;($8)>TMOC0VjwjLLvlx6N~xu#M;s1GpO_I zC?{HYVr?y32MI)Ib+pp9&|sITBc?hp_spNLlUFJR36$a6V7Iz;R10xC{^NJJ+)_|n z%sl&9c;9>sZAjne#&q_x{^3$n4l+7UW8Uf4t3$oE^9k97D&t#*wWIkODRf*)Cs_zH za5l$pk8?=fUXK=;38C^S><+cIlK#Ld&cw>xd``+q#W!s>t&&*n(49p`yHcsDnV}J)p67W*XkwG^X|!x z@}t%3s6#Iwy(8b48Ig`#`TKR;DA++t?uyp6Y{TQNtiunqN)J_|PHJT%=#ktAQAhwGF( z&!cB9Pqc`9+J%pW`xW^~_!CXWS$sWeyrA(pMrVkuxgAHq4a z&}__BDJV~-^XA0VP}rUNp7|C8`sV+NUD3*8K`>ZgYG)yA4g1oQ2S!|06{}pQS9jaS zs<%W9!h3?fT>cVodP*RM<-P+{CA}x4Hw|>clvD83#FlDTcRW64=cvb}W15>@VLYT%CRJE=^ zJ5%H?=*o@Y`7V>QvwTs@AHOneazRn0bq)shzyJ(~3pTyUdHx2?z=VJc{`9u`-1bJD z2o$pS?xas%0F&71&tF)kxU{!7jiUD5#P0eL;5%g}h&A1H| z!58weZacv~Ja%R*e_=fKZd*_wMa4$vSQN)JwGj*Bw#H#M?k2)InPWU_!SafbaXb-) z>4z0Uv!d-(z@z5xQEka-mKED{;DpMjbb+M!V1|rqc41)s49LQb-0=AGV|6Dwx_#=@ zU%q3^r08ebT6XTRMr?WM%G|PTZY@nhQpw&wCk-@97?^?;&yMDP{l#{2UN~j5SYFJ= zo#oA4Q$fQ-Jk9!y#e4jy1yeFIawGm6?xR-s(lyc?JwANC-a>C?3~ov@AMY`2o)6tC z@x^Hoz;Q3hK8oQVdds}7r+PL|RW?m_^YIEjYs#q(J-Tm7Z;l z7U4zuOH=+m`IcoLwHf~d#mY$c4X$^(BCm%o5zW|~6uP0Zh_(Y9^#d+1+x-)i10V3g z$y5o~cV%<$v8|S-U!E1Sir^i=@&S7cyN?)8K_EBc(@jd3_>{J?CWB)Svk$vz;9{@4 zI|~gQ<+25@z8=YE?(*ClgF>yM+iaT?$o%WrOK+HkToSgjc?@VpFlrd5oj=w4~sSGRj|)&PpG-xUq3XuoFBPl3LRJ}+v5w?
  • HC3hA!^Rg zEhPSQF=@!fQj1djsv$SQ{y^`3dF7knig`m)bD#WeUCmaZm^EIO#LBJ5t>fMSF9I=K zKb-C{*ebd_Z}o#Jf{FLN-NNmVa>(5M6fP4Vm9=>^3n5;=(+@Bnlil)N)|7>7V}@7e zHqZO%>}M4vX7ko2RAwJ5DtJGP|GnI%$kBE(>`Kf`J}~0IURZw$Q{r{Ad*fzYk9EnB zN&eYecy2tKsUp)wPmC*lizL?+J}<;m=-wcY&;|^>pzO`B5=`9}HSC&(=&L!=!*Oo| z+)-UKpz$e~G9vX)xEQavnEX3~@KIQ-!D0c^Qoj|VWJ2nvm6oM~uUt{Mk+k+<5GEbnwlTB_svSHC)zNK~n+ zZ;>`YNC}Pca(}6!uY%s`x-%8-F?`bK!RsC=IFvN=m8{ieb_nPGG| zg*qqao3ZXy+i*t_dt?a1RH49PNjajHVV`g2l-CDrgi!IsN>Lyg0_?~fN+boWoZ^&= zX^8HHF=eKsjk)CX%>A{%W?8`^Hw>+W*OByuhdSnz^5jT)5O1-lYa>8(4Vs7=`;KKf+p zrtRGAex{A*Z?wry*`DKB-@c=B4TH9oYnqx*C6c%)?=M?WLPZ z6`{FZXI3dB@_w_;&If$rNXi}HBtn+^k!yHRYB!-` z+Qmg38cpRY`}n&`p?R{YRDOqiY%#B^4cv>Z*pB`;zI#0)yA9Eo_*sulKv_dJmJF!h z3ZmuyfyB`O`O*Jk!?~yb3km<9aO3~KMnupkN8_Ww73N*?p`2xf#OzNg0x6+E0W?;q_{hT7Wd%p?m>fxm;S!* zzWc@<<31VhkBp4$le1-=wf9_eu64rIRpqcT$S|Hfd4jDVFRl6H$ur_7Po6fSp&(mG zo61L#Ur${%#|N@_naP(rS?io7m)!gVNYHhOlsm93%eQBE-# z`A2tI!g8VA1|)kWSw0XWwDX!z#S}iqEqT%6Tuj8hj zXBDUm@BD!${thW1{?)7Y$F{2W-xUFZ6tBcp$q}@WF;7&4LH^~gN>k(B*owK9<9h&E zG=GUD5A>b^=}l-UTodQOuGA`)wBZyZfX7ynuG!vre&a@r$lsn18n3FH9Sjg}i3B*^ zE7%bwnDIN2B7AAT%3|sn8PdPSw&v~cpJ%tmEVT<_XN`olr=M>RV`5#Ujh7Z5pN96< zuYL7Ai7(-tte*|;HUjs-O`P!%pU-W6&DwxOwsS-j@-I(d^Z+fF2T!l-{Fm2mc=+-a zge2>3apxo<>z={CLPqzw<4vE3L&Z|&PE&Gdnv?ONP*(A^RNyTRkB5*NH*tEzsgo6I@t&o7yG*QTY#wmwGvY|V)j;Y0uv*CsY49ufxSwLWY;zqM<=qG)ky|_|*R2w}QO=`! z9s7E<)!`9P?lTIJ6E%NxKH1sCv{gacS+NDYe3}2=tufK0Hy)I_{4`Un^q9QovCUv= za3V(Mf&RerMeG%{Gjwv5qoA`uon%Ru9`%^WYCXAdrS@!W3qTMMe~DA?+2rhBHoyvZ z>+xlXlDYEaYJif}98gX5wjJ%X!<5=9=ill#0*~%V_6p4hzqCj5$7Fn+40dK5UHo$~ z)9yu1t)O->HSEy)HgC%zO+mS<`|(En5mg*<8q3AYOZd9iPVIh&c+o{Avp)M^-oFjI zWCTE9MRvDNka?oLaMD$;y*P-Vov@88hy0O z#Yp2^oyDV2xeBCjXBdR7Vj}eAj$7=DKtsL_NO0|4`F+3L@q@_rnqyNvTvWL1Xpd=m z3-&I`MBF?xOlK{#)_|XJ0VQ*EH__~$Cc^x}W zvzU$F_F4>6ODRmQ8>)Suf{vX!Z(8P_;~zZ!9_osktRDt02b z=w8Q?)@&)-A~j#^Bo_6ekd6BH3Y_}=rK3oOr~13k1x;}Oq-9!d69HTianjP#jTfv( zi@3#SSvZCWe|HlW$hD_cNxjd++d<5BFHH0qj>*gVi5~(m_Cr!XTw>0Q!eN})3XXx+ zUaCm8oq>{-$U@KAquW$`9@v%+68Z)C|Th81OoP7SdZxXf)|VQKtlm#3WVBP&3dcSg)jH)UQVnZB3f6{Enxf)Vf@w*y#WPqY3B zn<)dY1NJJpxVUzF6;9v`fj?Z&*L_*^cD@1v{sQ%fIS&~aMi{luJn$ng#H!HqsN!TUYYxi&XF|NpH30a`A3kTYrr!j6EbrPd5u|+dE;Hh&GRfHt z%~zeX=1t9Kd~r$ofto4gJ_R8DGBFNpsBeOo*r`nw(EWN`?s!~nYrLx%@i-pT zGFkN6<^wpbv@_`qCr;MoO?>VSfpuHy0#7-b-;b+1!`mXWm|LSuoX9$StDIV6nB^YB z@Di4#;XUL|t1F136$)qwP#w^lhs6mgIl9R{AeinIt^k7Y&Mr=G_9Oi$9?!p1C>bTC z2tui^e==uQ)qa{ZMDQav&`XZpuUfx=;7v1f#+f_yNwX0l*Hp_L9BLF*JJeo(Y?-TI zRA)vt%2dsXG6Pmy;7SDn;lg1fay%$LmvCm%>M zzeOIJD~KOa+?OqttF=Zz88V94)ylmybD$qGy^Gtr^Oh76R9)Zw2A9`&XWyMLI=W5_8ic}3Ov@D*V4^w#r@;yy2g+&1zWz9q ze)qiT9;ptG)Chz^iI^i9?|i=lzv8D~oJ0pSsx<_sp(U>lvT(pz1ArL|;+$vNKbkC8 zV8I4E`|?S$esv0s_!J=jxNn{mEpN>D$sOoe{4ah|)6&yFPf1Dn>YQu8XVXXKr?pV- z_jHE2H1;mU-ozC;?6;jNeAXQq)qZ{ZL0gXRqZ4_Djh%mxQKp@vuTZRNZ}Uv;1pCfi zxsBGW2>} zF?6WCJNIrA+K%}imJVE2h<;J~lE5Gb4a2O%54>b5e%5T0RtjPgXQZ0cnSv_a)6~ts?QVBS8wuq; zpSM5!L5KNnqTzFo^q7Scc(>o5XGZS*L7+kIynffAA6E5Jxk}57UVapzJ}6fig?pM% zOBC+t?+^=RHHw|7y%e5l-C1ttfUJsMk1QcB2;h*g)XWKIhjPjSlt!ll)7~wowH56p zPQ?!vwmx{!xl`(ZmjS4Am}b3Mf&Jn)O&9iwzitgLsbS9Nb%RCoMh$IbzYwt#@POab zp(`EYc?QN93_y#Ta>_2xNBXCX#q5V}rJqZV;Z-xfYnsUqP9ICqg4`A`*ZHR4B#_7* zIFq$&#}O}6vC?K$^$z05n@!u<^UbM6sL)ow(U$=AONedz6vTsk(A|BtYX&~v;&s+> zWnB@vb#wh(IP2!8tLPckfgu28-&@RO6dmk;k(Ut=T=bZ-aqe8UkE^@%P`)q{L)q0{ zf~eV8=50OT+7mb9D}WY1rd$)`Gs2lNDgAIYnfFXWaVR@hSF`C^0@tPI*T56)7sz>>YuR}Y%vy`2tPw8m=f|a4lPP_Zk+GdF`}1W=G%Hs@ASi%vI=^Oe z^;(RN#|ORe{>a#&1G1^7bzZ!?fhJv+i&DnzkQ=O~?<6HmR0FBN>ABwF$7E>mhF`-MDtTTnY_+pUym?@kD_NCCDUU>wXJ z+PH6aN~uPzsC9#d_-zZb9_ehhQSOJ;!NaPO+W?*-LCrA>2gL{~`ILg+YHknXH2_qjH@ z!yAefK+$KqU}Z`JC1t3&guFGy?+o0hjNtB9M3VaWkkpIRdOmSs`)3Nfhh#lTchIOc zAz=im?c$gD0m%pqNlQ{6wmvQ?0Fe@v4@pu!^FCGzg+Z586@J||mJs%ALrWqRr=%si zfs#59Nr7lT^?ZK&mkZJ6NSXfS>2agkl{Cl(dFy{&XW+%p^n=fxDsi?E?iZrd{llBc zav866{$b>jU!6k!-p%0lhV5?yJ{ckL-@l+^V_^Oz_`xV4FaI)k$)JwFe@2n`FQZTd zw9_0Mfls@R1lB9sFVSRich-(~0wN}1{;yg0@lThQseHFJ31X2q3#m38)i0d1BW944 z_|N@Sz@va;+og^xKMx1w+6-{L8q|1LJ*XU(MPlsrH0!#Hd30vRN-`IHi{w+=!`Tz6 z`yS@g9g@s4g4&})%twkW(5Im;3~-J^R#z|L25*S<8i%SCCd;6-T2yF?u)%bm_NDy0 zHlcDnjZ<*I4VYj)f{0c5Foix>GPsim3NV*6wAa9^2urE&U2hO?!7e$o9lc`utaH|T z+OKA{dxH7-br2=)#!`F0>oS4-{mK(B^4M|_Z0g73Xs_KV>ebX5m3K(nxI8qGOSM?wa@k+%rzLyn_(sDgBCqduZ<$4UBTQ{$1H7X%;@4Q(n_tvOaYm^w5O@3{Jo}LsC z396~md)*Z|tEC_MfnF?K#@<^*z9&J{yg6F$lO=~@1?Pl} zi`MB2O?|V_Q^LN&?u!%y5ZBSTl-#r(PCWs@?D6*_UO@_UP-umbS|tA%6F2eim1SJ1P?+E#o+gGw(9#uQ=NL z?%P%3K2BA9ybo>XdK#fi-K?T0Mh{cnwl~>umATWd?pjHSxvcl${MKA=v}|(+|`10`&wQ$;2yStBw6j zKKVarwqlp0fa`m5CO{aj*&K$m(>=NW{N9qvslf#-&gjR>Yxz_ne5%MwWf3X=z+(;8 zuI+{lac#!aYBZ9)74d3HwJWK#ZWtHfoplT|9nqey!h?T=T!1qfN8{?VtPIcTF>l>( z$Q6W#+@G&ty}}Rk?3B50<%1N`I{8BEExYbd&$-38 z5Oe#s4pUQ%8`LJL!p2?=b4fR8)UhT3$q@qL?)Rw`D*_0lcSi?2q<(OR-JecYJc1Sb zJKCR4RMu#M*?ZBWtj-Gt&JgXj1IcHnrxhz#mGyTJ|6#9vIRvlSc|pWo=d+C7`>6Jr z>66u<4eWp{F8}HK8)1O$c>%%4SN!Z#cDmjD~5zcod?ETk8n1$<;e-u={ zS|+1DxLLbqr&gmBS3}Vub?e^F63FzqVeVv%#0B-X z!NP;zvh`>Wv|-!zfWxyjp2!rRK$1vhI64OQynfQFV4{tGR zCBlEpMp%Ih$eyS5zGrJHKP=rG>=m!tYVWyGMOrT|;U(!~@CGb4ZaA3a_|HJ3ldRm9 zYLwG9?C7s_*U>SJ&pbvI*)aCFF?`!#M;zR4p7?he5d;(Fr(W3HcDUJ_S~Az8&kjf| z+#DZ>5tl2WCzb;{RR`dep5ANJp}%8{R@QZezhy%??q+sE;Clf0B08C@5#B{W=T3*~ zTX03M+{lhyHgY)mAL+CI!Y?@@1ErIze~^=bw}6%nzW&u<@bk>Z_GIPNSA)8x+uz3S zaKU4i7Nv&(V()v7#3UJTrzPyUrv%AAI4Kvs=gr0;-=Xw;8SlaQa5uCb^WvuWB;_0Q z*CUiF7Wat&Kkq6JwU*>gIcnl!3d=;>U*w~$`q4v$NgB5mYx~B)oxI#27l*nX)00xr z#N_4pY0AMDRL7;S=Z*xga?dJH5=8ymX#bvPrY)?+QS{3>r?p&5gk6#x$HL9s`QL}6 zs?*r}FVN?4FpY<>P;y=kN_H3nPF`0kt6X=}dEb}!enyaxjgF3fS*Qg)-|gn+UG$(# z20)%a?3s+tkU`>N5R|bCb`-+Ot-p)pd9~Y_phv53{#)qH>s47Cq%FHlZ>b^~_XHoe z{12BFV!;!-dw+y{zAQ&RmzQhKXQto=>v3ICsXyz6{2Eu%t-A6*-p&&EKGhkOzpN7kF`g zciKq}i8`lG3Ic;~b12Ebwg&s(<>J425LC-AelcK0HhN<7F%*vSq8B|4ocR9LMC*0+ zfcrCUr&<89*?bvt&cUxtWkGDohMtTZjUQ9$zVgH|HXcvx?LOA0E|ri%E?J5PzaNN2 zUm%>)<{k$dHBoHN$!z8t?&?0GM{Ssge+AEH5{s(5Q{thRk zf!xN4A>Et-H%fq;&4gR8wT_T^CbLJx!*wS$B0HAx*nP&RFgDiH*!NTh@NhAq&z9ja zZ^JYx6Fk$2D;`x+0r45<7uF-CpqM;jIJznfxGns8B##WHu0PIqtXqlSk@}xTn(S`0 zBM#bo^sF-SW6e*e4V-eCn)Dt48o?o97!PIFSVhL4jXkE)GWQudHiy&9%+_fu3VulKm+Rba`?-tt?ys@`<=wqgoa4t{1= zLMIV4%?8%;#tuC?ygUa6Hga{Yycnr=NtE|t~`~zeE|b^ zdgS?>qMj`I2~LX3jTt>m3ph`Z%aPSg1VY4NtumA2IM9g_okn1g<7w$U zBpJN~=syww%qb{ID&B|-=dQo`2x8kjqB*_q^N(10L|o~s%cm&-Thl=|?v80jp6HpN zY^oN?Jz+XGPn)zm(fGgSHLP99i(n7#%2{T49Qhv}kMT*F0 z4dkLXrLDQ3;acPK&i`!2(UY4GI@wiwhVsJMU}lD#hsO*3yt~d4?1LtDf#tv6B`#bu zOmj-pVb;@Lv9T@#Y_#<{B1`t(CG`IZ0K5RZ;;#xJiZ zz^QRa{l@o@w~a5Lrd^YKjb-=Jy;b0?(tuc><7j44q(9H4oEp$_hpB!#r71@oaCqb3 z_JQkX!0bGpR^GpdRyh&xIIgg$y!>B-k~uoM=~z6TvZi1E{<(JDZEnUHAWcV=+J~K< zlf6Idx$9zRwQtQHE6u@};)f#PU?q4xSpsBOW985Z+IsF~yQa-_jIr7znoPM9hW6U{ z)4qv6C5N{on7-UTaKo_lc2pZ^i!jPBR}kqifGy%AvA}L(LT9FZ=`NN7fey#qIgOQFW9c^Ei90 z{Pn_Ii51(vh{mSg&aj@kozNIRw1ww}Gsg^nSjR`6T*JuigerFO)RmANk4VdV>0+J8 zw*D9R$)}ILPbw^b=&iehHw+1^a`M?GSJ`>4mEz1`c80dl)@Z*oZdY2vKs4J|NZzLfR-=lPm!O`Jf6vUQ>me|EsSwXH>7nDR-wTI;4ghX)T$m|9grWLF8UY{hFoZf_2U)fyWRAqN3 zEk~YOcP+dksLjB&3sB0MuvUz_I2z+mqxewc=Y8}cPS<10aNe55DOj2oq(~(iJg6%l z@T#Kwj{<*t4?(Xbi!(ay<|dOVQ+uzZfBsdg_xa})zpFjhH7V-bS7Ntgv8gjA}jHrEWk-39(v}=0?nNgU5A!z-~vvuil=Evq0!-R zL}2rk3+sK6t`+PGI2&Ncgyzk&nQB+gWmOf95G6*eJmi>JS45L{8-m5w@2MhRJ5R>f zHqk)4_vOaj{va0Ded!0tS)AZGXW_keVp$mFS^^e$)deLn^$_$ z9C&ksmZy%ljL32XPb6v}AJkuLm9#H7tokc@poItj`)tPfKgbsU4JbwjTV?rq+>a}9 zh9FBB{^|Q~DZ|Z6y%DG7u9y|``+=IclUY+rQ{mnY<>RbjbJ`&LrCn42_# zzqJ$i{PzZb*M!V&U;Hah{eMN=Rag~G4iBuSZ96P(BSCz*rHcYja=m*RpOBcrO&XYv zWin*^)IE3R>JvdEQteTuL7!ht>lbS; zn#Fp<4obC5-NRJ-n=9rOgVXJiB3CPU=$NT0JC60;A{cJohaqUX+h|_lpP{vY4s3rL zpAtL<;_Ol58E)D(1U%HaUTSDe<%Zb>$2IlviW0w-Cq2S_^+FN<;?k^(!r;@-)+W;7 zo&k;6^?hPSN;XYR*)i&r(T~(V58>&FZtm_mxw+5s^YdetJQf@Ty-u>jo!2$Jg+6al z(lM!iP7G_thfTB#NGu2>#MyFWL=l$#z-@g-=s%8+{}-ffFd{z@5@Stb{`44}+>=XCv1 ziEm%Os|Np&DEJWCM$U&I;-S340XQIkfucctutPocNi@NMFLvGt} ztrsKt1UW0qU8^7j-@S3FjYR_kIwS!12RDtkJ_M>r?eE8*?P0^sl0TFBJ+GxroT}^H zNW%){9sTiShke4>@)^{G;tlhxO8zX?bmf9SH6Kt`dYIUGyL!05~27*|37|3DowPP6}BQ9Fj#d~kFoKes<7%8jDMKut$w zKO%Z%c+_-KZ3U%rb$gbO99&?x@<-R-ZT7`1g{&O4dcdXk_B~tTHdGG!Biyq|SO8am z(+}cadEh>Y*ydy7;<;wTZ9C`@FZfmMuZ4{uSMApQ&?HuTK<4zI+M7=@(yLn`u7oN# z?d~`&z+a7ZrrBOMbfxy-L`R=7h?L`Ehu#DGUZ;m^==JQ{%Q;y>>iZeLVpYC3`z}QE z=^gb_x#i`wrXu2ldk9@aF6pq{*D~ADdN7q{gl&}PZ$7KmSOqd2Cr#&xySgVQyOFQt zB{ZVj0mH*Y3H5X1`AQl$w2+ zpy|zL*Sa*5AC2Rpmdh5nQd95_6)H)OWU_A7kL;Z;od~tJ=00e>a8}A=WHRq!n^IOH z-_*%&0+9bS57K}Cr{<7e`ddG@x~EI-TTnv_t#-0Ub4`3^+PAJvJa;AEe7(w#UxhH3 z7`u&Bg{w4b&eK$T>p?hn2VAD!r0;J!;gGML*7gAedf^0E>C}QmLTW``rdabeBfR@N z-IJHsMHTC}FZ-@9VWkf=Jz`@Z48`IRUOY6~UQ8Z>f0T1tDoZvtm-DHiB`+GfD+ztK zpUa2NZ#c>&oGhd3Zn(ZL`hFT%VEPmOnhh#z7oB7rV1`%f4PxFu1lan-zqNbYL^S

    0!I(165`w%p4QV^!NO7@*fbToD# z$oCnrJ~b6mhNm&Dh;WgfS%y8pL&MPLbZNz9-1=C5xe}4~eag6(mfN>+&7GMsm`V7W zkn@O-&yQqIntc@8-^d+*mo+RG2N*kd6X~n_9vG~oPUIqmhQ5AmQ6xg`RtcVFBZUWU z(*KHoh8VOtuGLM${o$xc;7>s+UjNE<^hK@x|H1zMZL;H}BJKOAjiV#K++Qk4*4^E` z{l@UxYNEfCw!^Gmm;)JN@A0IqK<{hz{vtR!<^MT}()%rjh0TeAo7wo=Xk#k|)%Vak4 zJ)<*!%%%#J_!yQF3T?{xtmh&73B8*s@dPn8=#eAMW`r~DsWoUQ2I@wJ(a92ifyuT+ z4YTIUcftoBfRwpf)yF0E_@`X6n$bW#YJ5SYHn{U9-TB%WTbHvGq5Os%W*I_qb4etfw4nVTya8GWK&!vta~ zv{GCb1x8hu>z5|#P5IgOG&N!w)v;bGLsO4Paf61+huUI1e`l7>@9nw5u$<8-RrF?o z`#3_B4x-k;3W&w<;dJI0Bf~G!2JV^D)wd8qy^j3B8 z-U>ddDS)G`^FFVI5&sw#<@}{z3k#E-=gLdXGKmu}ZudV8yfJ09Yf-NUhAiF3LLeK2 z-K%0&k36T}L>%((zOmSKxw;L!nv@(r&@W4O&&oM5VMw9iE!%eu^(XdM z(ZF0B;j!hk@LYRVhOos5GQu39BUxnz19Txtsa<=RjOBZ}^|D_!loFn8z2|EwISVze zM^n~#(C}c<0u{>xb{50lBv74|%yHz&JHfR~K&w~9!j&S>Pe4}R?gOw^AZH}u>w)u_ z02ycK4^S2y&3ht?zeyfS^=H=Kl?-(~(wk%ucy!t8O zzTTo3?}fd(30={frLq`TmMSev?EtNar8}}Xt+zF7DGzfsqKtrfjLRV<%OE`q#(m>U znGa@`CHRhN{VvI-@$Pw$65-L!b5*zOGArye`-~ij+XBY$gGfznQc@qd&bPlTm?hC& zC8@|NKcKSM;aPo=UCZN^qq_;C3mH5`uV%7;v2Y*)8!sphm+uV@@N&MP06mgmz7!sR ze|V>xVL#YX*(9|z+{*NQVQjl0O1aaicFBQY>v=xVa6t7J<1QvUGlNbaLkiiiol7UYHpTN}Aq{{$9XmS?^>y zZ=0=uh`x}bT`>6Oa#1fO2xafN=VN3AtPyJX{ll}ap~WL!#vy7BKbL%wF9x{4kU{sU z6IKFsvxct&D+UgDC3fkmL|-Q-_F6V(1!??dnl~?K*?pHFG{hz1ZXdkob*>tKetfuT z8Sq)`*m|7z*!P)MIfDf1j!tvzAE>r(uOWQan<=h4VV!P#mfats~%vEY{p-=c;HT}w5|lq7wsS$RLvEXO=6 z#gS)lxMZ3n%%^EF9PVLtabMg=xb>22zS|xdX#st$W3ivuCv;$W(FQEpu&LV zPZh%{fE$v8%&jH!W?PnIJ~crxja4#i>F*XXjkCbBzi1qq0+*-R=hP3BKgEiqk$9eN zpxsQ)3d*jHlFApzkWVLFP@GisVG<C?WI=C7A zkN7{&tExXgL78>_8SkTS{QU9!)xBTe5vF7*g2sEM{9@>EW49!MKI`oiDj@SmwhL&` zal^~GON0)}Ny8rP17A3l{eHU%v`}VW`o^ac8DD9d0?MH9RMrBbHT7{;gSk+~X3|O> zSb~12{AVEEn-XU1v8O{P0X>e?SUDOQsY&{MS|R_5b=W+Ffsw`8%mk{UtNTKTVC;GA zbk}U;=v?fvJ)_TIut-GxM3?-P0%`+XLW7fLMrw&+iDIQdca}FEvbi zALi4xY*tA5oHD(>)FUgQpmI3N30zR1yZ`fVT zc%GY@V#oZfj>@?r*|baZeUj<(v*-%# zM#k;KDcv0*n8RaLxx^0eC-gjB^NO+WUwM|^Y9`Em$J*Z>dQG(}ncNSA(p`>8W0_|U za+HLdDt1Lxg$y%=$xDDM!1V3B56RFKR#Dfh6d|k>mWj-J^cX(hJh}p88ZT zM3t`C-n!ereV#0YY0UMiBHF7a%4$&eUoJZLO~0^gE3D=v(Mv4UnqV|W z!u8{lb@!r6wtT(IvWp11)9bgVERNyf1MF11dt_2lqJ33aQgUfEjRmK9`FpmKp?6QT z!`a8gCxN+Q;Jb@)wF`U-A>$wM|5VJNopSS-=2$Mi>~EWG_9ILowV7v<5Q5puvEr|}Ltb#r zFIbK5NrUVz4mg^K){S0qN|WIy$PH!20;PNR?43ev?|*qDL|3P@X@OX!Tk#US8R$e` zuhG@?QXQ1NN}=k4NyqGVoTMq87Hr3+a2_IYuW-Pq`F;CX@S;YRv_7K)% z#h#=1C4gpYQjv=1n1F2=@7+UF@k$SFK&9n2CU8`?_W?45SNZn$FTuWv7 zs{_}|#Rgzr>-yKohKdNV6u(%BKbf|Pr&rFQVx^m@b>> zt%|dFJ-5Ln682>_aB_(N>oDH!gXztv5AyYrKekFN9w52s?8*c*((KLX9|^U$wC|$* zy~lIAdd_G|#S7Z)Ha9K!+p`?lx!6r5RDGM9n?FNEuYT}g&UJZrVheoyrvUDU5Hs8Q z+9v{HO_RAMCshk`L8?e85)S@<=LOBzoJ!l7rDFg0C1L-etupztZmP+`Q|bQ^ zX(Lw(*tq04d|Cf8qyN5I?Z0LzA&!cYg-uO!NC^`y#g34KB<<&3=ZwlK+$ zhg{l4BObH``5j&dymF_GTM(qQC)YJ;nVy40iEGIvxI2N!kR z7rJ_lED_A)^Oon^*_{onE|uI&(Q;{x3mx8Q(bxy{{S3ikrkowGMY-$gt-9MK`5pM+ zF}*vh`K`1AU7x>>u%%a^=7{-YDpe$5UKAV^?HS+k<^L2^_1f3zbYgr6K`4{|E451a zUhhMY%IY#a7yce2!dAH@iTS6yT`*coFuh#NDpJvtv#}|HGT0x})Qr3kJy#m#d65#r zj(mB7U8lIR_-=COqcdrNOY@te9k6KlSU&DyO9KZYMfEs?k9#LpHpZ2@0;> z`VOe7nGlp7+#(d_`^r2~=Y7aN@|B50`TdO4_vUe>Mb%b#E`#O7Kp9e_=iq8@>PmlE z9q&akyDOr%T1oq?<163|YA5&=cDOhRvaUy7R^n;p(vHR}_t9|pvNEBC0j3eyfr#ISfAvZ-pEG5X2`YbOcGYn$Ab<;>CWQ;TqMm z0$~elkl@Xn(bWQ%Q}!25-Lpt!*HOJK3f?;kSIhNOuB7(_p@mV3clc zf*e(`c5X$WPUSa0b36M87(Dr>D0HCar!80NG!W*}V!;z1r2c&JeNNX>=-&YI<3MFa z4l4OY^qI`K<-Ecik}zFk=68BpCYeUEd|0-0H$)PkDI7Bmo_&S$1oSyaR!#+yGeft} zAN`Yeeq)fYG@z*HWZQ-&?b^IMs&pXrX?Cl0+{vzwv889O$WUh?V4N-3Xuk1LH|dIu zMwM8fb%%?QkV@+m&jY;`0}O0lD24BMhwJ&VT?;8bE*6z>7fS40ZBVxy9XZ+YU9-V2 zdYAI$qp=oJLaOmWs~?^peDNl>OHH)qf*M{1RApj&08H2Y4`5XIR7+N!yA=eNIWfif zg%wdSgKyaI-JL~P&lOzHMru!FAM5b+GvZc8_=Rz)S?m*@&-|_UPP{27B z4i&(9WVOYEt=|UdgmUv?v#fty?ldPjl%3)O#{cADqM3RLjcmgt38Pgqe!q_NG9{B` zD#x0|CdWPj=%=wHEY;1Pcj_!E5cPS zQ}ZE)DmR+i7H*MYueqrxjOvr>c3m*H*j{dWWAfo8Y!zyle983qJU~q^-fKX!oS#X1 zxkWODQ{)XyFsD=$L9KKDKrZCXj-*z+N40_bb7MLO-eMfbu6Sxhi=>bUz2+)>QN<|5 zHtoVOy3ULnl?@@;T$Eq>Y9JfB&a>&CPoGzQzXU{1vNaqQAGzImi%}(98Z>~qj%##O zc@8Sf{`kp{*8yH3{Bu4ZU-ewkLmNHvSMG?^e7uWKxclaxm+`#sostd2$7r^3AC$cy z4ItMCt_bOnocY4Kyx>(??X{p-Jn7HraDfNkjKg()gFfOxU#M|g*WW<6GduP zk8iknT7|j>(e&+<#UA#w^tb0~tYU?#fsLPYgoLZAEayY46L51y6ki|WmI_UoQ0Sd- z}LZUUu8sN!hhw z`}0lg_GX{wNY{$UDJ`86CLJD4%xqPwpkq@I+&!$ZN;;f9Z~Ga~tAAwy{4E*SE`|)@ za&GlM1$ayrHqUKO9iN0NY=3yg*}3aci=_|ZrHJjSmG9hF8Mao1&D8k8s3MDKmH3n8 z3TjMryrO1k^ZOdy@OKqPFY%m0+k(wH+M=RtBHNrgmRt2=4jpaC2`EsjohOu#Zy+LR zEi#+-r7pRc)VAx}ydo4!b^3m4NY608y580){j4#TkJ4bYw#NgVbtx+~gaaykaq-I2 zrmSX!&GrK4_bZ1_&(eeS{nAi0H;iV@f^Ohii z>YvG9T{JWjispMvM#6#3Zbd@ER8&rb9CJ=g1|O!}LAY_{vCEB8V@}=8iP8qwm(%2Xa01FP%F9}h$NTkZN6}eO2>n~9CR+1XW zEOxcs<8L#a7=X@KzB&GE6%baH)Z-_Xv}4`SAZ~KG_{lZ1jq^R`V%WQkL&9V&~Ezp-g-dFD|+<KEKc%KTTazoUt96UGQ(6d zQ(8bvXz0+ApKoROrh61}{uk1w6~Y&WWNqqe)eRB}8PSJh(wk2D(Y!>)p%@<+iq0l$ zQ+18Ev}Z8<7;Fa8sNiKDLanB$hc2-s9W0N)uXX5?7-t2XV^e(nJh|AVUgmGqZ$Ofw z!2P`P#$`OY<@(dQD#>NzB2w1(u81F;0Y?(?w`p2wNa2{k&(H7n8d(uIl_tQb46L&y za%@~f@dJ>DG0U~e)CBqdXrOVwB3z~i&oq3SZV_qkPN-reYT4;Ay9kf1ZLr_ZTBlK@ z``DhrC;ib;VM$aDUZ_koXa7HXJIkmz)^%GiLI}Zv6Wm<_G#1?59fG??A`Eh?TXc*PqRbPGco%5N+yuxAB%I@h+tFd3^@fFa4a2p9n^UR!3v(R{L5M{k2 zGctKMO7H&VlT}jpdb60HLy!j5aJZ`ghx=>G&SadQG% z+jAq9`wSHLWlMdR#RAv5_ndx*@hOi|L%Z^pF=m_rZf|)SJT}dg^$2S)eiFr+mYUL? ztjH6LO}vm5_jSpAX6*yF*mGK>2HLYJ`M#3y-4G)6QpPi^-r1083u+^7>VpY3(evsB z>9i9z9)jXA-^4-DY1iuu-j?M5Tm+gZSY*)UB{a2)Cmz%0o=4ikTfHm8qgb4s1jF2* z-&QXFUHoCZC@E-T?Y!M>vhD{{m(O!WpDh<0vkC0G7|LqnAYKGdjZ1XM`uP~ZdM!jp z4LI%z>Daw+^5T?Jrrb2T_->ytsu5t#+6*(i*&?kIMl`aM)O3q`lY|*#<;AEH3tAu{ zeLkf$`+xaw;SqrU<{RKFGemnwfr)=8S|u3QB5V(r%2gqe%AG;be59kw9)73g&-@JN zK#mcOr&P@^s!;zKHIVADuX^%=EP2|DSp<>lffsyGjSOB zlUO)|w6uRT-s>KLRFB2H9jL==D`H8V7_5~7HR{vCTx%0!9XxaDI$ox*V(y9QB^<00 zm@{Mk5x_KEY-2U9an$RcgqmLPM7vX&D{Rko&adb?3Wqhx`c^GrW z46{RQ6LogBeNFX}Q!E}F7nU&2YM`U=CBuCs3{a4kW8y|eWZ+kNrSk3Abw>@mQ2FTQ zdn_8@Hdcza@=xiQV0`mW>A3x_L2F*aa;cCvPF*ASSiP9Q3XY3i zp^pypd9Zf;HnA3C2~)_`6=}Kt-gh-OZ<^isLdd zg&u(o{Y0LWdo}GEqg?IuR6ErF$em-BP4;%{Ztj|9EYD|@ZK?}=S$fZuUrB9H69r2f zmg?97cyp;7Nm{N=7gw0$ZYw);>cKF}EBm_UK|HD04hEvA8bgPQL-W9RMy}bf+?um_ z4zrQ1OfE@zzoiZYk1_#&{P@yf)iJAuvPC!XP51IY%(;sO;%daCgVHrk>g-;7*u+mw z3+r$?8!q$=M^C2>mJ@Tb9|^Qyas4a?{qQ01BUWx|A90FtT}>@y8n1H-(yN@}JF0zq zXCygo%wD1VpuYNvpx|9zW?U6&n^>dXq1$Oo1~^BPcH zcZL_;nrdFJN|dw?bCHX6*<@c$w+%)UZ>}ZJ00;}jwys~gx4++=$?pwGVU%qd>oXq) zGi}rQIMuglNr|tdGWueX$auV7o$#bBKkWWooez`1bdCHS^xV4>_v)^V(HqzF6C9^k z=j-X04gZ60N7%Ic-}`pVR*sseb0zAnvV1D`M8+GfVP+*l_IUeB1_=uH!%WnTQ`3y% z|ABAEA0RBLQ&H7%F~cRKN&m`}TdwvTX8`dcgh99&P>t83l}nboSLCWMjZ!c^xe>g! zqbU|PgFS5aZ}_o&tw~n=Qvy6ZBG`%yGhkSlmBL7McV8GJDR#hV=ih*DjB>cL)iw9D zL9ZM*4I&tPbQk%xGl}equV%O%I`*ZncWACHsLn6qC#y%KMa9&kFBuNl-|vovQ)lbD zWno`5h6d^kt3A4`ALr8i0gy6-;(l=*g2rgR9fJ!K&R2bOacNb(@8>Pa0!*CB#Y|7& z!edW52=Ty;_;B+w-;+NG=pYcW^3PFIkyGh};rPZ!xKyc9>Xf`N!*=6o*&86n>j9kp zr~|5!6XLF9qH$@1cosaD>%2wGN@XJ+pL}c%>WtJGbgKHobqBQ8M6KH6)$oS7&0$mH z_FR$OgM-OTB-S+1kQXU=EioL6v|?#K*?Hzv=qm^pK_q;ti0HT7tJM%lWgme_cTpGw zmy40DPBx_>^>i+@|MN0#6JYTb!>nFEv%EkFmn7IYqqChfn81|d+<6Kr*7Bya&Hv#S zBmI2<;`ax^$i)I)!Eyeotx~QA0z3a)*!SJ=ISbad-fOK;DI^S$et#<;4dd(%{_7pd z6raH8z5ZQVwmg2EbuW@cvq)%qW!olAS2OfE48})DNi6sSL^+pt%eNjP~VjYItXEG#Cx{&=-v*OMimi;+>4fu%y6(P!Q% zWOuqHwE@0G9E*v<%eM95=L#->^N#;h4z|H=pJ72{{eXF6NQ6oPU{W@YXFSbIQsTL@ zLf2qi%m)2KMZ95MiX)05&sg}r1~GoD$;8{s3j^d}lAZ>->I@NR_~5*?XAz} zMAkQX$XWBtT4SP5xt%qr+QtNV@YVjvl#o{Cj0lG>pQ$4xb9mcTSC2>2>G#UF?_MK0 z=G&MI}spXL1VbZ%)N}>k{!(s zuD8>^RImf7IsGC_k8a#D&uZ6CwKk19${7y45)D7UdXHahRxy{_MV&pO-K*3sH&cAn zN}raJM4Ef#Gd3=2P1nf1Rli`+)bX4d)0|)93PL{g%I5Kdy{qEt*>=*K))8Oop?p7# zZPcb~A~`ECor7L4VSW3bUkyCCONUE4)p;RLp5{c9S<O5ors>plHF#^J?#2OBZK%tVbZ+j2IIZo z%X_;owH-c9uj@=po@`b3$o;&y?!wHldT^Z_ZMFU_B5eh16?>^IP`ZAJ$mTQ^wT;oC zEqA8Ktu*Jb#pqu7S_ks;RQSQF!s+%2`Z`za)t6xZT>LWI+OArD$B!?j`yyz|e)u7( zCEqXhyJ$JNbG2@f7Ch(Jo>p;aZ|y`@EAFMT({7FZQES#m;fqNhPre{Bo$~@)V`aa& zS-G&R*|n~5s(&2;2F z`owWr+}x8Fi({2gxdzgsWgKusfRYms`RL&4gF2>Z4Ga?uO69|IW`IKi*tPA9&MJ?30&T>Hc>pvZwvtiHVuv=icQXTxP_( z87Iz82^M7X^;hLYN)b?#RAcLYUVRq!+D+m5Y8K73y}@c_U=p*2o%L<7<&=o8emH#& znfOcNYVrnMyz>zpb=8g4u-EQqb~p;asQs9d!W;yxU-{$--?Og-5nOb$Xst{VH6I1( z_`x-N@DO)uqb6yOg|F_rb2TIO^KFKZSf2ygTJx(9Jy|0lG_?&r94J5*^gm z=t&UjCf~Nh1(XsJJG}3`O?P;UTAGxkdN%FzjX{|>2)4QI#AV9BUIBKXZR^R@2FH@s z`S6e+lI4xJL_JHZTPJtgs~xMh>vQ+B!w3y2w3X|#CYayHi4>t%m3Mv47F+b9kH-|P za}ZL`l^$L-(1O2P6$lBW`hk&92$b8X*R2mBjrHpLzPjlMw8J|tpXW6>_Sz-VWms!U zf0^Ei%F)c#x#6Lfim^Iw?hWgI479{x@VVX6EnNCSkA8@J37>2F{t zkEK=9w@E--uvyqKFzKTJ{N#zQku>NS10l)^5vk6UwDRLrunC1Xd+o#)w_HqRh<@$D z=9k$9J?|6p$!(bYj3A8mU@GMma^QNS;bmKDzZIauB~L>5k@lh@Dz;Xv`l-Bib>^cE zC8zM7Vvxsik}qzEV~MuHymv+0Q}k!#E?x^aHUtY-ytc#DL6c&kf55zYcn?4T?^l_R z9FE4dxN=^nXc5k*agntBkhdGZ7iyT%jj&`0;x=Fknl5dx2Et|D@E zZ+=sucbXxH{JtSkA)-UO!HQw^ls+7LD0VgrtHOh3jYZTr(7>dFb7Ij632h}%UJmTbYjj4Pc+p%kn(I2&VNcc@YHqby%zo3+p8l?bJ z)h`5EP9bIms|is_jXKNi%WIypCSh!K8ph;8*4cE zCgbcoGFP%tUJ(2Gcvfo|TLT~d)HeQ1%Tk!s417B4Xq8RVV^F2Fsps3uDHaBo#+AVX zX&bk-ot9NVFZU3X*|fv7z@x+M5T2%MyCS@PR#3Dc)ifzD!(v~*+Ij{SpFUu{xEJWf zXSG@Z&MyUGpjHS00YOPn4h>3r4NO%x{KZ@UqqXO6BewtTa`^veF_yyBq@<)2dSDR_ zghYCB9dk$q5@!84TcH95co@vTV){AGAjF7|Mx^mOLtYpn#zr;>uYMN~vHzQQYVxK# zx2_Vm&oyJ4(Z35v?WHD=hfBBNQP$K&{>db41mH~5w3YTBm=U0(%h_gvKXQ$k18?8@ahV#yrk^A3iFhj<_7j%5zjd_vg91+bMJWd85 zaDUeF3q0%l6Fk$LAWiM+)Q?Oy2^sZsDato=@eb6At$rL(10swBiQUqJK*0R%?@akG z>g;H)rlP&kYf$D9&E%PJd+CJSA2Ykkf`3 z4g8giq|D3yWA6BZI83{e@g6;d%+VfpQ;tgb`!9}49FGysA-G~fp<$na z@pdAoaBuJ&!U*@tx3v}3)4r+-WSE}*Bg1P?LAj)+`E9vZ9S1YeoVeVU-KasUkK7z>nc}~Nd^h5(>QGq!t8CkznZLYQ{ z5j>r3S-+wO-m7%KVA6D*x((0XlWdh1)#<`*d`6oV7l)o@VGN|C7Hk!sRrS5I^TV^- zX%~De{WL`yw*%)p7|%m+4U_C5E-0x2<|@Zs`MWg34*~;TlIDKo`ZQo|63gAPjQfpm zC6>x%UA)LA$KlJ2?7)x|3*46HC=*l+5e(L3IU&xLUWaZ1LMmR1%6NqGC)gvE)SVvk z-?QddjjF%M%R5oiZF@2xn-#O**VYN(hGD;aRljlC@R~2RpRlTu^l)hn|PVRWUi{pf&m7z zXNNEuM=9ZiN!wHlU*n}ILxt(_;H%knQHnk3PL)q__EX;cI9JQKcy%(HW*#0|-t@MB zmtNfWWw6iY`>?lu4;+cSNE{Dl9o-vNgR273?=;RUt+y<9que9C%CINfvzO?8E>C^$ zzUk`vj+fAugJA8ZQ@+2){5coz^*~iB_ww6>8tb*P~ud(j;yw?gqOWKt+8ksI2Bcuea&@ZsAZ6qHvp2Fz|+Vmc%|4e zx`ieZEox56$e5FTBfq;9;bZ5gOiKKm<89-NR)D2^89pHeSaj-rdK`CYk~+_#cibL9 zdmaLQAQKSET#9U%D?P6Th&Cm)$?}miG>pHF8ydKT~ znU@wj@$%`0SUtsduu}}$Jti?M zA_OxASY*YhXi^bf+R}8)!isr$iCV0}q=>D=`TDqTmbkwaW>M7J`{D5?rB_vK5@I$U z$dfwf)G6i`?=zaV-_1M~S#ynS2a!;*;m}BiObsjC*clS480T^B@q;alRYpauC)ySc z3*uVFVE8Vle8#9X%m_xs6z_EnI>`dXpt0D25zRasrw=P3Xf3s*4xzLSIZ48Vmmtwi z0;-nkc-}K`Jvl%rv?Ch>C8s6v^*}sY5n}TnrhR>CBn|R|d*vMeMbh zZMaF83At%Z-%-jY{F+;VsCL^=JM3vD2akY}iZ{L}K6&h`bmTh)S6j3*YABnO$aIVBbTEeU(w&_GhjTTs zdU|?L!n*}HvcRWo@-gCwDiZh8XgDK=2FwzW8c_?uR#g?2R(=siDXn*=^Z~mEQ8F-6 zI#Kc?BbN4+!pbt7Lsw_i1aiF>o(3&^E!a9mWG>f-^8w62 zflTwoC@&Nr+sO1j9^WBnf%=?U0MqdM&P`A)MyeHH1K{Gulkff`USu5YjxdUdVPJmy#X_CgPc;;4w_{UZCqrg*Y^x+QT4l{|XMFuo0|@N1{-G4s2JKHRNW%(%K5 z&x+bso0Va3a%gysU=JkL^M#@nOSZJ=2jq@>Q9Yli_EP1pjVj6}KQAOr_>8t_-A)*v z*{K*P`L0#^6CRw2jz#^_G;e{p}bho+ug5ZM>QS~SF=|wq_Ti46Olp# z90rkB=MfS{6{Z8{;yH_FxL zemUrhEyzFi>Nind<@cw1O~@FzBX)eE7^Aw28yphSFdte(PC?OgruF<6qZ-zS92ms$ z{Jz3Rg?Hw{EY9RjMv`_{7P^v~`q!?pJaThm*vl??5v^roCuYRMqE=y=pO=6rB zq91(;1v!#Lx`kz#%2)D-(pRb$`)6L#i8uE5)@IYo)0!W0(v3;DZ+3#|YJoW~6XPbJ zcK|#VsL}yFfB8>*`htuYP7L|S)=B|tMEx|J)bVook=J1F(=VcL$m6FE`N&(81}ZEi zJg;egY&12bZy2=hNjR-j1`)gVsadpPXwKxw+6UplkmF2Xd`v`hPD=I<4bKbIV|cQl zP@wa%By$XFMnz04RK6F=k)Q*Iux?@AEdosWB^FF=w8@~>pPM1c@#8^tQ^ zU{GSDc4=suuG$oqQT>Y3y|=}~WM5lKE%Ep;omJWFzAv^$I(`Rjb3Pj)Cs%UXiLzqAm2??oT zen20|`%@5UW`uf~MhY9S9Q308wBIH^r~;CO>api!od0UcOyiQ?9oQxXUgC_|`Ku-{mK*gyEZX{a zO{)KH+5Xu|hd}f=?*ha;+Mvtw#tU?ux@l;8id@$G55Mg!c^c@&^6&b-fWzRHaLKmz zqzHzjBmq(O;(ZnxdWns5dTgEJ=ONLhTb7rmhhq-pYAKjMZsN6#fpk1(`Hr7U+#~q? z(}(osPInj9ER^ME2n(i79gVnIDJ7sOEwj6tA%@OTMX4n@SuK|t?7Zg6$#ij+Isg52 z>w4r=XL*|a@QAffRJ0J|>H_?}X{J*uGMAaXSySDMZ8ku@e7oExSCM3W=UMQ=Eu;L} zaev<`X7^rdshIfy1+aLNtVgF`9)N2Zv9?nt5e9p<&z5OjkE!Y;tm)ih95k5x687f& z3pwst{E)LQls2ASmJbGub~+VtdIl*j9;+~<$8tmdl60a5>;b+VxUBszG9Gpnq`P*n zpVyEYJ;aqD1L;P3xR8Wg{0HL7##Fh>nK@%}lrk=kJaSD*UREhOk*E?IPbY@PyXl4e z$jHcVjf?i8Kmy*x>D8KZP&BNqP!96k`%c93X@IZ8 z@+35ssCCO__(%?G1TvKsoM@3(TK1xe-hLgaI-I?zw(OA9 zvx?*9qxjIirmik<^6_3SZmI6HwNKW~l zr=a`;2}W@NwYukaaAAtiYlO-JQO@w0%Ak0d-HVlY-Spb zn;YNbdsPej9u$C&HTt=&;|sgFexk^@1Nn6YD!0l78-amQyrpF zROXFzYsa=+4AYPCjh*!!D`C-%#O3HWeYs{rACVpD!5AcZyW^auaM^TaEY{ac>WwgS zoRuS$JwwIl#YkqbK{Hnz@>=PJLmgEx`~(oga*G`e{0(b=`XfW-2x{BOHQpKw1giMN z-a(Oh@NQgXneFHNj%V@_nDq^N*Xnk2bzR8xC8hH6`WogMcvubc)V|o6>WzK)Sg^x| z&#L1=rh{zpry_JELCD`VGK~pXmDUSS`UYhSS|&=91r1Q+w`HcEXryKe7)~gC^x(*@ z4BRIL9`du8C{dljZZsl*S?Q3_#YI|KS~Pc@kvL!#E8xQQ*f)7|$VXKFJkFHQN;2^F zUNn6SR9iJ&`ZST-n2MDD9ll$$hi=0AH-{ykdLz#Go+Eq&>T;ALsR}4s8kX@q;B^{p zM7yjhQ&}PuE@RBeDVR|3QiQ5BwIid+==kv}juhyt<4=oN$XfQ4$@A+fiD|j?qvXpP z3ieL%sovPe^i!8>e0XH3aZ<0Uka5{0=Wip37A^R7pO^Yrkoo9B9lXM+fLpre3Ts&ERsYZJeZ0Nc&0iyHO1%}GiY#rp*EKiHyo)w z-IqI&((>v}VK4Z|YLG!qGuLraK^$zY!^&`=wt36O20JY?<)-b5lYXgAUn)(MJ478o zvShIXmJCcg}&NoFKMC%&S^hX*Qki)OzE@+&Q4-5RJO7Q zp=VZ|8%!BFMB%aHGxX8kx+PupFibP*kS>e4a=Q4~ES39K_3)i*0NIZ*wG z0|N)ygMwlse&i~%oxTYu(gNDvPzUx|MpSUjKXYtu=MCs<;2nxOIJL@nnhzXywh4G; zNxpM;>-~cSi~8zGFL!L&i^Br^vsR$6MO&7C`6{|Ux6@m!AG3amvY|2!d#^& zPGc(B=Wep75mE>3zj>PO_yuo4)DhU*VLsuzfUs@vKJA87A}yLKT_96G>*qE4I!qpY zFY+vhxZc$z8^!udac6m7?UWF{r@`Dnq)!iM!%CTLmk?8cVW8Zr2Xr_In+O?@_dqVx z=cLL%#H(#IsaEU`@c8_tA8C9$?PyG0ZS~^lCs2K4`mDPf1JP?WP``6vcAMnB7k0ej zOFzC1X{D7q+fL{f8V8nzY4pBX;^?)$>9(TdbMOPfV3@fO7qnBxlc`#LYflF;h1?2n zU@BJ<0S(I%HRRjkP7b5x=P`N3nH4;A@0mzl80oS0q&7*RT$N*yF+hb>DzVEOvF#=VzBPRd-v*CbzqdlL&-DUo*B7+1JxGI) z7}Gq&T2o0!38Ns9S07}!$`}k&B(B-TkUGAz=!d*7Ab~#ufNMNJrgj%(sZWWG=Og8Bihh&$B_!nK#&TQ|?ZTZ{qMm~g z^`H*(!4D05Dp>8hgBmncvT-|wK-&Z^&DZ)E^X*~b zh{ec;l9(s{hKa)Gl_9QlaN-;)@D9o1ZY}*tWLIT)q915T=xpT69?XN(gDDMenKm1i zj>0(5uWm3Cz=>j}1OwEQ_>tJ`6z?G3G3xyTe5QLF5e7eU1#sfX(zwjniaNwzRwWU}0!hVv?6W+xgAsB?7C83xS}Z?- zT~OxLJCNC2)_}6{FQm0gFipTF6m1T%oa4zM?$_z*AmE`6k|e_fWL2LYTLoS*GWM3L zmtCIOvH(x)VSKBC`ji~9sV?W7I{Dr=9Rbrx_bq#19|Q~?0HBHReKlc4nj0n%mc^1J z@ElPC3j$K@idsSYG5P2Lh#o?bRuIrODiSRV^&Cv?y9=P3{Xjy^zqa1M??fbZ?V$RA zddcM1;}p12|7?r?e{JFW*90n5V*JxMlr*y;Gf`Z7GM@{ zjiuT2IVrG*6lm^y+}9u8SCgqzw8$8goITmy+#~grU{9!5Zm=?a;7h+gt@pLazzhM7 zoEu+m(j?A5Vf^uPmuq#^ON#BeoH~+aIy&5CVlo`cazRj{@a2_6fgu{JNYk%ZTRziiG^sCshW#P0bql7(;`sWh zf%&zuE7Q7Ftj)UJ+YaK>Pxs6zQW;!3x3VeT_29z%qv5v`TcI_d0uD=0@t zZ#Q^vJbD6jU#pUF5zPbRbq9rwHGp@Wr6xB9@*E35nl+r?``WUGOc0P?u^s@RiQA{8 z!V|Bvm?5nC%$F6bTp|~tZud9kHW3?#aOsuUw~HG;F^$~zr^mtA`w<4Xho(3)lVk0F zaALEmqU*Noc-NAvv)raJwhNuGIOVQ`@AtF!Dxvcdi`w~j_CeT++VbYi>DH0;#*lnv zRd(yA$rywj9Rv0JNNE~2vLD~-5n>8DdVf1tS_*Zi<>j}JkufmHy4IKju2)M;BO~XX z4EJ9^wyCjswI|!lTkEg&8X(iJiZfth?%a|O_Uvq;DA_`(1&lvnUF`+J56u$01TLxj z1!;K(e4&(=$$~YODZ|;uAgvApF_UyWMqIq!`{_H%mwR!QafeQ`6rjDs)hnN=`e@n= zQ;?kFFuAJ&7?%Ir;;mQgTPiW@$o}pmg{8>shA$p`ca!6UhZ6{!Uvosa2XcXpn~tVt z5&{e`;WLKLAY;Q)K2%pflkad4VK&&bxj?mA|FElp`5oWpYnfHwfK;zjDE=`Us6yM< zqAhitcb_z#osv4n(3W1{QM<5iv~D$z&+?2~0SL`m;Vxno2w>%z)bP`c5=S_hx=S)L z$#-`Jz>mcBK}CZdH#avm^tueo!b3nh!jn4gn>ot!3M02p>Gr^|<_jp)*MB>M3}8kt zNn6|*8V{&2F>!_LI~g6n-|+7?aZG?>!!+FKjH}@m+djs<7JkFJ=f+hqG@)>479<=Q zRY=M@$a8Rb()hxdY$YaJ*np4rW7vm!G0GT^{UVvU75sX}gotoJaVi*HZ2Q9@L7>wW zkh3{8BUa08iWg>~TrCC7!g+8g{zEy{a{~U)5}nHNNDO#&y68xr6r#@*7LTgR1@%_G z0{OKDavr(nm0^|1?Dxe{?#N3IYZueF3KUjO zKcnQ4C*hU*fD7v(^!=eMbUSHNvH`~NxX?kYgT z;90i@#)2TOl%oQ)-vw(B+`sw?{#wcZg{d5T@%yni19GuVBK6fQJJ9c(jO~x_KVihz Yrjg6}W#0i0oqN5x$x@j4E0s!1s{{B;G z>kDrJ0OudH@2EcZGhfXFhFrP({jB!^r?ln>*w_PmT~+1b#k;DsbV2VwMae1SXCekGx6Vb$oXA^%d#!nVJ{#`<~+Os~4{WP>pgvl`Jl}YZ3nq{D-CT6MkH{K8EQzc+-vD)s_Gb!HNT-iF^ zBBTje2NsHSZEziMK_9aEGpsA@GcJuRZhB0{6FhYlk1AyV>!5YdikoZgXn|q$s0scYHmSjknIRcW1*C`Ubj z`tW;RRR@uq z;a_qNSy0{{?frm~XYDV)w{u4AANd_Fy7Nl|%|DJWW`hf(_p1SOlR)#-GwfGo(R$wr zcZ^fTq>q&6ADv(KGiwC^?gs+KG@5j@k-vXzt(_N61 z)0e#t-*P2F`)}8{JOl1Ezv-ZTV_vrUy1lV3_;0NFNxk2eb=6w=xYLTbPXdN)PEJg{ zv_&)0&22n<)A9H9GR|x!<%!_)Qw_Ef&!#ZC(k}6uTTbq2ci(UuXGWzf2iG5_p528o z{LJ*768ZA9sQhT{+b>-yn>OZce!BpE=DhPqPgm8I*L?d_fxO1lgQMeg&PIN|lh|9eanNnTi~DZKz9rz;^@*SQM<< z8*}WYAH$!;pi^fv&Q#?lFwc9l#DHM8ki%cUf_zAsD z^M z)zkX95xtGF4YWfN!5+EId$^OYoN4aNhwNC;vg9DpvT*E?l+TUpw_;rhdT26d)!b`Q zqD1iFn*>5LtHMtL!4hGcG|y=RFTvi1$LjnRbkw;ML~fV!$WZ=eDfL=FN4I~2bJF6B zoJ#KTtv5J3+i&16iLji7hL{m%^7m^=O5}#~;|6Ie^qJNDgFv@5`5^uO;9t$3)PoHQYcR%Z; zbw4%t{~#ck0)(Q9WB6ryY*VfqTYJlqGCcXDvoTVz#|`JF8w(9*D-Alz5e#7$N+O+L z&AXJl*&I&o*V`X`mJkN;GF(C{>`!>c60mW4nJS z|J{!~)HMAcKm+w)!J(L3*Wlyv-^2UU!RPc%OQ3IZ^=;Awc4ttU9GM^_1~Ewxbc;L1 z=1ZVvnYe)^ZPH_@E4lH=u{MD79%bSWjfJ4Y&tcycX>;_f_y16z4zim-{fX?3pdHnM z=<_}dQds$97SxSAn%!CY#eW(tboxsAhyphk=bhJ2Yk#0{2+B0l4bQVE)P3a&z+Rw?AN5qy692X7N6*T$f*1mOK~lV#_Z z3%G>ey0>!FcRJ{+nF#JU0{R)Wi=IB7vfmA>R4Xhyy%@x{;afW|@Ee$5b@I@+p<;F% zgqorGy#X8erf?dE)~oBkJ5|wey7tFnoxL~sY+Fp3$^_7ojy#*(Ko57SM#{TMw8vu| zB|PsRNc^*s&5Y9jISaRbhx|;AzK&BS4925(gwhrD-ri6}k`v;MRPiT7#KLAX$Q7F& z8g`;9oncxw#BsSRA}g6|fHAHqrAp)muU#Tz@vBDLVMOf#Ad%{DQtW8|eL-g*O%_?`tXFusm8WFDY8gJM@u{1w)xMX1vdsg9h@gmVxU@ z(_frt=VQb5&u6`h0yEhmt8R&L%1V|@oSr?#cTXrx;&LY@`aJlgJ$Ph!nli8ah05#a zbd+R+hij&;Se!0D{R-9sc;|xQ5~(rnl;-N4-{!Xq9A4iJaY zg7B#){x~Dy3ImTcg^MTuxUSj`?F|~}-IgL#p7jS36}chem<^LCFP;yRwtki6lkKD> zum+UeOMXhsa!Dij1#3W&>QGXa?#w&CD5)0mlcInpx#tOO*Tno2lopZ4xx7)@%6B8>ANmqz?3Is= zS1hn|xpDHHJ8VGqeA9i#v$>p33d~JRN;E<8B?+alm7V*9E1`ZT^LFgzv?q`du?)|h zBhU3MbL4Il+{t!zpy*TlN@IS8diCgO^KzZ?9l)aMzM1c&9jFhsu@mUS>BlQRpB=l2 z_|liOQN1YwioD9H{{X@uyU(_MQ*kH67Wl8?k#5Nz`KULB(r*)vd7@^xZR8yOP<;m$ z>57`?k7XzpOF`*OVC|)PY~wuP-5IzPIw_=TZ^{x$C&f53Y|t}~6~4Mi%+MCulwu50 zMTRK)08&4ID@Iinec0p0Xc3R{B#rIf|7?MBGz&u~*F~eIpl6#vlUD22IK{yP#+yj% zp#&g1Z8^ELdi5;FrJzOaD(p7fW@^L90{J~p9U)5O&aai%ikx#4RqUi6_; z*>3eCP)}Nm0kDv2!AhoFtjGufo#|985eX#&Y%jS(xF4VH>d5+5&ohN~7+~G5D_bz={EOS5!l!Lw`A9WHk z4dX2+kT2;;iZNDb?ZKcaR(N z%~V_SO&4f+EiA(;M8@9=ZY%2epKP^vLx6ej&WcG{fzJ+I!tuXkUIdowH2k?;lmMbI z{oV~s`FzfWQ-+|d-lxv~S_|Gypuq$#S686zgeC#7eD8FzYcSPwpmd*40^=1%^2V+^ zlaN2lY0$YKp?M!q;hCEux;+WasZ*FJU*lyO_U8%;En{86&`=N9(81XQ*8tp5Dp0Wn z2Q@ojbY0n@XD7Sj8DK&=QoVST*F>KR7dU)8>GgjcU{eKd=Df_vGP78{o zQ}_*|peUbHjh+6_JZ=sx6`#45Xz321&W=&5oym<-Y|eiDex0?r?O$;h{P7kxTY-D>$bfIW>l~#l#-lw~XRG>KY}Wz=?cazCO+DIIIwSm54E-l8E1vUnwXf zo^Av;eBIN33ZHYDwZAXoJ{T|ke5ljenv2&%n?D<;IN1Hm!PTkBPy(c{D|diBA;5Z5 z+?FwDRIfVKoCt2F+AlW5GpgRzfMM-_-(cFm>kB4nR8kuza4tG9LlzWLaxb=#6nT{6@7^Fn2RfdwW>5`1W`tfxS1u zV{u#&H79sMw0Q6p`t|kGH-XGHQJBXC1RK$6*vA-w)%p7QBY}0BIXM#Y$2!{)PYWct z%tMFotZwrM)7lxWu{{vz90nS_(0fT;ru3VV0<}3spNxlt#zOYbsO`F+C-!Jn&Pz~yP zb9xYWd|~aUx+HNz6KuTjJjQ*)2Jv5XXQ@R0pdc;g(6(C{+^X=QVDKm}{ubN?-9rod z(bY++sNWS!|5h^AA$&#=LS=P8Epzx0LG{Afw(|KexK|7A?1My52RydGjs30S%_jTg zxF=9JzQChYzo(`_r_XrFDmnSd4fsG3Q-8?jmiRTCK0y@cp#|W)2mg|fM_03hmRma| zO?pZ)JH+>#m-wRRJ#!Qg2u7sKa6tB-T0gzUgdzTeO z?-kroeQP9V`@UD5#_5NTh5sEM=(RBBO)OO+22y_WX4OZ?V7$+)APsH!EjTHuX&E8R z7o@Z3PvWv}jQ~TX*zVN*H+C+ZXecmKqMIJ-TiOv7K`k4|%KCmqY`()}hPI z348NafITu>>=_l|4eN5R?47K7I;woA+T$e|Hsu}aomq>J;5z5N`Qd|T$%wesOLK(E zKU8#UKm8DKJ~LF%Lx;e1mV?NXkXl+V10D!q^G2+h1j>!2p?C~EKoh%SMc!$t0d$N`yTMh_(7ypF@N9lJojGr@&A$z zjP!M>y@*zw(zjYS<>r;1&ZQCME1$n-GFqFVdF+H(P%@tC_>=pDjS+rS@Z(S+n~jB9 zG>h$yme_cgAc0L1zE>bF$!^Op4E+IS22*UtG#@A-&AH8{;u{qbAk&Ck!n zeg-zNxfr^Q26PfHS~tCh*hWN)ZLC>~`l$FBIV@C)sJu3MWFytpg4dSExkNF0hq+0) zw?5SgNF!Wsro{)S)C!)WKD|C!v`LIx(^)Lxoon(5j9TkJ;GMqs7Ov1q_=SEQDC7J2 z@}lU*U^tl)3OgAt8YS3p^eFTdT-(+aT{@uRU@#7;+_syi#7AAR+A?Rk&i<9Ea!$O6 zEa&lpO;uVECXV|M_yLdQ+G7?Vnu<{Gd3twyD5@hILEsDGxXiNEgtQgZRMeTX0u0mc-*%@x ziFQ_WnzLeSi5>EqviPIQLYt0m3x|wd5EyAzzj#Eoo2>}k3c(1(c#kDYeHLBds02M^ z1r7UM)!@&iN$jTKhdiW0&7${J&`to;z|20zlKFRjC-GuCN=LH$ED#MW9*B&QTxZ#_ z=ybzlK|!>0OVENJQsSGp6=*L(Yc(4E<}%%muF3Oy66Ya5!j;xpVlk-rXSs3YIWs$HMJ944c-CtJdANT?lg>K-!KZ zug&G&yk0~XGTM%;0fTZ{z(>!%JHZJ$%z`;=R}G!|T8Y>p9e9lCO+nk+SjKA$H>mDH zIZZluIw0d2f<*<{J;&* zB&?Oz(?$i@68^-B022;pJi3x`1~Wh`Ybkw_5KeKV#~$R+TH>S#fn7nf#^1QIqk|jeu+DYJ->YvbF-&-k6is8 z`a>7p8Tqrcm3xkwJv$Z#M=hmsDf(P2W(qk{V*pfdifVct-^r|&s@6MK<`x-JBIG% zH2978MeZo<;P5KusPM_8_SOKJjO5Vs8io8*b0UdEg@R>QOw-ps| z7)VP2OlpzXmmwB?jHT7Q<5&fvA0ZSSh1hM?@B%a_1D0oOB8AHRCSNd(ai`az&4Fza z#CM>R{$PKV7NgeQ5zHh(KlOU8sh40cjmXrNy<#7!B*9&^?kWbu?6d`k?pp7rG|EXI zy_6SS+~GnsQ6lF2;72^m-zEJfPf7D5AG>LIk9ZFK36Y?_@a_?fDn$TssHcNLtWYjTxSP(847VH6 z_FV{^7u;ND@$JZE5~oy8+DOS2uF@IH_XOK`MlepkkWrTbCAB1989AfRYIjq_o0oxg zYovL(f>Q)O#>Q)LXmur?>xENjLoWilx*QVlkf&N!9 zYooOdz4xTXOO5+m>8Z&F2`Wexuy^zG^4n#JI(U*Q^$~2`+`iK-@rSHi;>w-O5QrAL zx9!9XC#1#gfeH}mndt&N#mNh*^A6&XOY^UU@_JXg6KWxqZLC@f^%%>Nm)$--M^E>> zSv!3jaG+o}U4=y5$x4kZDG`1P6-EEGFwBLKHX5OmdyrN7j2e6&a4|Jwo(W=J^4C3i zo3{1~nw@H(Je)lFVFXZ&XrplJ>~6&{%{WyxAfT^%{lZl2$En(9TPYQ_t?Rr8mumWB zm8M*yNRZj#9Rq5RXK|Oe0f_pLvBjBr1j8J}r@VE8di({CkGmzmkHN=bd}&aP5@`0) z7g|V!JKpLF>AE!vTzm^tO)HM-!pMn|?> zCMYRZ*s9J$!8b_3J8@FR4sfWbnNGwgyjxF7l}~WYY1ft?Zl|JR?A*d#C_>}GL=}dW za-Y6lUYRq0DEl3T$zOJxEs}Jt2PQqH6C|@dw041 z>gF)@)pYrRNL_~FG@tk41*IiJDYDc-uN0HCE$w2t%vSSsI&;^t;sgEd3PVn$SC`7{ zGLntFu=H2)*t)j!9b?0<#<4`lLB))0=937qk=3*9^2^vickoa7VR@@+*=Tc3B9-P5 z6G-?|`btjE>XZt%a=-nSWDv8QYcTOD-d(k-1vfoDa{4DgZa`*>eRxCRC5 z*r1!w0C}MF6PYBc1$|&#QgaZEvCm(dmaoje z>R(SkN%+ii#>EH?^u3CAP=M@UhgI<(@bBLszl&t2p8dR_SiYqzbF^qbm@YNZFc^Bw zoA(y@%4wH0PLH~cKl_P+EYYl9%tjLe4+rCKwOt5`duq05qu3}kb$Vw8T*L4U=&tu9 z{$E5nvxHy%tuy%c(#=_F9fm_W1iYcPtRuxNO4x+gSljlCL_~6j;P@>;g945cj!t5V zr=i8$$5JBuLl3nexTpAuM{rK{Fg@;sS4QtKTzm`+%C~8aL!2ZfF@9FSyi59ozhI(j zPC1c^G=%unyGm~h%EtD(EY1cPu9|!joMm(NQUNElvW7fh#bXVCJNgJG%OAZjZ*m&K zNl16P#RVpk)BRQ+#TS-Wk~?miI0~LEM#!psOJh^_>S*S6B_MnxO+uux@?T7_P=XhDR{DoEaWg2Nn~S61s^V|1Eq)`pd|si zQ0tnS3dSG^b!#~HSWGQ(mI`og#%AG8H#OZx zG;yK=?0^`1gTAjk2T^PID6utlQD{l z-GjHv?{H7ET}_vAa2=c8=>D%zNgEFTt;0cuQ-TLLT_Kv8lvAsN->zyViZ_9L*K+bgAeIs3C3eB$>c&I zoIAV|#hc+#OhsPYP?eIjo9oeh^A;;5Y0rO!Q^#qcSr;`E%_TE+ywI$Hn!&6!4^o+Y zs?d8&Rd30`TAapsjTWfJq&h>O1Eo)C!45Y!DcFsE^1dKKf~H& zN-&+E`lIBHa|s~v2e7O--6y0{P0axWUn?-57d5OuMFeaz)rW5;K##BD_tUnZcc>EI zi0MkfY>Qj zC+zGX5_szy7j43s+OY}>_8Pq8=mgY6cz@{D$~Bcp&&2^Xr6=ubohv^EKeFguS!?Zt z4P$K}?*J!%8qp_BH7g@bRy${ex3*-<537Sl)T&}Y110UM z@@|Pt#j!wv0_%Bo?F7<0Yt{*(uo_2P($+waByHnGce18(Hu#7cq*zR2OzpAb*h$O? z5ij(|Vk{2Lsca$y#9}~t2xZMN%A0;qjXgbhTUs1%aa$!WKBXVzuLNk=#u9cd6>=Jm z>9S3UB}`%6{q0IrP<==f6!6g3HcFlTR55Cn>muQXO;=Yp(zX#j1|0XVjQlzh#X69X zpB3WXQwOSxIsMfos3dSe+k=?V8Ax-ZhI?Xp;Zr(%X)%(< zw$y~%I0XVHr+RsvJ{&q=Z5?wxMD}LM9!O0xAzzV!OY}b5V|dnLIN`vx;pjLAYrLAx ztR?KBlikrA*gKd!@nf?V0B)e~8B;cnDbI<6g%JEHU5zfnnA_xR52TQjOlnqRp;z~`U# zt;{ndV&XpwW*~73(m?oIhI!-4d4JCDm00s1iUUz6j94EcWSor{k_bmDOCslzq?BHjb^hvSFuNqdZ#ke1#=uHwEH0|1E*W> z6jTd>wf8SDtl#h4J<~)MG7?*n0{}9>x^;No->-R{g@M~YK~q9LG?mUO@=n=8+Eek7 zN2+|M7c#*mEVkY=LWO2=vK6TSY-9m=*NrszXFv2_}lF58v1+vR>HIlqFm`3_5WHGdyN z92U38W(c1Er8+c#_e34tt64ReEDO1{344WkSBvQZ_GoEJ|L3#;dj6%_{rW8-w4U>E zq1-;B0Ow6no!+!TNx^MK@UYGz_HLvnJcNyl*cX1?o$!zq7N-sMuT`AGZauj=XLR@S z)GVj2lP2PD(nZC5uFeG#pOLBumP+bPI2mlNh_(jVacq?PL+0c(<7N)!szFNGIH`VB zh|^_|o5?4Hd=R<23dgsfJRGW6@c6Pi5`U>ix3gm*Od}aL@*3Ra zjDQWxz``36<};)wKq0q^D)0u z3{**$5S}rv&9_H!aAc9Zp=_WDIJLhP@SCWIOG6i%%5Rs{W^*sgnl69EnOUAAMsr_c zUvGuzh<~Fa2>a63RP*23jtZ$G+_+?qF;nkis9q&%;1%-{?aZAE{^cAl7j%x^g5Tq! zKk7*f=$vS6cU%c5ne2jRI(F{KHu{&xIR)A#_6n!??NE8C|BONa;5p*Jt2{8Kt2k|m zt;M|ScmfA$ud3EUp)WojCO*Qh0w@5Waaa+*)Wz;Snx zUPiEra#PpO<-lq;s6IUvH2014Tt-0YT88X~`lx)(hCqf5rzWCts-mwqfif+C)r>9n z#}_Hiryp(7wsQ$h^m8KN=)1L~*>S4;OrLko$)r=CDPPU{qF%EpRets;p>9TnM%LB# z^MkfyVCbz?SS%_=VhpTQ$Ye9Li<&9q<1mjUQG&ks(GvgJ1)yC{ zmnxssPGhcm!3tl`bCFik5O6v7C1ahhmz<5Hmm2h`DX|wQBZ?D@( zIE-k#8wb@gtGpYQQ4sNF14VUZ)#&y0wv4TSOdD3_<JKRlCM%Usz1ik0jiNL}Pue!Z}ypQh2?T-=>t zx1s`x_cV*EAJzjF#@8kd<5~AhpdIsja>eO0TZ>H~!W>X5?Hs8PAbaGW5@NTqf?O^t zj6rPBU|nWtu_~jcx#9Iq3M)ag@**_+C+|)cHD!F*^`>X*9Ee)&E^~6#LFQ0BL__m0 zrH0hI8PI6b+Xw3L<7#+y`fT9C@)f!m_kEfGQ=X+o6>i>>#5yR&>!w^I)){lkZlzZ*pd`lcLEuKn&)eD`Xn5iNE%pePQO1JQ6%xUIcGy@Tqegtd3>Xmf|A!4&M&}tM8b~NM*%4R)jl3g@~RClgOjwijs=t6)JO|-$<3(eRnUMM%5yM)lbn* za6{e{6RW@jOnzd9l$mz3c+A2y&(GD;i zw60)Ge}f2C;m7ihp8pxUnEx1sPhIE{zOJCU7j5D*cTZ71Ezb_&4O5uy(*0RQuVd6f z!dVaFuh6y}+w#NI-TXlW8oaE&xQYxZuV#|CkWortdiz+vP!FZ;S;|z|22p-bQoyu_i0+PZ+@UvYd89RcwB(j+WWgtd*A~ zA2gip7LmhvY8#hdi!D+zkO7}T4ciwO+v(BOQAe9>A!PW2cfxPD#Y!t_SY=iA#$A<< zdHD%@5saKaB}UZK;+4-TJGMPFw*PdOiEWKkZTBdcR1GTp!x8^81SULg-Ks@K$II7= zm*#$UZf3}Nu2#4S#uO0L_(;8YS6em@rj7_%T;xxRS=Gr=X1p*V^l|Cs+F!Z~x1)-R zetQUSd~^6^ix1k9Z`V z?}>Bgdo=dN@`a8CzQp_HTDPbIKMO_hhJilY)19Q4xJVus^Lrrw_N%tiMDPc0ave>= z;}l=a*n5wx>-rx6p*Fe4ivRCBKq*;@ww`1^wWw4H3zsh~JQk>ulfNwo$);L@cW^_) zWhHnH52j(D_REv44L!~`G0Ft4r>0gBqfcK97n(VKnNBtJh|chx z^4IuDNsVW#$qJ4Ku6<8UFw&9}#(PGIH(1=4+n)+7N^qDHTq-Co`V7HTObD5 zl%gVRG8mESVSM*_p!9|xG-#)v+$K}sza!xJQ}QDw*(r{w8t1v1BYvh5Qfkzp3AN3X zhXqo6!lN~l1ZxR*-R1x1g^G72Klv62h8j}`Hqr4AAc3n^qLq1DR5!J5kLMUaiM*)h zB$!not?nZD83RREI)8Xxb8|yh$hZG4PsfK;^OxgA7F(~Mj$FG%yVEIJ^v!wTtWfex zOTkNJic46A`X0paqs8{S;Y*=P=O^21nJ-pV>B(I$rK%Or5Xy(q6R7QO4OB^NX%s03 z;BCFYJMhMt?RlqN@^~*GuqiuWXSoi!Tf(<`jx42G&}0H z2lgphr9iMBtBjZ^=uD*NjflD2)mgx)Z)+5EMM8@0ak&$vc|df$o^Q2uanqSdq$xm` zy?#&?B8622Ibfd*m_pP*r2)k_ax|r~+u2?COhJo==(fLc zQpN9Q;LIAorg5{80*a8UYG)anNB6Fguqtt*o?4e95-VHzY&!bbQMzYMnRt*zyJ30_lmX>Qu(J5?_Nco z{X6>3mnbXJsmtkNYW?-Pi)lCQw2l6R)94B1R71p`3f`9zFutt)uFFYB zn!o*f`!0gXG!<`OQgYCJ*Fx!_<8%Nz@u!}Yz2QAm#WFTFo{rHvp#@tsl5&PpmVoll zKU{uMcwcpiqeh|@ETDHXE&d%ejBB)k5(#N}zz#lhE#KY2?_!R3m0rFX+Sbp_BtQB5 zve*;Xai3K#to)^th3+`+c<2bN@{afyU+%t8;nKy$Csi4{;g8|}N^O1sSbo3m9GQRS znqMyx%MqA592|Fzf~%m-8?Pq8s~$$RekG^nH5RVRRNal)wx3u_3a{P1=Aaejt@b%d zd`Y{zFj+(NbI<1j_p3w?I$;i0?o04&ci3<2^n2pVG1=Q%#TxE};SYwN9Ma)LlROyR z6@r_?on^Xbw{kj+tut>9=wv<1t@7NVqM+4*l?U|C%<_w)VO9E66h`sjih<7{6o;Tu=}<4!+=YmQomqAaQf78AKejp*N5W1%&nj30g z?MVL*;+PF?AY`nA#!PheaufH%Pt8awu;SgOzizegh1I?2znms%6WJ7)oc1F-mL=LYtDsVEp~|^eqwmkH>}r(6CcRPkycd6FQV-mWkIUg zdkO>Q+7@K7sq#*iW?iXkBY!fl{N^3_*;%n*FdOmRBws7aM??G{P|V0(__I)AEx^ER zbA#JB`47|93}x9(S^AZa2$#tpTu6ftZ(c@Pe!yfTiXzRQSbcG0r8i4_&+$=>?gw2* z=lv(SqHSee*DR95+Q!>UsGI4%1CMeLzdzM!7vG=r-{2c?dc>DcE7#k6@yc%}8oha( z*c8FoX5}#8hbhMBxQ8C{BRkjdA>)x2+sZ#<(HqqA+8cJ`=d4XaQ>R?ZyRS2BYxZZS zFJG~*+>vN`My?ykP302OrgIqh#?dmihyD_wvCr4LEP0rC)+I^>V&;5dupoV4#QPw% zKw}%wf_$FhVMWt@0rMP4?ZG{}%6D1!MySR&@6;sIVNbi*!k2$>_^bf0@%%$~n_wU~ z;9(ggc;i<*WuC%{zcwBRebD#UKSy-?hPmki#7UyRg60KG12-4xhEtTXBu8YkQ$9f+({UHWv zsFpZ<8vYi$^G)BTMrN3AF~!vKT9e)PI>&ppj!vhpC!b-0ET$jGk3EBeM8dasPn%8~ zy`@76EXvOQU6TBytsYv?*>glFHhk{VJI8{`*AMYq&VPkA-k=Mb(x!@tna=2m6H=B) z?UEM1BoX3gm>U=na6N7-0%D7Gc5oQA)FH=xccnv2-(-3H`C9OT5n=ZN)4MM(?=Fe_ z$$O6q_|~S^S>TrPozE^=iemM~xC=Mue zs(ve~rOW^Q;UkkTd_{#nxpvRKN-b3H{i6QT6CKRt|5d@Zwk>dsu7h;%FO%`ln&akr zfkV!%&xb5FeqZ*FPZ#_1?a34>bXxki;kpDhNqs%{-x;ME=HHY3R)SM7$#1j6ozgz{ z<5<~->T=U}oJ3x^#CHV20AH(?H?FKka;Np7u?YSHp;=PRv5w#pe zaXr;1CqKRrS3SiO_0C9iNy0nqo6CiDp?&_Q zX_0+L2AAozjl$sU%|Px@pV_hS>G9%B=^4THUsu`*fK?69rmPpU*bBs3D&4NZqw)LQ zpI_X6vc0PIY5UqYEp5B&jd6~9Qz$tLEF{?=K&la+>^Gc+_sHp4L=*DyN5_;?3G=YUu`qeg7H0jdp_d{#ZT7Xy!5CV`+BRgK=|3QV1)77 zvVQ5r6|B9|(^AtX)@CA)Z$Ahs@DE6m^mX8K&a92hH2CoqLH9M#-0q9gSblQAud{3F zw}!q9Cku1t2;xbVkouLz*|l{-`F{;-Wh~+El8;(&LYx+OVabvm?H3drgq*DhLBeM4 zymN1Qd29UL(*h>#eXLcaQm4na-#6WG>@k%h1|YI|-aCdOKZ1MNe+wqEI~1+1YvW z+I-aIuSTa9IU*7QN$j(A8MP6|D8EE;w0K*`U zb=s9jL7}E8EpzH&B!u{v{WR(`?;y0q{5ucXd;!J~@?_S7P-zm?g*}^nLV}Rdd{m2=20lJ9$#r+UHT{ewlPe)PAPhJ{ zYyNrLrF>vj&1{$ZaaEfm&!?@JyXP4fld#*fr7!Pld*0r{4fEn%R&!|Uw|xGUc7D>< z4>u@vqn`zxf43TyN3##>UdwuEhhXz7Y;2F=R7X1o6xHn|{`vF#4d%LM&q2UUD3F*7 zJ^i#=vr$j}J8J~H`7G1xGMtsPYyDE!_lg4Yeb9_*z1eDSr% zK>OKc8F4&J;E+2_IpDMD)>oeB0mrLpiKX0EOs_aRp*H-qb;Y4B_#$UbrG$$3XJEOS z*5?MGN?olB_R%^o_Th3Y^Wn)v5EZ2?a|8^)H$kZDiCV^A48JD!=W3ep2k^4?Oq!FO znDdU+srr8ZettBuSI{HIqR7Ox-nVzy-z$L&gsxzx!uCqS_PSoC-qKEAt!aPk-|;B0 zVr8}Ukpg0Oe({XB_0d+cyB(BQL=si;53vDInEIz|F7`6AAZ=A9etbg z3cNh{pczVB%#EK4p=Dm6m0}xtm))!IC~&o;-6=UB)y${l76T0^;}U<1=l^uFX-#01 zPpl3%&d*%mgxjhYWIm)p{6T({jyFJ$JsOk5klCSUWnqtKKka{h7Hg zavNSnE|DBC=DVU07pQY~hClAQBlOhl-dFG1`(@ugRnZwgD=O_6eHp+UDDe=b_Jo3yaDFyC|Y4q{!IYu8&{+1y6al%H;1@zfAzKfC? zKq#zN=9>D9+Liv@HQJ-F;beQfG&O8kWbO_JHD5^fzSI{))+V4F@f+cl~ib=%sPIqlE&#c@}n!u0N> z)gH+$2CfgIvmR_P>DhDqA?b{rD2n3h_M*`iY4xPWqOz?~$K_u#aWmN&1ZT^syI zZT1Ndwztpb7(%}S+o*^DvSzxG#ycwZX;?j*Y~! zp;OAOr)QGcfxE=1rvF3NTLwh6cKyTBpdcuRj-iJTk?vM$P^42@x|^X>>25?yU}zYm zK@ny^YUoC~W9a^G@B5r{KktWkzRY}@*>mk{uWPOKiv>gtlx(%ovK)>zJfG}y?*XT7 zj)4^<;#W`4v$KTtHR+FRu4lW`sBpp7u1GPCa=4GLj}w5z<{A5J6`{^M?&r12yx+J0 zlC1s&Ia)Te-dKL&M*i}lmD&wmBFQ&n{S4mB$QG`2HZJk)2j0_4kK-AQt0Smyzu&I? zi~!O3?g|+v^Y*t+^R9g}Gb%j7fujv&G55BfNC}@^kRd94pS{6ixbYL#T798*{R?H$ zzp6%N#0t6^?&znmYL#t2t#CvTOfIs{8`6;5ogRuHEiclz4*{Wix?^O7n=fV8?)XLf zUdm}oiB(ly?d?zD+AYZF-?b%n2+&0o^*=2)MwA=h+UP^*I@F@mg=&_&yHmVa-cr{k zv9hRi^KP-^isdelNpOe3;{bK}YtTZ@p0t_uW;^2SdTNtRexlmLJapl#MHIR^)LU&JMD65@IDt+ksaYu(vPsRIfHU|cY+F! zSxZf=%{ZlQbMZTo`i^8*pFG4`kq!dkWxs({2UaK-aQKwmaPNlbD^gm$IS!zISMn=O zJIATE{sV)1fZb8S47R9EhI`Y&9ggOP&CU;~sv2NwLi*g`10l_0u|uhH&@D!XQx%gW zp#Z=p$G>-R?Co$}|5YRL-S)5g`#5962`O-V+LYtKgHehT5{-x`swd{uBl{<= zOZND5R7CGi9GY_)jK6=~6jby~TKJMixf_w>1=5SE`z!e+n|B%Ch6N(?`Q_;%ZDQ=) z88RvF%Zg?6%;(kC(pNJaueM56hk1H8A0Q=kDA~sKl1RB_d|G_hEV!~cd5hntJ(c1N zb&i6>zoVs-dPzSR&jDw@bweaFqgobk2jNc(Bb#M;=)30Bo;R&NRSNmQpk#zg+0M9> z1{_Ih&)Y9dlUgp7=y5I#z(@TQzl$IQ&QCD6!Nr^`8^?+Gj6C=L~2?D4v{13 z9amr2%?cGRsQv0UVZaAM;;&rZZ7yK44Yf?R z&w#Zrd0KW>{L#Ss=NfWGOwY)9t~^CUa2n^=>u9@_z54c3pI7_M*AC3X_wk|!t#wC- zm<%y-`xAV$mQv~7tTF+eLu1!u9T#Djq>_i#sTC_X)HJst?L)%tCcmmzFmCJlU9v~l zd94QdasUMz(J;;t$U?pS9+FS!OdVTuTW_ry1K@lCcYgW}=F3B;Z{=t# z_O>91#Tr_2x=Es~&^H)+my~=gCFVKu1bWH#Sc957JR*yn1-{z--*Pp1zO*VTHkCcC z8&T){74PH!<>^*yz19R`YJr5O*|s#gq5*MXsTto7)(=Z^_~8CoO*T@fBz6oBy^q|= zt~znx<8zRUnXOoN>bN1T@}UvWqMgw3FJ8`=2%_70D!NXqZ0B%4AZpihPR1Lo;u6g^ zw(Z%Y0Ni6})uCyP)ORU}rmzk0!btujP%frwp{p%)9q{`8dM27r{_u}hY|Uwvp7b}( zfmZ||^1q2_+f(XDD6d>e~j@am60GI-euIPIwG+TC0xAS_nZxRa&ueh*{1X#NTEz{FKlSIOEnU3 zx>z}j4~`(|K7RPU+~}13nso`VQ!%}4Gxlk>yZjs24C(UG`i8YcOop=oHK?}vv6_k? zF;67Hf(sDSvgl`_i=-Da_>OC8Ps@!0)z~7Of6~BA1WhilUKpO#=5bLt3D%Zi1Jj~b zIOLVPYh5;%v%O-)m<}~r;9YrlC*aE!&^;@epx8v`*5K*07?JS!2k07fs@LsOm)jg?7^GJBQmmkjv>WTmyAFt?Ch-UhX<{&gFLNHM~U(9eiiJ4d=f#q5GU{dAo>9Q009Y-u<7^LnQF;?!O;>djnqy1qSA7M z{me0pK04f{Jn|yWj|VeeGJbjt%aUo=wKr`DO%dv}p>}^2ju7S$fDZF|V;+$rn766dA^O``#3xrNmNJXtjrrFDdjpn9hr8)M48HQ}p?=EoIl>2`J1 z*tUBAj?i%J@v8>8m6B+Ol$E#{LsbbIIqx4&>Q<8(E&Iv|v)ET2?x}C?rKak&DBJ1L zgK4?n{_ygi{{%~$q?J%n6>*78JRr3mk-6};-Ifk03Xrj*YX@CV^{%!a4<`LF&=J56 zB!0F%M85L->E#?(;k8#_pmgLdWk-C3eWxEJheQd^+ntWWo94!(=x>);zALfYCx|x> z5c+w+L}2JZWiL&=C*!|sQqH{^XNc|hidr{#5fm>6UL#JkSBs^+$(0pez@bZ>Ql@S6 zr2EXb@6qr)0Zgm+ObO(pvERI9j2bpPM3n%F4sB8xp*V}mcApHbZ-c*jyh0L-t*Auu#j9&IxsnBAe(@^z_49Jy{(Y5&$$Z@)KNch9xN^qFME9rdh7_A8M-FelLtu)9&CerHuGOkL3TRM z1p{O40v`PrY9PmlU7#!h+l9~w1tJc7dvpa59^GN;|+gfkb3$9#k-sOK@snhQL(ibyPs73NYec2G2mXd7k zSNiUC^lpNBzaD~QG7<%5)>EuHDb)F8D+1fm;W*n?kin#vi5>y`VlG{-wo3Z-7f__L zKo`}zWSTrb?^r7OJQaeh@;|GC@h1~bzj9A|7U-k8EL01YV)q1s&1m{hnihEwL?2g7QSidE3Es zZ}M=Lht5r~5zDGG?JHH>*)obft2d8x4?!KGKx znth_M42Gim*`OzV`d48|9|rq?)qy?uWv}G&Pc6qtg4t$o-0th%6JOjDlL#8iMeX-L z)0`38TrJwOwzfY%^M&|3C;d?K`MZCI|Yec?c8VMi~Oh1-xdz~S5f0` zVpq(>6gx=1?TMpd^gU>5*{ywFshsgb)kE)v+zL1fWkDfo0^O}0HPC$#koqf2T-GC7 zP-)E)@yj}CkH)V(OwO~k{IC!)i-?doF=^WBp<0{LZj~|e0|+NuLw*xC0I)^$m?yzdAc!p&5ww)FEI;uXN|KSj!UaqDV9Ch?T6elEx#Y3@-e{wv2g{Hm`w*1m(gQu^W@#2_R#19|$ z7AlaRg`hkz=P{Ao{2UT(UWfh@Gbf6Y*i>HRfQ$F-dYe4UM?d@sx6aUAU`=1>>+s8h zlB`a+5yyC9?;Adme9)>%Fu@|2{bL$A*d=~R&XLR!XMVx3(Y~f&tL((4pqp~gXP|dYZ9-HG!j8r~q4*pqs zoS~dWHS8K8ogb1Py4eUjUUj;=+(H-&t(D)dt3nL?k4_8BliifwTG)Pp7z`;s(;6M0 z_7v-$C;Sr1b@*f@w$qdBTiOd2u^4VFYfFQp&fvT;pUNN21cuUt^#Pg~JDUcgNUg>| zugsrU_|AM*3XIbu@qG3xVYa^T@7fzpQUc{1e?R#8Xva5Tt~_yBxatjknzG$=CJy(i znGuxr0qiyEh!*B9`z-GxS2ZqRMw)++FIJAg# zB$C$;HZK)PJY>RkZcRzL5igP)-RMHZtd*A`!TYmM=ubE4F1DkH+4FYasSS=0Y%xeO z<%$)q5NhQLqZT&*z!Z$9(8L_y{U(^=00wSs@(u{~JNxP|w=|6kmuae+>%~;g1z)^{ zbi8e_(Z)k>=DwML$#ILxy)27GU5gAs|1f3tO3lQdAKjDsQu)4StJh?6T2a#QYRcm6 z^G7Rm{&?0yd|1;*ZeifGxRgClw`$TVHrXXhT+r^bXk9vCQP^w^6&NM2XvR_j6`2&m z7Fh`j#=&NM(WCVVl=Uew0^l*-p#JxB9w~0rZROThE8ERcai?FM!ohnB^cqFHvvPa%W@-IoAoFf<`7N0S{| zy@iBsS{SY=&Vh)GgK+IU5rtMW{ZAqzbMFV8nA9ziay^aDd8Fk8<#tU_gHKR{vKSK2 zUbp2077*T!#qAZrT~>3{wu7h(GjRwpwI(m4C}}C3RyQnl?0Y@j>MBxiE>c{EyR_p+ zsJcbs>54|00AX15L+hz{11e6{p?9oDW#?MSW@#3`A~XFiqTAMP9QU|7#5SCS&-;N6 zQsP!(qRnl`+Mtpy3CvojB!gI8G&zv&ntV0exo2wmM^NAq&P^Aoe(dEotXHxzUqi5D zFX;fuNC-O7D>oc|2lLd=gP$r&kGgudvyGTRutr$S`Ec5PphKtAU1u8ArON0htxf-4 zOM$4v0j2-G6=Z2vju*tz^3n~nd?Wzk zGqn{Ar3}VHTgQ;MOR=<|bomuA62AsfYi}k%E1_nYhVq#)&X(a3LEMf_7~t$zbj|Um z0HHA3PeK|eIfmLp8amxKAUc-p3E*WjeZmJOj6>Ifb~wFcs?{Tao==mSBX;%B`?4{b0X#|`n(d4wPmVc zbDAAZ%P7+RwA7qXv6kW+^wL*Duvbr-4Hk1Q!34qWOgEu^`d}q|QrfE|i@WO<=Y@b* z;7^?13yCfPG_&p#G<#u3%1@(b<5FDm=;AW7FJe3?9@k%DbK1_cc^4+mg(cplg#N?n zA^w#H!=($4m(jAD-X3_!%|wa*t2>Rc9IE^=2g)#X`mUl`#zVK^EX8)gI^2LKfrTKk zPi{cxZFsBf=Sv-m&}3VdrFh@Il4o|mF+`znj&u3TN8>HD8gy!2$2n@27^y-La)+8$ zZbuRVTdj{C<-aE6n7>;J@Cpo*y27i>%Om=(eSry?`YAfI&v;VzDA0b% zAc>3U#U>F?VzLp-2^;-{@YZ-gh*tlQj(x0oH4(Yy}gG0tn&(SqRLLl7zdta?Me zMA+}7eQ*2Y;053M9B;YiFIyxOCi(1e>!D#cqfBt)x)-IqkNV$x4fc`q?1(3l9!-5f zk#jbUzJ%z_GJOR6X(Xf5pgB2}0M@+^S7-)_L0`zy7c#)B%enpPlWHv7rxSZ9gjTCD z-g8-z+FCVN*N}x)A2B2>iPuePFJbiBpO%Ses5{5i?JXGPr23wj=6ekF+B>qw5e$#d zKk(2v)~8kuwCYd;eL|~wc~{@b;EAMD&E$_kT(Xqx1P@cmkP61j277@oWi$7tDG!wO zp)%J6$hD8f0;e$6MkM#U?PSIFcYQViuJ+Kse27s7ob1+`iCQBUECcg}Sn5BeHC&}S z1*dCz(p>_6gL`P(!Se_F{(1DbP53)FQ5?urY@hp4>*gpPb|}y0p=%$;Y8P#6pjb9zgo8Xk3NG~Rj4R_^?#7XV z=mz}Tv!noAUZ$zjZ`o;UsLcX{xE09TJ_g#`u?+i-R;7peIJtsEQx6DIe?&zPyj3f3 zOC}e#38vFLRcx_tH%d)(Q*dq5S3EUB948r2DrPPi3@LqD|6M+EYrB9tbXIyF&0Q>f z&e!vZE|+_G#WhQM=Ea<54tiaRzWzvMqTCDBnjCS)q?;i4q%Gcv|3f=jT7tjXTTiju zObOmH5q97}`q)Zz3_MI{$&}qP=0uuK8JFZmY z+o zYw!WpA3i&Yt(0z7up~N?w)B4TZuGNOwuutT$UZpqCG%G1JHn=i-0a$$TFl}sSylX> zG?4aVSTvv5zr&pN!nWAK_f&f3y(%8rUSgB92b0tF8zNB9@N2!bF$_wbs)_rJL@pm! zRVY@{O7xl94JKl}v7ZL&#i%3e%c!^Zj^}RyQ8j0mkdcqX`|7KeRT9(ROPLC`i-FJN z9uCpsbyf+6+tGHgoG=4c)qQ`VbiHVYwbMZJgS$;7_Rmf#^cP)so%L(iL<|OHjj6=A z4sDU>KQQX?%mO25#hikF5u|qJW8_r!Y8&T$)WGmjLYlE=9Z4IZoL5Df(4c9qn;pKcmb zj4<%3v-t74x_$l{S3Kq)y~mKd7$b;lrLE@?SL<-Q$3R4rm*5oM>;IB6LxnO##f>x0Beeg~K}fydL0=GMHI2zuyP_Yv;rk1OAEILyn=7@{ z^gyemj$`WXJ>GZmVM5DGav8ACMUDsUd+tGbs@;!X|9v!p*iTLk)J7#;Pi$d@Jkt?U zFS@`WXK1mr1QEj%Trqv=ymSAdCp^D|<$OQ#2Of2Lx#UE1`!{Ci=^T4j{L2jQoWMFh zk>>Q2{!EXr%1Sq_T9!lfGP0TzOP+6u`UNd^U77OTuH1ni|6F6vKh~n?K^1XUt2DOq ze8d6mp}z#2Snfl0G#}Y1!DFewozagLA4-r1?=|0Uz{pE5=8gVQs^Mbh3Qz4LPyF7z z*Ceorw|NkRt4=dD(Mf(7ZwTbG_~9B>zpqAm|1M5}e`yC1fS$k8Y2c^uLHHK{y?(rnGXB{I)-8p{sRS;RRmp9|Xu@gqtC0`xl%#KOO^Gf? z-^J2CP(z0!jbT#nzhMN=jgMO}O$Ug4a`jLA#8(NB+RRts39qYft(wV`ZbB!C)x_xQ ztcFzme>690``mk!7X9xgFEuvh}$E&O2l!e-|Ct(f}XGpAGS%2ore;iEX^}I`gFEo>pW2Up}e>?H8CoqaX zP=j|bLWe519-3VjpcQ$%HxOFxm$)spB#a)AmYHHJ@8RlNS7C6Sdid{Me9_9i@XiITSVxl|f0|M!~@l|L7|9>9oIRjZzw127GBjlh@P+Dx@59&^g( zJ-N>7@%Z1ZA1S+7TyF0vBVzKa_|@nEQz-otIjHbP`BJwrP%pdu;_iiK^4mt+UF-NY zcl)er4<@cBsVP?d%MkD64VtN4tF>GV87;>gg7^00zu0i8l5cQ$*(}F)*lfi7m~y_< z@3Yd6=G?NL@gg~_iP8^^eJS+B>;+AQdgYWgfkGDvc~mIIa(AD6>h{!7n_3^a_nL8x zJecy2CaIfP=G~o`7LMPLzU;BU>uzc7|E2}I$E^7X%EQ~#Frr?Q16k}>`wqeHCe2o!fMd+Ofm_?L^(bR+celRQ%a}?^ z(VHtpQ*@A?`FYmuo-uMH#KFx+7f#gM0$p{kCGZ*=N8s01rj5%;Isz~FbxXBs?#T4W zh>6ALN8ac>n5zk0l~NC&IyEu?&g8G#>{fdEw$c$GLbh0r|1S&x*PN&$%gWEXqglp2 z?{oW7u5s>e>S5DzYRjr;K$Gg7*K~}_NYP|J*YkFx=S^GmP43Pu^=u_4r!&ni7AS2S z1fhYf1pSxzEz@?opE7Utvh)l4%Bp)rn@$(cuoz!QSEra(Mn%+LJ><83fK-y0l_`fO zTE#Ka2-Tbi;s?Hvt(F6(zwu9Hb^S{fgCKGU9k0 zG2^4K@8i~F;IcyFa{PVmi`%%yn7Yd@6NL;~Mwq#VkTyz@`sJ9`7tKNKIQk)4LPQuH z#|pvnV*d9Ss>@Uk$l$8^(3$1;%d-T4##Fgtp@k%7X2t;+etQS zt;)U7vCkW-8vTl2s#)3fv1=QiZc?FG{dT{&QnDKKS@;oTgT!M>9 zXySHoJuLRGt*z9N6x9s=N~WUBL@kTO@nV)zzJ|UpB;`dF>PZU*MrEOtvqqW`wYxI; zU&GgS1*=+GMAveC_Y=43N`QeL2hUVg5TYY?xBi#?#+BCRQ#iSFb*+R1CWiGN5}p~g zPQed>aSDuocnp54jG!7%-FsjV!OVn%Ja6bNU|pZGA%5WPvez(4na^_17$;_GY#n|m zcC}gX`m^x;x?l$z7i3Fm4Opu@U_OKD-OYw16-9}dUEq{#?PVD+NBpMwI92ef{%B2( z>j@T&<^=LhX3-6~dqjKF_30q;aNJgg6jBv|KIH=7&j?`kRGT)xeA>MV!l8`^CR-$- z0RDKtoz*ixfK<{Lp)0n89v!6y*?#9TWfFk^xWiQay^ijHv8!<^(5_1X`oA|nd;0%C z{s-yDm6w3t($d{L`X6gY^dA%~Rg=TvqTY7Ek zA5&=A*mNu1U`m=4UQH#>4BJR3ggsivlCA4ZRh*>0zQXfVMOeLxl6!@>{k4YC;@7tt z5$h^NZO^m>0zx1if+5bMDR`q_)G=qJn6+2_GSB7W00GQXSaTa76U|Zv<{~NQiZwmK zIa+X^G>my8`w%YZy!_JI+M1i;*O`GlUnse0^`wz6;*a>a7HTR91hO-WKa*g_mvw)7 zAnO2%;p{deOeQ(|85WGwTv7%*zu5Q+gPQj7Jh10Uh0bkb&*we!PPwiqsz|&R^Fj6m zrUcHGa=3(F{|xF#zl~o7COPC;GQPjL0mh0n%u~i&^kA<<;^^LJ3AQMI#c_#uLmksa z&ohZtUoDe$u>NPnMkfYgy$I^q?Vl2%)2XMEg4RF>;g(}uFgR&$S`Ob#Ww9>hcryO2 zGL|1X(xBCR+N=*A9N>IKA?Z^XZEK(CJix5`!ZVg{BjrOGWi%kZ)h$}r365MZ97Eb| zD1V!snblye^3l^^xvVA+O{o`lU7zwDRvx2gBHE}i>&<+wHK?brzt^@4h@(ffx&X_5 z%;lR#DE+TO>0k7`&~*A0eHXbnTKm}ndij;!IKTwpkL+5jMHkPifg0jBok8LNC*rUt zazlN_NL*UY-06g2fV(C-8bG5PUN2;g^E;5*SC8OQ%Jk!Rf!LoNZBOWTt$zJsVZRR6 zh4i#rj}}j-|FHCMc)tTsq8vnrW`;PZqu=5Rui#7W0<%%h>b#NKXF~mNjR)wM`%3C{Z)?|IoGkL4qcqsS^6{Gb`7810u#iL1t3Fr zhp7`xzehffvRI2o2%D!xU0yHV`)6g>DdJMx15;Qev*4ml7N&#>f0*|bmiGW>qxxpF zL`|^GZfhO)(z{o5!Ne!h?3&}iK`n#lCmi!78rAwh7C5f7qSct-H~9IZK9^vcDUW#O zt`j_YrXa&7)ZQweJESB%DWn424I$SPZ#qFlhpt{?2ElxFvLO+g@gMBWUikp(;ab2n zo&4JgQfWX7&M(Q)bKrJN^y#PtxI5DvQLY6bTDtx6FPF%RTpdti~pUWJVQ@JWa=MlyPiFbtROx(xE;EOYib)a3(h%(*uPo} zF)PV-`KZ#KgIfn74IU5$+R%|NKx}4D1FrWPsl3B+3#e-G-#Veb!(4E=FIn@XD22Aa z7VH{s{}~Tb{7FHwnH~8YkQULcY zEM8%o(-l&SSN%}fe}mCNZriHZ^_-}Op)j+3=)%-bCVNQiSlRa=GvbXM=sW`B&(x&d z@rON>9g_nW79`a7txH&3)ipo%iQL{9_gMa)W%^38pAbL zJo8|S@~qJWr}4A2n_G~}Z>)|qcO}{+Ln}M5+i~) zXmasBe;3Wq;5k)wTp~i2EutqZYw@NJp3vuze87F6uLj|tInE!7 zdLi;)HQft0sK0t9#>ku=V|63asBdj^EpZ)wHDOO^M|J2?0vc(gi@(A4g$118T;V}J zX+QSb#E{Mrb}jxne$ooLCo4?Ed+opW%v$2I@MJp!2a+{U>Gw6xkb0_nhfHw6tKfEB zlrT%DK>|3vV}xX5>HF+1E!Q#$u~6ce{>u(=;%C*`0$x);IcRn@nwEke?JC_s9ga1R zLLQ62{npFp|Bd|S=)mJl7YMJm1-eWOun@Frj8yLF6?Z4hGQzAB>Grfebwe@FO0L$?0(p(5w0qRL0b z_c__7TuhVf$x$JlQqjVm6yS*mUv_8pXmkzZ&ErBMuU8i!FArT~Roh3l3TfgW&%ruj zI0qPjtvNG@GsNww+P!aCdjj)BYpv9MS(Of(?U^uZihOlZRKp~O*CGye)0y)UVS4RK zC+H>p4|3-VA;x(N+zSNg&A(ZKKC#*>=p=6++5`4CebVmkG8M$8xULGaN#R-q1^f_Y z%GV!0j0<~x3TGKepENUyvynAB&2SCQwC}SIt|$~i>(Nt)NioCOP#%OJ9Y{u9VZqnJ zTM`JcBpT6yw?Qgj-Y&*+#!^dkueY~3ehtb)i^X7N?a z*ekGLcu(NUW)2G$9x5r)nJ50+3IKA|scrJ^j}7Vu{%$kvI~8&sZhCK!**xzVe;%$s zD}|9k%Msoo=Dtp~ZS=}&dH)uPz;AXsbuL9V06RgeAK0Y*3XbiT`Cl-z2-7LlR4;3D z*njN5Wl&iXyG$!&Ho5JACCMCzL(JEwWlzF3RQS{v+X4$u+r-WCj zKRYdjKH&n~?sL%v<}QpSUyk2vS6P46`#Q<4 zzS6jyP|X)JX*<{i)w*PR)}M}vVlYiOkbCAM1s|8adjp2cjmwc&6gOg@xAx^G z?o2q`f9`*r823vy0HaAdE}bU&q=*=xb;e0%E(@o>1mX^m@F*5m0>pQV!CdA~w0ejYzz zk0C6n=f}dyv2iK(je4z&fV6hQA+0an-pBs@`DsF&Qe)ngK+i|oIth8?=(k^&S7WF5 zPcu%fSr)$`11uY7OzFh~)Imt8>8Y~w@>5jlFKiLq3|qA!?B#~tcC8r*J<@ezE8P=LvyCab|pjd198QzLU(4JTu zY+i@@5c%9k_lHJV4#@VoLi}ch3_i)GpF0zpYd%8CF?9C2a?(*My2Qu`8qo%gWv?rZME?Wgf@zNJCubJwrHk%0S}&m zj>c|*>ZkvHCf1zwq0gJK}vUH-MTToL`b@($#+t=XjiNFsv)>7d*|&ar8A~^ zByU8aoPPw!`?x&y^Tul=6;H0(3frTO57Rr~9R(;e#0lLS+Lu&GaNlSM%C}eG2^G&vxPvY3ft?aFEe*SekGX=yW_OZC&y>q3tOa*3zWLyua>-|pA04Gkj06{(`69tjC0TAc zDu}JOL01VS#Az3CZs!WipgZpX#np)&`dHK{Q>mJn!RAQSJWe#RsLkeh2aZ+%vf=rh zYb&8HZ7kf^Xc_6EEGf7BDc~@~i1?7??5n-MaigtGP>1~F%`{9)K{K!Ez&84{v7Rtv z@i3_m3X+SGyvf_Lg*R0_4cNM`P}yxS6&XpG3gIkOfp2;vCo)4^8?|TID9kP}K-Q4M zjH?poytDSkpa9kov$9DyFnyF-UpJ`?O3GChO z<+ZP-uH?~HQqqgTU zd0DFHlM3Fy3{Mzb_s*Esw(pf`B`+Xivz~luSUaMaZHianJ%X`2A@?hD=KM_73KBb6 znUzm$5_3mh8zkZQ@(udQz^AN^NRh`-U!z*fgeUADA(954hN#q$Dtfc=lkE)Nl()2gAB>)9jM29yS2wJ6%1Sq z>ud)K{L4w;B|LDOyN6pvERV$I3YF`mH$WG|{`t~FNj_g8J`35}*A0&^!hBN3jxVNf z^4&W<3p3&l@tigHh^=oUm9{hC>C}^?dG$eCC9OvG#;esP7`~f$dZ62Yib8izo6r8# znrCg1k&+_IMh)yw2Fc@w}{_R53WKYQCjb?#9j;JbX#2+pMyO3zWW zk*{)OMMANs_)>G0Zim-g8b+8wNN%PF9!Q+v#B)!nxhrxJz)t9uTxS&bq*-T-y&y9# zzT*a!a@6DBbj7k9EBz3Rs&WygF`H4PcFn{Im|n#43*BRn+f%r=QS~e6nQ5a0efZ2Z z+yPY^2A!nCnE^xZ&!3JgSCX77Co2~%TrL`?lBeK>l5*==pV` zZOhx22OJjU4+&eQY~&ZC6B%shFso3CPK@}Cs0l|*`w+}7v$Cr0M}ir2b10xv+!{u}ZX7o1HK zJmc7vHL(&e^DKwKFz{Z^Si}`Gq;p;MLgi7NPg%z=N9*iUUcf<`NX~df7~NR`^xd;m z^)_v^^@QX~8L3^*KMpG-EP|e6MO4pSmWe19Kfd?PCFRna+lci zg{s1Rp&wke8@}^>(Di6k{;0N$YhYVnRPs}gE~X@tv?|C}4a2~fT1_PS{wW_|#E0)G}FUezI~gHSm{ow?AY4xo);8l<#i zEJFHdCL)thwjC-V75ED`UEExip%z6aV43l8>hNDr~`anq@c-q)B)S^u>u5?On4lHF=8 zVn!3NL1hovXZm2mInwnH(KHR@ov~A-ldp-Mvlr(CUq6uoLl8GZ9U3L&*z!-Id919J z>ZP0Jy5QK=k;qn-%uniA8VL-ognB6?QOZxdWSJ==1GFCSuvC#{XT1Q@OF0}A=IW`A zrf+(+;1y9qVbR&=IBw(drY|aUh^+4pYc|gyk-kqMndWu^*9x++0g&CLM2QfI9`NNM z7<}=)2Wm8Pqb8es2N=njcI#^JR9chu(LY|cWy=uJ30j3QwK@6TY%VRtazW|dWy8Hf zbXxlg&&c@(X)k!>#(Cyxr6lP^)4tNB;$Wp)-XTMc+MM3e`0KvSOLye|%qwcN7gW2Y zDeh3hrY>x+q>7N6E)|XnAS$Y8BSPL}9}R_V+tIns97d!R3^!|>N@xsAROE<^qzvr5 z5nj^+^1|7qsS@ikrK;nt#V5#LEk3&An9VI)%869#PQT9R-=lo;EGyqIsP5>ZItbWU zlPZgAip|CGl#r1dT}q7T=|NjfCEjH61q7_$!>kSAz0XBwf-dDup*`RLd15EU%b6GP z;yx(sGoq@=NL~G%gfms78*TB%#2Wv=Oj`79C+afl`&Cf5dS*oXtGv~@o3hhtiP=fX zOvH_>_&nHw4!xT(kA?sJ7Geuq-d$hfvqh$X7FZ_J0U}>j6A?cp%Oioj4hK4TScTj; z)xPQMD~>|$&x%&kL>L_c82>8n8m}TxJr6W=y(=z z$;Q~++0$hBdP!&HcoCLT((Av=ou|`UlumvL{Wunb`|695$z-XY z%dkYDG_TIbJ3?0~3FQ0Yt*HM;)ma9$5jAR<7ARDZmeLkYad&qp?pC0Rgrh3y$>27WlwnA zw>(mb7dShT7==x>nf4A@aqFxNBu!Gte~C{-KaH_S%V9}BTy!m}#(a#c@6aR5l{|V~ z{8ICN(=4DeJjxl@4M6eU(&5^bQ^_4e`py~!^#hV6X8tMgMg|#VpDw`8R|rj%Qo->ZHx%8Qkf=gG4?;i z(_oP&Uzn&-NRv4{$=$Z;Aw}aSCFVU9RNn%627S_h>67Jj^)}yyx(wy$AuF(TmRGz` z-j{tidQ9vMlyIA*51I{SNv<7$9X#oLM%3?!=R}ETNh;Vfa;@qUo~2Z>pFX4OdM7 zsY;;Lc?@2hj&t%g6%i2sn$N14T7OfX%2G>^&R#Ejp@1ZAMkt?m1*Xu0@#1s zbJGpcFxOXV2dB*udEYNBez{Y7=RKm4<^srADOn~LN`JbLTFYcH!&13id{}8DI^@5^ zo5OgTfA6hS+?nTy5i8+<3=*c#P#hz;$`w2#=-;0>oQR!|t(CN8zx&>6qj82|GxwMI zm7D(9-(%4tUb?es>Dv^pvJUIw%#9F#hv>lFC4x`k(oMQ2sb_4 zL~+AB1Y>8)0$!#2vkxAfJ8#TE8U?Q#)HGt2Dq8JR@$e-b67Ex%AQxgm4M9W+a7RFz z|LuH2(!Ui6-TTyE#SowGEW5bY_Quoi<7b#rUlIoZaA|;GOcZ_~nyAF1v;{iq%Q4LB zRQzUK>&M@$t`njP;UMbQ;0mZ-pH;(3GrOQCuhsw;g+I!a3n$qbs{cb>@sozMKm$Sh zY(e3Ucnir{l7EP?lXL!Wiid+`l~PN_Hq{FLiYe^cpYd+{1AP3gz~vrwf)Rr&?4)yB z5%H+HraZG_niN}(u#!0Nq^;ub2Ae1{K!u}CM|}pJ7kj+MT)+P0MlIfl!MdRQVlt@X zFj1^O?!n@QeNA#rkPL8}(O*&nVpph3 z@0bwPtk+hhNsE1X-tp=}h3ULP;s@V;!{r=k-(uE9K=PBW&0k?O&j6tSW&-Is0~6uR z%C^h&i_vOOq@5+m!{@i0^xJ&@R67hit}VoLJ7907z)j5>ND0F(iEDrVQXi>0p*Ghx zD)Q9<7CyD?6Wg-xavN*DCV}!>Xr7EF-SC@=%b4#W0a`BJ1PiYF)|8iKKs_9+Qvxgu ze#Sk(fQK=E0pxJvx^+-VLuppzAFXzrqs5#wBGOhocm0zLu1fj$>f^Vzut7LRg*k1X zb?J0O=;^K@N7tdc_bHK;hieM=iR8*joaKea15h(d=8cz*(3az%?~D2C33SywPQ#o) zZh_NgO4lpDUoqTfci8YX=kze2#JPn1E`{Mdf&NWFxd=s{!p{3j$w^NE%<&To0+TRO zCBdx^Xg2h;)NkFD6n&xuE-d%ayiVzw*_V$a%82dnpiJFfPvq^2Cgbuf*etgRmn?0R zxkGn!r?r;wT-l&Y=c=!c;-t9C`yVOGD|z!JTVj(A9!W-hgSEqJtmPZ$&@L0b(tYu% zL!GLKIFvq>^J5CF<*+Xtk`v_wfba(fbrbLd7>~2iCqKVPiPgCm{-kDpWF_-aN1MPZ z7gNVOr+|rTKleq(5-{wmq>yOiC5bo?Kg`cuO76r0k`Fz@K+|K zSZfBGv;tH_EQ@Gqy=?@#<&pKhzRGkV9k#CXtWCf@4dWkACwZ%gJWHW!dps`>44{ z0x6O1HlLlv4;9$uc#5rd>_;*g55zh{6?{35943mOLX2;&WnPEGuzxl7mBM*gF?Gbh z_U^;9x+=I-+)#^lfujG7AqJ9u`ctfvF}3%;&v%<2rC0)IhM)4l$IaaQ$rQGBr~Yo^XIl8M z>dOz3L_7awAvl36aXMyhl9^Oy(@RI!iKFTNVyOd8D8_ORRQlYc`5j$dj2`T?;;fxWYo0tW?|RM!61trOb4 z)KT`jtR7L^y8IC!V+@Sfeh?BWC?S-1Ix(J^&AxnhisKzl$Xd{l?I6XTc)4WX>K0SS zrw3B&JE_TZKB;*fN8A+XSVuks#&G(+@H@Mp4-vMEA|wZdGqx2MFI^KZ=_6?$Osek9 z;#A)t8|9N1?olSZxrL(Q{d_Vk!DtGJS0T1{N{cLZ7UPn#k=u`-CP{mjTdc`65USsN zDaFGtCrqU%ktW7@Ty)#<-SnqeQc>EXgcZp6FZlgFu4!J7HF-@#sNC0qQqA~K62US_ z8Ydk}c%h$yt3y>vh(xm7iiF9V{cpT*q{F%a{Wmr!E4|d6<_umTgf|`zqS}e|20eQ@ z@?PIQ4UIMpGy%h>jq%5xxJeKE?Ms;OTAgI{f( zC3Bo*udxMF%`{LFGd^AVW^b zcUP~t9%Hs6sn((*)@znps_??cy>q}h);~7&FWzqUBOu#xUN7UK!p}na?BtQ8d7M=sVH45LK~scZpN* zyr84YaTb{Wv8J*a*I3&Z{u8;mb!-xB7W2y6R6@}wGHvxD9mLt6KuEv5sEfRn;e&5( ztjxsi(YmU7_|l}Bhr&ajoE&&+!T;K8GDje@vDk4s;V$-yD!{*g$JF`ARzj07yw2nS zAh~fbn0l=go|X+k#uI>PVIeqxIH2klM}QRa?j+)9Nyyh`5g}C(7gfmH zWHADiI8^e9p68!a0SG1&v1Zip5)Z2@oZi#uhShVo^UlP@I^hs}{t|C_^4Zdn*vEcS zSf*+^TiFD%Tjuq=?z}51`W}mVzTN*vdK3Da0GLoMqgiahgNR0@G+56KK1Uu+pW|JV zi;J`fwMM)oz;}9bXC%Y?(SJ8Dl-~C7{$_G|njDM&G+^KvBh$REc|6GWUZWpq@b3E?6*%#uGOJK6XbA>TVhnw3J@R2<5?CVM;mtP(+lj@3UsyvcDC!)hnT zY8MXy&9ln3)nr-wgxG(g|6$;!ve<-uzopbdE2vQ|IB7@FM@a*9* zwkU^_`H1@GMo$}GK*OCzs<@;};CV-lt1B1dLey__(Q=d(FT90Bv23T8mTa17-g+ZE z2d+iFryLK#f?`j()$_sjO91G>(NP0u(bF;_J!yt~S^Rjxbgz7T7=NQ`KIm4^H}Iwk z=O$K!%PTgI-lh=QEF6OLor75v&QI;vmk6X)dE7p4`V=H}*M ziT%KLH>Jp~>x3Hj*c_Rd0PQLTT6v)sGusXGFg9eILDQLOG3E<6;EG^b39a zMgN*diXV?%(A)>U6D$B4O(A%+mwJfn@CZfI(|TxOK}&@ruosvZI(8=TkR>SBkrzc{ zT?9VMrNRE3VIpj(JbdsM!&fng>IXOAMQ-M|YrpGJ$b&B@ti8k|de?AtR8+u6xUBd;$9OU~3o$DUSP zR}8np|UJpOMve1X7d)#7QO76&ADr%lHdEF};rliE^AHPTx2NdS8 z+4Tn|9EslS_5dQ~Z6vTZ1KM|d(X}l#Of28_ zzVa)fUwqS2v5Y9=8z)E3JO=tEO5Wx5otP(faRBAQ$-eM#CfP%J)%V%`1u#OkgS!r`*yuFJ<%e+si zCYOJ?>d81K&BrAHusbBdJmB>gbGa#nYXtMD&_6%O%}wBfWOA-bk1U}#GQkp}7^i3J z>@t-y(7pQhf|+wdR489R_wB0Uf}M97n``qD&=(zV|Cimpa9eDi-gFSiQgXk!VD$a0 ztLqQIz8W5EP2*T}KKP+$B4u}~zG(GxO7#!M7<%7t647|JzW4@Yto08Fz@?QxnFT^n z00@A0uGXVABffW$u7$>6A$>2pZO}-hb}FBH*qjv3wMn_fqiAJUlrot~n6_-n#C+XQ+M(ltxseWmI= zJO5MNY8GnZO$-n|H zINQa<68#nS++W|`iLqtI7)d5rCbA3CMf@x7{1m4)dK<%WXNBgu?xDf1g9LeJ-36b( zywEGOMGK2?SJqb~vjgb}EdCvpx22OSO@+Yaw>p7NZ=WsvrrTl&G`IjWL7C%7)QT0W z8)?>AhG~$Frf97z!de}|)s(BU~=&N53J36je~15W=sB_8K+H zkb^C*QN^{(kn5x6?2t^8uEYUL4xKd5oK<6iAyz|H$x{11+sD8Dm2VaX$CYq-(NDR$ zH8eus90P9G9YO^d`h-N6Lh-SBLR(@~R^Pb-@|OY=2LxiS2+mHF@LD-;u}{5Mw~-wE zsa*PdOFj)UDW8&zLYcOw(BPQ$3Rncu%*;at)eHzX(h1{{XxS?wc)s0u+xZe$XGT!uSN{6E`W0u!3QN{3w z2Y5JP2D*^G<-S$*r^@Q*j{8;rO)1PBH0+tY%bO-XJHYj#O9tPIWF2L#T@*|4IE*S< zSP&Wr*>}u5&qZp}^rmLB#^Uv46(ycT$L46va%P$WymG)CkJ2&NUAGl(!N9039=rbS zs&7YW84*EA4Kj_T#HMv$_&DT`z@0~og z&14}DBr5Lpi0huEz3NY)g~wce0)t0r4udBX#&XEM7S1edf?}STg_z}4KNxk#R%3r~`JUO(WO?Mn>N-Ch z*k!48RZ2@!weQmYBNpr=e(d8?wlv1-Yp>ZnTa|RSRZiGCM+_SB zp?JOjm2w7^Y!?4werAG%flNZWNTcLI9$p-__{*ruBimB#O2r; zoaP}Y%%fvmaX=n@ucJySS&hIsk)rkQ%=Le$=^I1VM$-=c0nsk^l9S>fX0`M2(UyRV3}cV6*ko%*bw9xjoq%wq<* zhD~jYLzQusoW*{UzyDnv?B}xifYitspGwBvw6k@78uB1w2Z%o zwXIZ5j}*p1_jZ8D#iLuo^&&6oCrgNZNHdnB_v+F>dN-xF=&m;6LOlUF8s{wi#2>qH z8uRPIOE$=?KKu^Jchg?Tj&m3Jqaf1!wcJ?f%VGW|EDRLnBlj^di^LP26aatv58>LE zbDnvnOOkX)X5&a7q?|^b9ea2;9Kf8*HqPilF$#B;E@V5D&!1(R*4_1CSwc4Th z5NS;^vQxvj%;GbSHnj@AtuqQb)2&5?J>{71Z)GgrQsA*TB{mecU1Y1zS~SJSsH^AA zJp7}ih{eq^plb>SQ*}f&`q6O(qr%=U{3?A(^)Fd+ipN|ngTM0HDL4RT*Y(VmJzQ8>&+Jfc zDNfH)0xUEStb{AnR>8kRST?c-l@1jqsaHh%1G?cFoKow(i!=XPlp~H}D7hFP9d1YL z9~$6f6tkun_e$#Rg%rEj_I9|M3llWf2s%T3Lqo_dG<~)GxP$z-3m+#=Z9I38YMd)BNHE4eAqIUIF1EUo zP0N}YN?R0$=V}4}?Y+`%SQ7i2<1w_1cl)Y7^&HHxaB?iyBgFQb3zFNTx-u+fJAb$h zt&-5bwC~+{cX5|+-xp8tt6?GJn$Pd*u@=5SmRQvu7iL3u-)2BULtuhc;_tAv-Xz!x zo{e&jV`BK^B{D(I;LJVgw)sa#*t7A7>5p!2R1Wo#Zkx=j0~y*rsiFS&oZ)>IY6VV} zp#8LXF{8mP;LZ*hNtG|rLOs#o8zD(b z`%84`w$rY+1b|Be$o1u%zCF_taz8U&-!7G~%fqtyg(p8RQFTT^6}}a3;irw!rUcKF z&7$k)eiNLv6~`;U4_50H{-Ds`rUNYl%mp-yzV~1tYbu);HV)ehOyWKI0asv~+d5|SgszM40ouJjaNDDBChZi8-_dsbQ<-Yz zuUMyY_E1^;ZX+?}L%yXM%r%8Z~MQ@I}n{64Y^odRC@Pun!a^DiAmLyL6ZvC^y6*V8%j z-3+JUZIAmk6v(zPo3kelBU*bEz}|@8n40nL;kl2Jxr9xB-yuQ}7b) zz;Fp&?=tUt#|3Bz3L65}1AEVAwA#P*X;722#i~ish~WsUye`yr9^rtya$TJMYksc3 zwJV@sgO>9`iLLYlMYDkr5s5fd!ij@GYnN}tU+Wk%C~Eri-eUL7E)&@O>1-bkCG0$+ z0Os&bgmB}Gsjo*cwa=?h>3%-jb#ua8pv<SO7yZmT}PhIUOgYwtool;NWlzJ=;yu}}slZojDR-Fav6&r6c39pO7A|I7LK7XXYN zq3IYemDR`lnlb}li-5pZx08CEqOlch_B$7FDY0loh9}CBIc&R=XZ*JPmvj?@@>* zWlSb@YcJP7+HeHw;FV~Ja z+Bas`_JG+0+qZ_IGI<0doF3JaWhMzT7V4%qmAt{Xh~8u@!ZQSs$W}xk{drFRB5#!l zJ(Oi4ED-R4i)X?aIDP01XHK;LbLB0kX=m#6Sp*Q-|M+;-(WqFTgK&L<#su&BpMjot zmM_5?1qb;Nj3CASj$>CKn=X^*fNZ4=Rh12c5W*+9g)mMgB3S1?6!_1?5Cy3YE9heY zGG?rM+kr0JkNy^jkmC-y&uW@41ikFPvTa;8J6Q%fjou(ku1s}1&u!rcLX?W5X*8!O z3`9FU^}WT#bDI@>?tjy0PA;)M_km$;*yWDeV0^ zQ(J~%;dS0G2-ZqUgMH;eRewB(E~{~u1>Oq=4Nc-)ivB%UU3+G);!RflX~CkoR_zg{ zm-S`QF+OK~PCMlYTJ@(i9@F^4wz*MO$Cvs|a|8)h>QsJfQTE_12bB8`zLXRv5xnME z>zP5frmMhzu<^~I!Z!7IuXBq%m2YF4g%g*IX+QMn&D-}JJh$|m3#aR3tVRmzB?h`H z*D=olRMIn{C~)lhiRf+ujHh=b7H@pmgXLKb)-nz~h-ud{c0~z9w6X=jE5i!GiURL& zsjd3&Vv|Gt<2!^D0bzBnI8Qcavm$|lJ>6R)4WCbMr_K0MKo`v8f+i5pse?Qu@a^p4 zh1-6)sNznY>!k1xrRnncZTX` zrBzC2O&6MRVQc&1plYzX{dZlbwfb78>7O*Lz9!0A9R3yC<}($gI6mkSj2f}uY6}w{ z(xGp}Ej2#)?dZDiqxiNSf~{fN)sMIi>OhkD`$qyuF-ZpCehtl*f}rdEH-c=5$-Dd2 zbMF>qGK;!tzJD6he>CdIa6{mx z=T8>@!#G8h-j`uj_P#^vxik=s5R!{$g0<<>!xb0n!?S5bz3176+V9v$MD@&7f50T& zGMsuwRg-l-lO-9L$Pao6>=TWnd3wM(`!bM0s3ogE{Cipf)VtAh%CtliGQgP7JNROXa_}5% zAGe9QqGuL8dnejNi!&4Qev8wx+D%Hf_G??xrv~rL6`}|)y_9033h1>L{z;()b*V4P zT{G>anu>n;4nuYMrOn3UH=^&!?6Q3xL;4An0w;DSiTUc~v#N1E;uRH^MVTu{?8_^@ zDtO)oWoQ4s1LnlrvS2Sbp<$v-f&9>&5(0gD+&jxF8eU|C9}MFo2Nf(y}B7M zb$hSBH|wM2K3NKYYj;fWl4y*x-@d)AOP@OwN*pqu5w z{O%J5ult(C)i8UFwuP#skUP=CjIr#ms>#r4NyV**$LMVT(mpCvqwe0rLE^h!PyhMK z*gesQq&NY16xpiMUEiIOzBXuwfY0oprRfEcrmwH-mHS2O^P8YvVR70FwnzQLsK>f2 zVe&p?8a=m*cp8rx*I5(-#7_N8dIf7BVohO>m_w;%%y! z9kO!Pqm0TS=Nn!UahtaT%h?f;;YdWsA!G6@DR6IzEm$^svT9MSZ+f?w=Et{wV#tYt zMCB|_%23g{fmP!_X1*cKFl%=qZ9hwj__Fz zoM&J0Yx9I$-?mIYMsse7-riVzq1&hoIY$bBU5hxXwswXoS^4DyB=An$>;WHCGLTu%*4185ynN zG(Pv2+S&HC4g?}e)rLbET5}T|CBMGn>pAX(?d??d60hp)#J%$*bS4vYP;j; z4XpdzpJw%bzj3SO>C#rS)~l?(J~B2=zM!aB45)OJ#KI6ONs&53xmQJ(roNFfMz>dC z-TFxnkv;neN)FCck5`)XZ~bhCq6{QSY0GMpNR~`a|CPnJe6%d_C*xdx5)4M%{uA2v z)HY1#2ZI>5MnUyedgjo2@d3MrmV8NyLapp*MztR)G8(}BK^jBT3?IGbS=V&kC5zhJ zVv~9eX~(7t?agUj+NmM_o`T**M3Q1Q-OBxu0Tw@=w)~q?S;ak{7*uHw5nz?UroE84-|X~XM$xrbiH=E*-FvY3uA`oj}0)~Xl6am_X(Pj=P>O0%tx}XEca3l zzQnd&c`!pwcTrzkeR{kiSf^y7o8wm!#*D|v>%*+3NodB|p_}VLt;OWt1$u(@G(3q@ zVq3DE#AmIZOf0x!iBd5vdL%Yl7L$}{)2!8g_J*R*xh9(4>=SFwD91`_sGCGZ#@z?s zfNFe$>5uWKhG1;av&D~|HP)^CDp~YcmyyZ1Gx_|=cF9Eo@{=U;DugT&ysm_92Oe~% z6zrxR7dt-L1Zi;Vqbtw0oA=Dww+_&fTiPUIPon|WyKya%*OvB7o5J!lJ`p)T%#2+w zO4S8u^NtSV&x|Fhu!b*MM_V|`oeopuSikl0n7A!BV_I4=O1H!>k<#s&dQThh{{EFo zd=qA(b5|Hw4d(^y+R zu=|TZbRt-v9G=pd?IL@v+Yi6F!*8pa!XKpf+=;)V!CQbid;SM} zbK}A0n;nRIdy4M5BYl6@FV%+D4+mq(>tDdL9gjA6h|T+hvFLUD|J{uK?_T`d$Abu) z`@i8F2B@N*1kRQC6&$<+HV3p3PF9w4uYYJ#Syb@RIZai$581je)9EJZmDS0O^c)Yk zajcPJf5TWeCE(O9T1Xxd!^xN77sKUI_e9(d10miOJ~tUY2mx7W?$(y2!*5r<7&PyP&`~S zB2pE^11{2p>o6-SaNlC{Y}||`DF4fhR3qiqd%gE(qKegjo88hHC?(rQ&qi54=*Cc9 zU|qzn!7JXpXo7NLWi4&WP?>)fi!Y{q_eY4`Xc)oX-9-o>gIl2#Oi4oeKHzk02M^@RXr?+?&7N`zXeeg5U0BTl{JninRI0K(ABIk{-weQ_9q z71BZ5AwleW_@JRb=e;Y7*Ao$_kpc!8VOxP6)Ep zaRR$U$w~y>evtYlk4Z~aTlYSYUrW7Ghk;D8p4?THV!EWXhX5x3pl;PXS2g%~ZN|^r zL&RTs88_;`)(G^TM?)m2&*yfpYJr_$+QgFA|dDW*?; z>-m-{6hrcuzVC=lQ?LDs+;b+74I10TFnRM=m$lLI7h#iX9ijW0i{~ZDITW=;zL6>N zv$d|39cW+fWZV7hhQh8lKgJ%dCq2}#Ri+E=k(akQDHtY;dSFAyR*ke7bB7E&BGP4b z8@AvpdDqX~Zb^H_;m4r4sX4Rtuw7kkm#~@gEU{A3aw3#NrD|8LtTl9DQkX49jR4) zW}R0cM(4hz#qXna`!5^8K;R9~=U;8kiuvlpq-@-n&o&!uPtl*Z&Fjr>aJ9xx?R~Us zh5{u(HU5v!KbgJ#!`T5>y-$qVlyfU^CQp+s95~-B-$*u1fy<dduyV$~_TV-JYj<~uJ$6ygFAicyk-U2~2w_sq0uSTuWr(`Z_N5d^_l zG1tD?2r{jdFrJI2kc~t)#=%1V`V?#6axTbz;#~J3s;%b+g~)q6e3@SdX?iPJ+m1yg zpsKY(e&Ly87Ww@glM^6aV0RrA&gDSxz+2-g%s0N{aVnC5+&`$=x!QE4`wr|hzd*74 z^bqu&RAg#GQrhuqInf5jgl8nNrP8iBrz$8TAy(9A11R4h3*@1Q8sZy*oyKpmIxc;= zt1;Mg$H0(Dw{GRg+^yV6a#$F{{Fu15?b;e~e*7ZXQ=(@VE!9UqRP zZ4&AU8JZ6-*qY@7DCcLVB>RZ#{W)=2aJ*xQSMBQiWUKS1J;vF2-Tib3-YMkM7md?< z28SquV;;}``S$kxMCI#O;5#by{O6Xrwpo2l+#FpfGFI_1scJV4q_&@%Yg)1C&Ia$qWt@fgQ-xPCj+<1wZDph}g0QfC%LZ2aY41%0kaMO4=YrTP;lo|umPkXW zPwe&CW^Z{_8~#=7{pRElbp6*`4*Q7sL&q+~+I6y9+AAeU2oU^Veu)j+8VBU$LD4Jj z>(fR7c?YE0Y1Ukb?KB4h+9Jgu%2K0==^vuavRJ+y|K|Cld)FvJE{9c@*muLR>EulO z?l)*g|32jiWLXwt3Q6&;) z!q?SPK~-=I;?V&FsZoj}!4j>RpV{$wJ2*%^cN0`r2dUMvPIV`|^-fUilp1>&(x&*B&e zfN$Ebb=TkO;VT0Zi@vK0$W&YZi|4PgYPf$$hCr`B6EPaI>j%apZ{-bpDKp9BO`4ow z6x6AgN);(3XX_+HALqMREqM!F(lu3x4rtbDZY!1!Xe%s8jy?^H$joZ&3FQ6*+j4zA z0L}eO13`W&!+JK{n%2Q+rfTjAua~4KZkJWcm}dO+lD}O^Sym^S-1j#hg6>>ASI&0^ zQ^uO)tS(=(($0}RIWGFaU;^fY7GUyA@>N!{SV)8~%`A*3&Q>=k4D>i%x z;?EWWnVJ>n7slbcjrI9K8DV$PpZ|SRgEqsp0!f@+A@RST zQgeD>XdE1LwNA?1NlN`(sAG}r)V`qJm?0SzmpuC(F2Z<`oHRW%p}EtI84Uf@6*`2} z9q4zw*;RoQXZkB=HECz&Z5XwXXP?4*^)$_fSCM34oGs`cMbL3ktXeEm&^Zd;#ql45 zz)YvX0~?UmOGKl%+{8IapK~`ZTsB9^rRoZ5 zqs35R$3)xcqWc}Abc$rA?7&f8YM#c?{+$Eu#TRYIfew!OAY--|DA>zB(&5^&(yv|h zW|J!>tHfGV_GSq%ghXdZ$Y5D2yL#n@Y4x+S{ZM5NJZ1X?D+nviMP-uC6@Hm}b$kjj zIHPqx)z{QURxkaW!!kdnB1&dv#*V_>tGbb>tdQ@8lr)%XYAm5$;i(bmY)uHXW!Ce| z3L^T7twsF%ecyY$r#C`3KbFl7YZm2Ga}8$?7m8Enn6IV2ur8q$%gOuo#w3~cv(PPd z+#H=i(S)u8_q8oed{`uEnkhQ;KTsC+$1niM8I}0aDi7j)-<6Ji*`f;INdT zKA}g)w5qEU1$p2mRYO#g6$itAiBGX2U8k?!fD;$_Qd>NsW1DtrSKQrWvkOR$y=6Q$FYF@GNdfKV08x4U^ z&Qv9aGFCluePFBlv;e=Ib(kYYj_(Nz?B*(qI>-M?8n)Nirt-L|txsy+wnKe08yXWk zmgAUuzta+vV&8g2&hwbNfN&U3AxiCnQk3j7MI8DmDtfOuS{0BB(?R8~3_~(2*b*>T z8_?w2b<<(kNDzQ_AxqFVT~3Adb@)~u&gP1KV?ZX%;0O@}ZfwPt4`bgOpd+QY!+a^0 zj+Nig&;aqC!iMcll?);>uO<~smHhf1>%SyMZ~kluJ$XjOIja96=|(vwS#tk6C=08vVt?lMOZ_?IvVs6{I^a#Gs!Dj=iHEO ze|~z}#;F}YIt!)$y8Z5$sgKCN^=K4Nz)TL--gx^PM#JRkf?!Jh2iWC+z)D+F@704# zMWo$yOa7qTrF^g`Zi_w6+%o!>fc zuVb0WdMmvGSi8={e5$I>LDAys=`q22vjsd(jCiV*s{Uh_w&XB{gJ8B^^~=vKlc@H^ zBrR{trw|p#q-a+oFx`LP>P_%PG-xrwak6!FiwNW0P6Mnbp3%}C$8!x4xn9y%NCmC1 zB}!6J?LFO4{`q&%843j86$G5U-7~4U(DOd2Ds&XmEFhor_rfxIn-(m50y>X|v+4Lq zMV?UmAg*2PP8iZ#-M=c63r>dF#uA?)rA`Q8^3aap6%UWW(}PK)u6qIk9!uZ^jguTi ztj$`V2%HOYU~OJI34!k4t^P!PYceL_&Sn&;>t`Q0{S)YWWbL$-qyagR0cy64N^$k1 zcw>>Ldc|QuJg?ED2-v&|eW9^fxxQB|JM(wzt=hf_S=bN)ojdh|;bdRNkIQ>zFbSTq z#7{5$*)7v+zYOg3&^*^Rx+1wF8VMg4843(`hSKdV3oI9t{ojdV@E0LiDa;RUvSM2? zi62r?fiY}c-Z<|GMaUN1$T$W*Q8{-RzQ`fJm2v%4`8{qFn)LTKhUC52X}IIp8Wu!7 zPyxU+G)JehYf6}0s6IUKFr?A{OGB6G$?bl~gnX=n^L*3vFs;VEO2u5EbhAlcnemp;id*Gy)+FuFtZRQs`wg0>2givLmu$r1Y1ii?ik1^W z?c+aodGvk;wUs)z0mG}7<%FkQ%TR)yM_t+mM^>5Utps}kF+I=@J)Z8K%AJhW!R^_u zRIjDpYc_oqKv5s#o?5)1V;8rqc?E}o_jx*pEvwnE6h+KHABtvL(aQZRb|D~Ynynq} zVEK$S`;*5V(XKR3AI)CXqP=cR&1$foxjuCC^Vh!utm>Cl)(7mYLt}22v@HMl-Cmvk zvpXiJ!XIODK7WU_u~^_6v|3_!a_Tc8V{=1O2^IZCrj>D20=%}h^xI6wKV=SDE#7Xd zpRlAGq}8WA6X^ljvW2Fes~ThPx!MxBEl=uv*L^(eX-%HWx{pj*$*E01!zk#DelG}G znb8F|uOp8bbc8Q2ElqlO{P#>d)#>|m=YdBjIisWJ<&1haki{$HSrB(4Vem3Lw2BaUf_=XsIZ0G>X}m%N@sR5U=jm}~sU zCaURj6^*VRYNU_-#t~bOXrE~{D+jKnA<}9m6zx~2cNfVz zhEgL1iD(3)y)TM|wN)#e{RBhQiDc?N`+Tv%HW}DdmTTNDt@R}2z4O9AT5ap$+$nS~ zn;$vB;L8`MQRz4nq;8{c%eWeIGaSCv2Uk_c&2RScnNRRz#dXPkza$k=%7)Lb{48q1F>{Fk-WXm#k)?Y+Gt-YhjUAMNheE83Ej zzX$#DkyhD@yj3$DPE{D#)>0cUKD^l>#)T0P*{V=OZ3{mm=taL@>xprV(N6(p?U!ac z0)*2FMeAX@XYt!Z-yQb935j87QrYQ0A*oI2rn0|K1pE>@!yXUwmMYt4EVU?6kh=u% zfxEkCLf?Bx>nu8=2Egp~CEnP4t%6A*L7MiD{0a0;4P zNm&%}cP=(C`(%efGtjpROqEk!fmyT_HH_9C;#s|-$+HxP;GhVrk{i-2*N%A<#^CqU zezgQB5Yl1dvazpt*`1<#G4@7kYE@>SFpVi|*OI3N^y2EdGyVg?c6ImGKb5MJX|r2v7{>8JLh(odLkl0wvMbkQ4N-24jkD-+FgFj4 zN~QY1p$YaWx-BVmKK$Z6nmVD^L-x`;^0%3one@Y8dh~g=q8y7+{|WSA`awq(0f>2{P+SR<;O!{DRxHL{9zjx0XakaaoLd0%o2|J4dZ$%gJWk1Yp-j z3cTuj+htp(cjkA=P7vhog|?z4c$Wj%{&iy;bLNrupe@!r^DD%zw*CBkCvQK)B);vv7S`y|VKUGP~(#LMo`I>G25v>UdMd_-#06qj-r z=gF#IrQMWJVo#9Y?FM@*r6#U2cQN`Vu!&O5E+?^n5?4m<`yr- z1gD7lg&MS4@>Bmm4I%2Mhat!o-II5L&v9l2RJ)^9x&1ss8=6mdlGt+Wuk?vYi+sRH z9G)Sds^ERe0xOj&M=nPrgPF!YweBVf$ z9G;?dw!An&+4e6#kwab+lAHT7b0x1Z8SGMT-9($KDjikOt`$ z8fKPDJdypK&yo*?dFbcwyFxe%&E=fDrKPpni^_#k0m~7ByYN2wn8?L$=Xp>0?vf@I z+L}AHfXy63S{~P#)On#?Q{09X+bp8^30}CRZiSVq#5se?hgBp+s!B#=E%SY0zM2?S zEwt^-^Dq$+2m%xMB)?aB@X5V;s^&fn>xEMcU=E}Cqs+bovSx>56L?Tib`o4(liW00s^O~pN(qRbH{`^ zMgzOip)44a4?zanJ$xunIse1ec?UJ|e&PPBqNsp?4W&gvQ9(dj=tM!9^xk_75PFds z1qDIUX4z261z7S z`3A)}B&7qhQ0Nob4g2AGqk+F`poULP%=$ei-SL$=2ydGHow9)^bbL8G`Et6*E)J9BdctRzl`=<}mt5{@mOC{-M_6E1IZPyN%SyAMW_Akz>!>|2b9R6XL2t>p&S(3{6Ul9+96X7^A2*&%H5ASkRy^n1lB6^V5V{uIzg` zsdTiJ7sE14G{4cVA^l4gD!FzvxSvhkPjtwQPYSuG{Y~X+YNPFUtaKoC>d(ep$N-ZT z#7M<>=L4;pQs>vw(!@L9!Ds0F{NWIskIX^y;?R|O2r_-E{MoFblb-TZ-O^j$gC`jS zy}+!lN~Idpc=(M3TV)HafQBeL9)qDK7i~1jV2DZPeLQRDaV7GNr@};Im&OTQ#QZ1A z64<2YupV_fiJix=R9HJ5bSCv`yNf;LO6z!jcV(8c}(@qid3LG_)f z__upP_uC;ojFyUB;eN-3@-zhlyk=OXY7FOu3`NJEgRh%LI|#ch!RP;?pQ9bZPSif| zer}lXos#jOg?w<#rkk8n(7T6fS8PMJWhPYxY1O((s|hv}8=M%Z_`%HW20G9Bha23v z?CP0b`yE=BZ`|jdB43%SSQ@M)9;yY*qui6C@A8Y`kJW4Ai;D;J)ykL8`gE3GL(0o0HUFNUd_14JuaD}NHPEfysMU!_36{1?3;L@TC0@I!t-qGF zVPtjhcbjBc0h%WvUy;1n8WV5hoBdd)&dDk@&O0k$0dB=K8+|?PUgOhoS@CP|qsV@x zlEt4B-+3L&$*w3&aZNk#9mF^>C)hEaH<&g$rD7ajKXD%vuJA4o0$)8U2@x0#&l39+9T`m53EZ%FaNhZi(w~DidQv zoiv&qVJBw%JH^5>yL+f8CC+joZsmsISQ*?}7Vd9S=dVCnb+P6DwsiMZ#gLfw7-#G6 z9q5`^b@`Y6kIO}uUDJ-v<^=fv=YGh>Zy~4GsbCXzr`t0q}bFC{i@` zgp$R>dCze^lY?Aq;a-9I5J#p~%Q81tCYLSvyfI}ut`D2)_C3%du#&n?L;(-%Q*=Gh@DlJKwzEY0Po=V`0(A^ciW$ZW zV{rlajrcg1U+85-d+>AM_HZlEp3l(>TI=rcKfl%=lipXX6c0ixs+m^8*Yhwt+%_jR zj)!o1b-IaKf0{E3jPR6|ShQFu_kr5qoyos^iNJ(mjFAf}k%*+n+ zaVcf0)M{)%moGIYv215QK+4D=UE+X59?`D^irtn~HE-G(%2N$*wpgR@2Jlha_uwZ# zIOtsJHjiTQm*Fpk0<;%%Lip=<_ck8D4#MkfOnkx+u`PJEJ7JY2(&6*2zCEAj1oBrY$~3KYP~g_)qg8U|<}A@wZyCO^rQP|xAYRo45_iMNO_slqXZvJG zPmN8dMkr0Oq1Y^v0Jt|&SB$yBoa9mhy&_RzMw9KaoUr?1`p?#rQ%yzH@v~pFs1u7r z&F|UBHpfeW=P3bB0_%=~LS~Tl^pPaE{&yGu*J!6;WE`KeU|d3nc7%PdY_{M){Uv^B z2jO&<8}cH21y}7DR$A0dJM`_cb7$+XH7f8Ck} z*qVwV8lx3V;ukQb&B2EJJ2mnPE#MG5uy|kGGr9_qyS{|aXT?5dTUxNsD#G-@Pr(u- zPs2R6VitGR)rQ}~YffSw)VPU*>kf;}0PtYCP4{`b3oD6{^ub!(^*?BIi$2Mc9z4fd z{w>L1VCGods$=W}$r8(tyyTyJwED;lXmV^jA0y}HC3$NqyUp-2S?m?mEdGke$NG~5 zgPi9X?695+5lyIzd1M4a~_iT8&!8(Hw(*}@@}{-)@P z)!>+GNH^n5Jmo^tpC{t=(7wK73>tlqpEZkv39p>J=!#&8mwZS&9$%Ep$ ztTbfDoMDqLKygC{OXZND?uA2l=&}*U6AKnQt>OPNR-^vFhcok7ZtC0nqxLEKz&*qz zpS&p5Lar-UM0k@m4#B2FPotAm%zu${Mt-X|e)IZCh*($gIuZB-pNCUNjThznr zP1CQCK%M8hBkV|qvCKva&u2|Ld~JGGgIWIei}Puu6wh~}hddiEy;@fY6}D)sYw_4d zA9Fu&0JB5$RJw3$C0w!)tiEG&-5qLnyz=Qx{91KUIf)i@uz&u?PKO^8b8~Bl1pm7W z*&)TQMBvwL&`7Y1J{%QYunTZ`l(|+A0>mh;EXM$Du|(R~)m3_6gOD%9!q1v&$?v4a zv&46?qDC>`?IdR{s~oG|r*3~lrOWV-pjB6*Z8zL|mNY{0mzw(6FQmIpB?yLR;nII_ zsw|8#?#P5^{&CN&%niCfy1RG=7AG95G28mo5lganEu1;cj%zCxr@c{&!Z4mX#z5hY zV=L6fPJluTKRWNNNinBe-Iq_jGeH8>uS!lIsK9Grk4O9 zv?0-rm*?EslPV($I`3=qJnRPeY@135yoo@h(mRJD7Cv?Sro4|b@F#+ zuXKi*Bob9S5cbNfp{a*$($dbc`GfSQ)BV>HE>9}~cU)Qluz*>C`Mo;t^49aTM%=K1 zDXYg|`o9ZDH1#2Blny7U;0E%3Rleysvny#o<)tKTRjzV|)LrWi>5M3ERf7IrZT`_k zBH?bp)>AXIk#vX4XNno&is$xzRqXx48LH@85%}AgExy{~cupH)cfC2)k@G^@?~wOj zrTrh4b!WgPCA2Ht^bEAOF6}()$VW?DRV?NpeW2lgK-oBjtDf-6!7jl_g zarzZT#>4^|JT|(*RrcoFUw1R5?@1&B+YnD0)w%AT&?cNAT!5h)&HzxxCk`N zSJI#Bo}X&jiK6KrK}s2>B|M@PB}jZC`yNA@fkUUYSJ#@jwdm1T1i=1|eS=q6z+MMA zQZCl%KIjzu8%ZBF&?D0eqgEt&AzZ)uzM{9~Mh|x4Ed6?BVq6JGl_JlCP zFf*#{7Bi|XV4pViSuqp7NEO?4O)`ASKmC-PXUg-f#Zdws;q{q?U>`#i!SwWfneMcT zA#=_WnASWeq5{=+*#rx_IHK*^dj^_tt^>SIgBnr>W#Cs6$a0#PL;znRBe4 z;<+P$74u0aZV3j)L~KWlj35~BMUZBH%Z>EPNg1p&x+MjX)d}zWiVQl>KzNL5CgGk9 z8Hh#v(jPLwrs#t(qQ>lqn7PRTfK>!V9=z4>J8#cktzExw7(mi2Jmo#zKvdpAg{O6pebM2hIWvq< zYy&vm4QB&IpJ0U~nd)6&HS0EMUNK~jN$o|h%+s?iJ&e8T%JTXk-<^Gn0_cYNewUe7-vfy%94S5!^Xj~q27r{_5zs)2I6GU^-a z2j4Y3E|GSXg*ZA74|2D+Y;n`h`c*o_WOJ;23@zWnO#)`qqHrz=`sa3A20ntXUOj3y zRhN*IJnGKja7L9+eA}&!dN}!5oVTn~Gj<`%e9&=WrQi3RcGZWOBf>jBiz;8DQR*wJ zwj?a*=ZY_P7g)8eYJ7FQHYkmmSdKNjE zhtrw%wh^W$xOG%%5QWVYR{UUW&iJ4Gq3e^S;QpwGd7#&`vw5WEQXIMjq`*tT-kH?T zW2XO-Wwj3fCVN-*6_SdI%hpYp2b?qNy?wp6eY1}o*#raZB-K|otvKde%yOlL7w^wA zeWrj(a1EogO24xf*tceCJ&pO+(xauN19D7-Nyhaf#HodjO4oKvrGW?0I+GT)B2Gd= z*ZUpQ_l-m(Wu~NXVR8vy2=EYzTC2uGH+snIsLT4&NCdcl>HCK%B0k`Mj-o6R>H z+RjAyq9H^GU6UMKMTR)pr1$ew@A|_mpaOHp;0BK`Suv(h>z&!f)#O;Q>us6&9;GeN z>Y^V8(KzE>eQ9>_3bE0Xr><@QPOx-mfX{_yGO)oTswKYi*wJYGjii&Ak{nCJW=H`W zPk?o;*)&gvKt({%ri@8LK*QIHG+d7Wns9Hvb5=*YwI7_30k_ItpU>uZVx0##i5gtL z($YEP#IvEJjvI2GpPMnNSP_HJyE^&!`R&LDD5D#A#b9DtV)jDJ*}#?Udx5jZtdkW^ zHjV6{c4KyuQ#qW|k{;K4s@6ufR)%nIo|ch}R`RPAhr7544-vu2$8s^~-f1p7JCRO4 z-gKE7y`9f$_aHXTLh~RS@xo~WUq#Oc0$oLb-arSRM@O-R?C|DzZA~U&z$TBVHr^&C zN<5k^!Z}h*zF^;{jW6y?BQW(bE8LAHJ6~Z|7S$SJS-2Ebka%{g*<=yIUwH?kEW14<5cW{}=V1^^h%%KUgpOFHMN9Shmj7LDTJ$Y_~}!*EvaU~{vf?r>^%Z47I&x9-W_4o^S^8fw3 zF+>S^$8TJ$o}aMVV2%Z0yHFzMQ*vW;^Xp9oZh!oW^+=_@71XEW?6Y0u!Oi`_eZe1m zWnf34!hOP)8&nHZqc+JaCJcE8g(6mUw;WGdg;+85^qr6lKdd75M-aiSkzH=V z-e~mde8fESv#@Am4VTq3D=t;cgLzPz!JFZ=lzy0RJNwUmnFjtUNa~~y(JRD&STA+= zIb@_GKWHd-3_KmQRTo%4@?j-wC28l%s5H!h_?}phbxC^kc0fhkpc8c78lkCmxZDyJ z60yP(D3-KIL7HxgZqbNY%vOEcmmD2Qh20-f9CJSSbG9^FAYG1Y_{*w-Yf&>BGA46N zgJvUUd-`(wCYpkhQ&&C`9*&=-wYHVJz-n-3p*c@VI2>erN;%3ZzE!IZWz;V+jW|3i&57^v>7-_Z)RhBF6wtW z=J35bF4+=eA?p@vrwOoRo%LUFQ!M6CiX$IekP@fTYI)sgywI3bUClkJuEI|VNdRjJ z+fPqjqN)}C8*ld18om1BSqs_t9XSHz)LWb&eM+UgTi00O6{k4*TSUY=Owua|_>D9> zU29HNR6nUXCYxpQ>4i~VXw~@GObI^M9NKm;AB-%MZOLas;lQ|0PdRzAO@zHsm$%o_=QZIA zCdy^0r@*;dMM@D;%yr(B!v4dyQ- zNZ)x1-0AazdXL}>lN3R z-j2_H*9CosD_5=7E1y1AE*&{9YsoM6sOB#_J$7chreE@UBO-$)1ac@7t%FkU6iF4i zxFjtTF#Xq78Ty|Nam7OSO)-#A2J)v2TUlvzJI}O21wC-xDd2HS(Dw$YHh(PoNbyH8 z4qXHmbaHMbYvvE99Xnx-IB!&l0_lq(Ck01{GBs#af~n@VZwX7f9@S>Ya{}J6gZs4} zYrV(I%}WY__%gMJ=UUrJWzlIcTrN39YX+z$`2)XgR-^4y5DIS~D{XgRC(kp+ZT_>0 zN4DH=F#G1*^0b5$=gaHCy6tO}{19S*ObnpWH-PxmeOakUKhN`+6`gAT0otB7PBIV1 z2qbE;ko5AGYtuB+;YM098U(Ep3yd*;Ev8-#_0o)6q`i6&%sONPa*vumYAOmYO|vkH znYKg{*@Le0Z((pN*-q?KiV2xR0#~ev><8Ew{)+X|sDWpgr$FH3R&nJm=8uOnW znbyzcwd@`+7Zq<9tMC^1%+Nfq5JjjO$MnHojyd1OrtlTh@dmiUom#&Oha@K<#-$L! z@ixY|nw2;Fu}!hhH$T74Iv4uE6!3dugG2Gy!w3@=JXY|)#}2T4FKDV#|96}=+HU)a=hGe8gxdWn*>_PJ%Y{aSv zx_Geyx|&p9{;mCF)JiHjH*F@kkQ5m_Q%dS6Jb#zv<)v1IE;^4uUBQU`oddBM1M8v= zoH#ew?V=~z@Z6dtA?fh?;JGSZ<$H_9RqtZh<_o6E=%?CMg4LVhcOHx- zYtvKgqpfLhwhen(jOA<62l98bB>MAI9H30HE?l?ReL(~UCK`{9Bod5fmD2yMDU0J( zIGxSyx{#=qFt4w*;)M@wRh^_pTgl%8GQct!Heam!U>mjQU;7CtBC?UdYrzYa{@c8% zu_N9s&|4$FIA7{h=J6e)G{dskwiO=tV zI%64NQo#NsS@-w~L_zYX!Z43y1Qpc@$ato!y4mp~TirP$i3(AlwX$t6PFQd1i3usT zz`d}_L#u+2Rh=f&9k~q=_-`32En~OQ`e#YT=_SFww2za7*}dGhEWkXYpFg2uI!beK z_MQAKRfooYl??g?CT9O_$K!>f263Xyb+I=$`-CYkbr8upX#ZLz&}tcFotnKT&h^m0vVsF)PFmx3mop=uXv zQ3eHgQQM#B@_YpJ{Fu*fgN+om61pRV{=RdwlFlm{UPM3Y1;dahLX20&`IEL-raA&Z zy48!|%7~N9eD*}hZKOO zJ3?(z7UP%^u_&GjoCPXi4>LqwYAioZQJ-@wBT%ShgsJ+@{{DQTf$&&ue-0p@f+*WY z5vn_cCd3MT7Tp&LrW8QC)#)L{@?$C?P|^`=osCje@GNLbx(dNhDwiL-N69NCE1AR# z#l!Ces3NoH@R6t&MV%~nMms;$xy4RLu)i$hQcqmWI0pUiQTk<25qvdLL618n^Yb-?Fc$Zs-<0nw^HgGyq4 zWvBAx`O};QTMfO&di>s78N!i_H_n4!8O}^Oh2Dg;p9nzlWqUTC_)nkKTOu6;Uxk*- ztMGRDQB^3-|8bDa^Jv(quzga&_H=UPi1`akzHbqGx>3<3!$#GVw7gUBqKgjnIg3{$ zqNQN60C(;DqrqXh6mVoeyIYs{*ygTe9EyetU+(#_fJs;N4)Xc^QMX2N`0SC8)Epda zr0>`+-C)t!WH00qxmX<`Xw+CAedL<=J!S>8ycN1dP@dNacn_A=+k6CLu`@CC`J`om zoP4QTQp;9y^~sdj&?8Frq=bT}QRDjok`Uvh{>k!k({JCh`$YryRzN~27*VMrvl_`x z`xxsvk%N5+#!N`%@nDQec(aBOF=r_D>v$zRtr2RJenF7<>;ez#V2JM{nM9+ z1GH?bmTa12FH(7#?IYgxuwwv;BS7Vbmp|yJAt+z_KJ&W;(Y+o6HBr(XZjl@K8Yv&W z1Rm~REVxl}_kZl)f07lvCC!z~X1x3Vkh`qHBqYOyJr6xJ0$?iXK(v?}FE2b+-9VZh z(hG#yNThbL!@%u-mLG6fa5zyxfSCP&b9=*9Mg{ihHn3b>OmLnG42&8~@Ky1+Y)!wV zH0gdqCmrs>T!Q)-5GRx8GqE$+CH68Es6>j5n3Fqgsg$3CCc2fqF9snrjjQqpHEecd zIOEAW4xhR2CtJ=J%B(t{U;9V|Xo=qvgJLs^OqY3P<R|6VF@_zxnocD| zn}wM%sKRQBUhMuzmI8D4ejZV^S610`eWJ+Kcr_!M4*s3z1Te_m_e7o$I1O`6CZOB^{KL1S^CL|2&ItEigvT7 z(Go~eh6s2;XTEyx)y2hC8^k65VgQNS=8HxOMvk4e4$F_lAKAkzz0T4{TGZ!~ER-vd znGh0dXQ4Oh+V=AvbgtGlmAZ(gmcJWc8e`^qwJ%tHF@emUSrE;`YtP@~YpY8XE^eiU!Lp3jqegBm2R2a$J^0!l9R#i}v9)I$<>Z`r* zd)OvClch!aJ#Cz3j*FT#++?mr{ox5cx)>&9R6t_?Wv~y=Zy!cR{{k^L1s?@ z%XDbD>caiA-@Zxfip?#qGxx^#L}#iO539Z28B{zUS;Rg36+_8Jy2h|th?ePQ#)u=> zIq*do;)Tbc&N=ph%TM@*4NiHX1xG?u%FTGFVnU|0c?XBqkY1Z;oi39xa;@zm@qTON zb*q2HJ&3F!k5rvYcgs+sTKfr~Vq)XK3&8y;Xhg9AqjV__Nkr+zM2gYakLS zTj_fH#yu&tkhZ?wN+Lcv#i7ol&5RTi+`pPn4?_JGM2jxp zs!k10&$y=g)jSO&|&lkHiYzMhKWxwY*Et{&L#qGNE$_f^A9x^tZg3%J3a-PCD3HL}WN z)?_-I6a*_5-j+p%G@ov4G25j|ZKts$hI6JMZ?C;YsR%~i)DI%Nu3M$9y3W~Ao4ay1lwK7Z9y=m|QgIq=c{5Jzib8e@=oSL1l5sLOlIELI_R&2fryc=x-3LmJ6 zYb8#vIJ45(Y;yxsq|;F7ZWl3YX&b`H^KP=-Bwsu`G?>?jT(^W~>=;TTnrm1z>4^JKrjEulD@?HE-YefDxJ zAoWOkHdkxgf6M12?QwUD*=L`>5Vtt0D_W1s!z>S1Hl~v9Qsgc_cvR~I>91Oi6#Il~ zekyZ)#M-1^UT<4qlFTb!19n6CC&aRkhCHfYLEh?D&^Ii#)1`MP-Pg(J zr&azlRgn-HS#R%U2OEaV@LU6_J&!}UyWw`5p$y!HO9%*keS(Iyd$6( za_9i|L6}q*zCosqw2aEXq9s4N>_2_soL{kF*rkp*?+h-7O|Q@=lrt9g#NtXA0A6q_?aVLUfEv?febOhRWGm^ zf;%E9wULtpcGcwplG@ZJo6QD`imZz8F=2tw`mBZcsTtnZ@Cb)ehF)mMM|za#X0}<| z7C>v8(PE$nO$(au9Ye8@>*F#vutNBi^|$ka6`j22ATvW!EZy1^W+W+XVF+niC242m zzX1O__p30;WY@tvp_YZx(qUA++nfS-Co`{=e|Bw=X7w>A5ijuWg9=RP#-E4z)E&7@D&SwkuE{akbME7-%PitPA5Cc?G zlga^8ofOGVR>Yby!eGZp#|EP46D=`wSlW1r12bw;acqnzm2H~4rRHyp?&osQ{io~Sp_wMaJFbjrLgbpAA!m1z)s>wCUM`2 zHhd1Wvr=Klt1j(u*eE!UI4)^XAc-fL<((1Zx_pDRH0pq4$^PQ{iAWO=AG1%L;L-7? zAeQ&3z8yq?d2bl)eRSsjz$ zgZj7wanzZZP5Rxes(=-P%I~-{K>mvi!qS6-#f+g^J7n-c4Sw%hg#{_sc7b3&m@k;F zZg}|XIscm<$Vh5m{X^KFC;Z97-NXMysxWtAoR}825#R2F18?t3ool)v zO1wyeh`+NQKZG4e`LDyDgq*o4TS1;~L(euPu1iYXYzf(UHa#sV<3r?(2~u);rrY^; z4GNlxG==6h_-LLvdRC@VF^}W4^ez?~cVt{<_95qUjq365 z)i(S>lTAMm^(LKsi_!$lVW8y-K^sJH11DBj=zUi#Trn@Y3te9``1u(>M_y+Q`6K9# zS=x7k+)06uPtKT%Tgqi;LOeCC$i3fV`>)Q@XVQPBpT~eWz9dKP39=9+T&f}jf-4ss zQZv&cX)co)v*Q@P6_ICYf!oDf*Klm%U9n3pULeEaPMKP3&eN>MevwPL!`dZ|ps0uD z(-j^y-)Z^;4~6eFjyZBC!;3mrolhsKygruLX)+~|(_c#w7*!NrGSWNeYz+oT>sdTY zs_Y=n;I54Lw_Jn|fk%(}1Wg~xVZjT(a~-?v?_bb4JS!iD2FKdltcY%O!h9^)cv+m2 z*baN%{+>M=t@cRYZa@)mS6S=HI_Qo%?Cc+-x`D?>w@t@m%( zZ?PANt4#)YO{qnv*9o+xH0?x**27p5th|^VA_0hV;sJU#7Z|?u>*3eTi1KnCWO%og z&CSsD_d7~9xGOtDDm`BW;}9%z}5;t;5zBN3}0j zyiClf0gwfCmYD@N=r;;sfoC?ZCO%?Iua_ggOHdDy&eHs9**Xcr)Eu%uEWxDuLFtd| zSIAlOIMu>}!otYj0hfm2!(NXx{+E;|^$cgdG@;3NGH(1$6BU!+E{iN^>8ay$c`L|W zivKm`{`cm#e<^e6-v_5p*sOm4w9Yi$o?L9&9S|*_^p+8!TM}->=U~cb8q<3Q65?*8 z|8?M-HgtM}c6ikxdo6^CsX0~EUN35GgT^z;8&^vCh$*Bhcrd zuEN7wb#*(Ojnw&{Y&TKTsYTsI%kn0GGcRa)XyIMO(|tIu3qFpE3cnMxVdiW{G06CD zoLHy!fI~9j9R}l9=H#Y@gaZA9n8o(q(FiF^h1joA{P-edk8i|Ec6#z z>@F&8Z|!7Z}nbmX}^}TaC!0KHa#3<+yo?CaUlc10r(G{xOy#*;|IA>uOpU2;4l&L6?2w zk=t>Pqj{>j#ImQ>uk?6n5UX&N(AU4R($~$^Q-n)*^4=VGmj*V~L0Q%^i0}&$#KY05 zxqYlgoz5lk2mRS!Ez=d&m&@7VK>qwcsS?Eh4yRk*Z(IxF2!#-@Bn936N)DS7J`z}H ztj_1>xV00K=dKf~x8Sy)*;&v)X5U^U$q_}N9ebbe zpE`?bJ3bpKO6=bMhaQhQPxJfyw@kaNaTWz}>L0*3@r^?(=1Vvcd z-bnn`Nuv`J!5KwP=s=M~&$cjzuD8-iW~@7rR%h+e&jE@LeEluj1ja2UFLa>W;bIOJ zu}pUV`7_eDnT0;OPIE?`x0imOd0pCM7`vKrd~bmoa_c$0N!wzN*8Sz$IX?OxbD~sl;c;;J9R-<} zgU((zG{zSDDljp;4F~r@A#PyY4{4cJST?w zmMHiv?teDt?N1`LA`k$msqdT})1BWxKhM&M{(iK0wl2CxTD<6pc1=hsSxz?f{6eA7 zLgT7J@MQ-SbihQfxYfz|G4!G_=(u(9yX4=d9=?SE5(TC#eDQDJ0}8TPnf?8rORXmy z^Z&5378k^swSUN^=roc%n1RZKnTiqix1Vi;bD3u8lVw>|6eDc9Wd}P{L}0#?WUb^XFz}W?`c2In4{{%m@AEOrtJ`wF49~(4hU}U`iu; zeFqVaajkP-c2&hNQY)Ts4i9Gg5C%1%L>&^Y>70P6(AY@bi5?XCH={!>ohQBV5)w^f zvchATk_P?JEYD)32`Mj4;J@DDDC__!G2@ZvR4@%{#?ijX!!Z#5KgLT2lzdw2y`|kc zKfS#G1lbIS=l*XPWz$Z2-?%3nPnGDXH6>j8$WGO@ zUci^Oz2P#yqX5qX$GjsSe&TN_dt zuUJnac~!cN0xmv-{HxU-N_B^_fi6zRD#n(Zt%)zOX7!G71^W{2cRad6uO3jQ#sX@; zh_5`5>`IO2phqsXEgruAkd5h&5AZi1H>E~NXJUGyMP%cQ4RxKPmL>=c0>2bp?IbT%Kg{E02ZzhuU}e;*~CKLGOUs`L-A> zy5QK!BDWtT75u+Dv8(^z;?Wmj@k4+^%KyOD%ZpN>m)vcee9OyZLGgV9WS|jK5I&A( z&9)2Y_R@;~{<}C*e)~q3OoC7`?~h!aiFzosO0k|xq!0Q*HiPihH#IGB+!h$=yU(fG zs~8J-|L5aDrC+R$X|Q~H6hPG6*aR(7NmJin{IY1bx@d22LnQdp z<(qL0D=KQB=m8h596-8#5Jd`09W@|-au zW)+Rt)uEeqcc?EZ1!SY5@+{t(3JH=Zm;&`%GAEWSHS(L%By3$0Q>>^c{pnwEe`}u8 zgvN~T{E5+I+$abyKVY<&i((>c(UaD9|Sh znUgO1p*PfQw!VKfq>{v34K;z?>AnQGGko~aA${>yr^jn%EN7HYjAA<@#xa?b38Eb>#K~S{h$wRVgFkRfZBB}unFJC`y=pzw-SS;DI`M=@`Cxe%|KcfuBH6~`pv(G3%qFOD(w-3P`ln^;w zW^wLBfiHDfZ^=;N6ne_Re0)Id4YANIc*g`4(@vV-1;#0$PY*YSJI^tlgA|OnLrlx~ z?yK8s78HBMR4Vb&jl>zU1Tn$#i_Uv1~!#-L(ru><&S7JKT9_Zo_ zqz@hH+|2z}E)Bw$XbcWM%YJ!rq;X+8xm3b}>ka9W*;XNA(7#?!#hK*l>_-F{DJTl(s&*ISfWzyWlm#fIKhj5H znj_V_Of?%`=X&_CsQl)p@1Pw*xgj1YlgGt|V`H|s*lOnIuKXxtpFgfRVZa)4vIJzy z=ms*IF&uQk=zkm&6;c6z@SuV%ZWeweEp+{<^0LtiWRJ*BmDyl8VA4EMfC9zVwpGscH57Wq>q13x^j;{ zBSq6-EtCF(beD5d@vXJ5@w&yy(MwNJUHnQFQhNpPnbOjSqEmbeT($?|ft;NiS%ISm zV)!YYieHWGILLkSL`=w(iw)`y#B;xo$)vSr(NS_}>DtT7*({eXHZINpEHxW`Uwp}} zog~S0+)?USki9O#@PFa_Qq;Cnw<1&1&$q8Qi_KnVdk($uo#;Mt<=bm|w37S%n;4Y{ zlX4V;$HcdjrxhR#gsul4SM!7A%d}9w!Uuhiq02&aao-v^VPf41{)Bly3l%wk(;uGu zUmt8Ne>pMDzxt*+RryugFEv5Hn$0Tz;~V#825t5A*8=r^722V1NvbqtBz##ZQgQRs zx_MfgsG@goO8LdT)CChLi*JK*LhaYGhC`}@3K|0b4f~PCZ(EzMqKjyYj-ci*+QfUG zL^v37!kgrR1Si)ieA3pD!W^g-T8JZ~<8#Q@4j7C7k%uZk@z-s2@||bu!XFW;EN_K^ z*>jWQ?5K_(N3dG^#!-hRgQt4)#(Mp;5%KP>T*wVA`nQjR`7WoYN+ym(zdd6ZewoVl z>A_PrpFH#YjlxUI39pbEX~N1dX@cRM-1@8I>QXaNmIZ&KjO)}Si2AIjvF!UAY+DW` zEY>LpB`fTKSSyZHiM>sFnCD&*4s3(m(^g5E9Sz9|!X7?U|E>C`@yg>d6#+jCMD)%^ z8{!IPfF8O%@QsJR>Cfd>qmS<$R@35K&{4rXQP19rPma_i5SIKRS3(zATxm5$L&kzu znP>a2{x8LJiPWNT=6g*E#LZ3=CGbD90zT~~OY7dSZ}JKispOH*j7&!VvNxB+&s$%k z?mzmFsy%pDfzPzL+A57*=VtRyPF^ODsL?&32Xt7BsXD49Xj2YQOY_{^y}yq!Pe-b3 z;IkkJP2f8%i#}K{&DB(7tMTD_!kvpY`&{GHPHg~BEd*{RYf9cD(oQGNu2!q>}@PE zd_g~Pn2yTT5b2iyx;*O!yG<|2_)E-%gHF?7TW+EL5`5etAqz6p#fL?hFF!^G-%U?v zx^6|dx~2{IQThA%pT^H(vtxJNmyrsq@+2F;(uo#d$Sn1VNDo2t{{~W@e}Pn_}EHjSbOWJDA(_O_$VTSs4yZ9T|)@c4N?+AgLH$$fOI26DuRFv zUD6`m-6cpPARR*v-6f6idpPIl`F#I;*Lv4-v6jTlGtYfL_ul)uu6^yJIGJ~{NgdZ# ztO1XYHSMpWSZ@b|4Gi9P^$DCmI=^>LhPGD?wP+WvI|t%sPYUa?MF)%RJ7Hvl+k5WY z=VQ8dl~?|r;GU(<90ux$8j$MjSl=4!a8xO#NE<`dVD+HX5N_lLhRHyYbK#zL*wnXn z*7d{-&T|8pFOk0)S6pJaAeLgYlt@>fq_t^uQe8L%@$w0J2vcx9{=8q!g1mfT=1Bv8 zqGK*T`Z0;jz+&yf$PRr&ki><-vDeURk1d*4#@QiSE#Co=cJU&d4vp)z-Fb+TE@rv%=WxaaE|cjQ1Wef@R`aHNJI1tz1E!hZ^T z@K(XzkBx7sbPmZci7;31e|Mg-PVqP6k(OBzatM3O_>7D2*2Y|JQTD>M8Y4rp$#bCm zYUc>wjgX1z>;^KqLfQw?9GsND{0Snv=_+&(1Y(S)M@dR_mXR9GI<48OW|%d(K?M~sU;e5FwZ9`aTt2v zj4J}N9h5A1f_&S_LVif~z$M#uB*II9P<53daebjeXrY2?c-MlYhl+VyhV)?h!(SJ{ z6_-4(AT}?&K^Ex2Dn462duXitaR1KNxE~GVH(*0cZap?Za;$=H}^)Z6F?vuhh zw)Y{muceTbNIZr>s&b2VS#75u5g~*wQ_aV;-N{#D9b?j86@3(^wvBU(KBTieFia4W zbWu2W$uwkXK(Pd5%OyBw~j&*MZm9U_oUd?tp_cw>{IiCW~6w>2(0*(3& zRr}nYT2=Sr%1rpBK!`JjN8+%AX9Z3Hylk4>r;=W}?XqZ5BKh3XWw0l1=wGU#J=ub zR=;dIL^2$V{nWVovINJnt{89Z_dA%YwNCj5K7ZxhZRolP^;&4PVGUi3GZ`oIW-0qc z=!5vdq@mCEtZ(+%f;p>qaig_5PhVDj=v$o*H8bsK7h}A-e6@6DPx-J#Up7nV@K0!h zCP%kbsX|rJS_x(*)6b7yjqO|GUu?d=$m~3n#QO(hi&tt1bQ|W~;o9cOKq^}xLI8?X5 z^;tth#0B|EGtVq2Yv`K0Ahd^DkbzU*7j+?PKb=x4ld+(sk#-ja#tk>BNyGYcHT!L-3bqU!Z=}GAK6=Ep zI7?lk8elUL`Uq!i)jR1=b<_l^KdMcQSZHOc&S-^X%XM2!|Iba0Y9L4&hIExAcyQ0%TEW+3sgru2s*38-Z3#$Ow0-Y^t7Ce5N|NhjVU5C`K;c{Y zFzthd!g)mP+Q&mv_4Ql1nVYF#l6&wa9L#Qbd1QY^<=k47Jl(Ty2^GfnJW~~Zf;mrt zXSrVzl-w+ca(!(r&&IMV);1(^pJesyOEt=wDLz-@Zd%DSTPH8$_y+_9D$kO%YTqy& zEvy$MMpfKKeIcyY2W4LC+1^7oI&xa|IV&WCo|;WG-CRaq#L;nbMVE%!+BJs$M~p`v z?BUgo*Yz^woZ_PX9vn)gbWOdPNE$1Abv>n+#fM(?^2ue@rm9giF|S9TI^YAi#Laq4 zcv_DQ*Z_I27kXFhGyY!gPK}O&f7yoK9oLy(M>w;xw6jwocgA+aC0&1MuOjam`qkYt zb;+gbUAXj&A1koWm5{A=aG@%s%UeWjWW?svW^f!&yVQOMoxL?3mJG?>6butWCIclf z4unOo#va(ovb@n|*TAamakNp4|0PjX51EahZ><|N+B5fpi7jR*{FRMY$1P!}({8K6 z5$`G!J)GyH$~qgPlc8fBr&B7fZ*Ib`nCHK*VpU@b|B_+3NE=0%@0#;zye#5mHto;* z_~TUb&%8|dWy0u&XMO83X-Xr@*92?1&MCr%?Vb%!Zl9F`rsgf{;jcs%u$NX+)U+Yr zdS?#~PKQrq(i+q(<>$P?GzAufzig*hIdNI58Ao;0don-XJ4=d1nJPj-k>^(FY1xGJo+m%$z#qsSsNF1PN@IZ${&Ta zecE>gr6{e+pFFqp>d7*m%T-9QIxWD2EcLN~3|LP2E15&IaD@gu+}*jZV}|BZF*_;>R@_s5BJ&y~8RHHwo}gFfak8SKIC-3j1Qt4Tg)7>m3#7IS=w2&7DM03ywPEu0Yj-a_ zX`cW7oRpvsCT*?6;YBWIACnYi%Q~>^haxqo5~OJ}6BMNtT&&YHD!@BcRj%E1_+Q*T z8Y#UKF}H89_%M;HnjiyM0g=Ma#ztfSh4%!SD$=Wh81#l+ftVBlj&m!(@8=m%2duVr zi6JB8VSGFP-df;TeZ>c3Du`%6{;Db|pi@`mq!(nyR-Y=2&yXj34x4f7R>zM7#;1-g zk(nO@AMx7I!Dsyed-dw<|r%(-KcS6o<4I_OY^LQG|hLA+_0&qU{ zbH%mj^y7G_)OKwYY5klYzh(0bymQ|qqvLhy2fNqz2_wFDakCPOUvlW9vhARrL`EH9 ze1V(!MRl^mHz;11_fM!c0PLR)B=Rc#jhX(;1~UI?$6)LwZmY2_!>a>G?I}8Vxw`pR zVSz!Tj&1!m&ly1bygBROZKA>zKK&dM@YyV=#ufZ`+WOCy5GOhdtYlow*yy{HK2R6> z^E-W>BdURZDK;P_mOfRVVY~Lpq)+vF*>%5aCT)C#6uJJ>H{U&AJMLRD>+1u$!hNcR zUdhUqqCd`aN|jDv_E0zM!-yp*azxvm{hj(9htHFQLF+7QPRS%UpOZH}^z_Njk3(((7pG-m{(!+$O4)kgrGusipy0g^f<^zEHFs(&F{o8+I(9IR6Ar;vVL|p`^ zGNYx7>$o>6wc3x+vf3%@yAc5?hKymwYpPU@Iy+v+2<`a(u1iPd6!k$p#i9!atJIAL zfjYBSAwMLo4-rffJPvx!oYWy*-lO>jv^OJ^6kfl1^QKp``CJ|6IXVz(oyQA=(4ZBM zuMH*0pID^!Z?^zuz;Q%bs=N8Jw^=J58K~N%Bt&oUZz>NIEcZK~`f(qA9nG{DuCQw>{4LARy^<&9^>4Jtbghl*#Y=3lz_ zYYiFqfnkzPu}C#TfOT+02hsNcgANo9v-Mbir@+9i8*OF!2ka$J4B-Q)e!UKbEK$NrW`v?I4U7#F+!3vX4xy5R;vpZArSF|lt z%IR?14myR8*-4Ut13oTSHG9gu9uW8dAkgU|92hQBwpuHr#K+3+v61`F7|xh5A&@g= zGbJH|x3!a=!~55xdFsbWBG%taxoxJn5-m!N+waBmJ7x7{@;f5c>FLOf2{JOnx#4eJ;xBO%zB~5Qm5t& zv)nxbB58O=f|U_V^-5fcogU;uj>Gml-};&XQ!3w?X#8YLVp{-Ytf4RwY%vCgBE?bx z`)o%5mrlI)n7c6GUqo^;T}H~WL=1QzmvcCvB}ihtZ^rW)p96;LQLLT|I6Sg_<->;O zLvdTrCvMoj8!WwSv#7qOuzHr!JOz=39ShK5icP?FOe6zAs)J}*K(LP#s6<^LZ~kYa zmB1(bTI&izk1Fn~MGestoK3<{deAD`=Z@M0;}*F&e?4VC*OQSpcSq6$a}%W+(q8|Z z!hpN4;@HjDvcxe=2#U{K7I1IQ4_5>YJmnnF<1Fjz;xuYAiH^7N0S3<^U*mT~J5q+O z%6JQN^a;4mcg0nVz1;A9m2p~1_9x035Od*dDmU%uM5RMU;3Jh*A1?X`>81J;C_CjT zo=GWL#F%7P_2j$0jx)(xTI$NR;J20)3!U-GtB80-M)?su5@-gg4Yh-QMC8WfSfZ(U zqys3;+7j+jo4)1sUzC;;90Eenm#OUJ`fxgmvHytyUP$9M;tgn%ib5>6Cu|nknC`3)1&@ zId=04Z1==|UjXpm|KI-bRaP6a0WF-VyO(JnT<&4Y8dHD&C!||S)j#&%U$v? z@0zLza1@*%HXzGcRc9X0c$p)ei+pBP_i@CMdwq9z9K`yT;$h(8ex8n&a4N5l`Kwo= zhfMdg0GnPH?F7ekWZL6kNjd!gZc+c!EMHC9v}<~`Tl9GZGC71rIF@<}jI;#Vft#i( z8Y^;+<59uO2_7l2sMM!DJ=7{X!1RHOtW zL${i2WWvL#sVVt2YTt|VbL(~E1U}G)N-j;1gqUOP^gK_f%?VVv)njX-^a(^{Xi@44 zWOK<8kL2(9n(8S{^5^0jJc&w6=!`TZ;lUqQkss&p9M+S38j;V=NKouWr`Xmm21&tZ zhgMC!=VWV_bFr2_J|~YWx@|JtW`pG5{b^zIa_ugw`-KGr#u^w4$^_N6{N6{A^1TY!%$S zDOdmgH^1Eb6jneWk#ld>kLBpPE>&e%Pp(e;<@J@L%-H>(GQ}(xYLAQ8b|aP>txOes zWIi%>5M>|Bj0eHUM`hKgo=@34Pc94-gyuvMC#ekv2OcY%ruO%_mTTROMKVG^1_cw+ zJrtW9ri`3~$pgVoR}eCEaj)maT;^abxoIr7|8U0&!bbP!PmfCD4XP(hx>0Ugd_VNN$Fhv z_q@lkLN)x6*qV>j8FHUxN2#d1NY;Fipt&9NY`n4*X=4#Xgr6lX#qq5B>WjQ|b=Sj1 zI$0}S9ZbG68rm3XSrvVK zdi68=g;9v~aRfZeg;N0~6$5TTa^Z(5TYbeH+#1ls$Hg1%L-4S6J zlHTm_SDrLpV}$h8%}a3Ef?^UQSs@u;Zu0@*Q!>WBi7HEVBW{G&q$45uCxL94n|c_N zE+=K}@soItDsflRM0mJvcrAY)vkCu5c5K{7L5jZMcDywL#MWTva)Q-0)5UIe*x!un zy^s*l7QfSqw31TT<=KD_&qA-$kL(opJfVQToZ~WhuPG3S;>H_yTsQzV2;!idetUZk zi`?xq_Fkf0lQy0FCrXd4(tv4zYkyMZwr^Yugq@}N_qegVP5U8Fyyv`5x>>#Vah`1= zIs1V@PW)|ms={7lwVdxceKd)VLl^2)%B~Eg+Ic5Akr+=^Sa8659s|R7{J$sh58IO3 z$k+Ye#5}BeabcF^PK??+ zYtjx#f;Ybhl^MegY(3^J5a`;>Bgm(HLv^PXhInh8o&<`XdXc$egdojgM@S67aLP|j z>DZ_dzbgY&MTuQ7kRf6@=J>48>ttp;wi%c;ZknC!8i}vS_X2PWf(rhw z>u~Yu17n0Js(%XRhpY($8jKF2=@gJ?J?CV z^O96;mV>Xu1Kkbgv0aDH>hBur@w~n_rK8Ug6Yfn=|Le@xR9DBkfQ(S&7&@P9$dw4LD4to4}fz=HRczyse0Yx1Cs2|P8gcs~o zlVV~zG*so;yNttTThyFpyVR9Q(qZ?;c4QTvoc!$mhNIcF*ho-&l$*WWJ=zPGY%)Ao zOPaE31-_)NFnCrc#09Kd^2Ei+^O&S}2O2en^i}8I3=Qmk({xCtD@FOn)wQR_VbR)> zH~k0502Tx8sX0D&jTiQ+3sD=#bf3yvq0VveTa-FA@YseAm_U<9_J0M8K@-xFv1SRclTmM&yLP$h zVkuN=wR=%tvUXwCeEFt0yfO`r{$!clEo)fIsKjcJ=PU3`ouE0=g5794OcN#O5XT?KZo(As5wx_%A29}UyELn1NR30DU@euZKU;Dq7{O(BR~(BDR-tU@ zS}m*iETMxVCo2#Sc6L%8b&gn{h}Hha{h`Q-QA2JyGDP^WmKl}JO2hX}Iy9j|cxx z$PE;!ZkOgXbl4fr!Kl03A06)I^0D=&Q6oKhaKB5mka32w z27ldeDGxqrw_=Lee&+=DT^Y$#bl-c=uVnZuxdtNzGrb`)E1zK0k{n2$}&NJ*~&1XNE2oa5g4ZkcU#zHw8Pt zO5|GdZ;tz2ZoR;35G2|UuJs_4YZaXCNMqjfAK|Y27Q11spt&L3 zGvAZ7ypm{FRUNzw2v3jdAJQERp6?&;zH&b0CxHIT7rodUYOOFa`6c;{wlUZkmP7=x zRqo7hm@ZAWactXnW7=PAoTtM*#ZCKRUzHomA^7@-6X)AK{+~a@;ee`#hiW^0zJ@U7 z;h&^j1(j9Gptrb5X8!i6g(?&(sFKpKC!!2xAS;e_a_g_+T z2Sp5hG6vFLVx`uGm*3CXw5gG;q^|UglQycAw#aoC&d>9x9qE}-(YU4mgO4vH(FVRt{KT-zWneh24W8^NL{TL~>VtMWe|Jk~2~&_MbzETGowM)k{c5dQA2Gw@ z*SP}Z1B+!dvM?@8M-a?`K7C{ z=-ta$C4V~73`y=cQ@D&CEzU3!V%(_^mC1RQ`x0G06fd7e&YMjB*fH?wP-#fBPq6#< zPwZs?m~kjofe>s`RuClpQczhrI>ZO!fY^u<`9W8-PA>7>C&ay%)y}<|NxIZlotr)`RxBO_$5@Y^uF?gSVXmI|AJCb@TUObiW&Si1q)rGZI2KzGX4RPX)#VcD#D{<9 z%@J{62&i$1Hv zQHu?1rBC%7inWd+*HU@1kLS1qc#ONB?M!49AP!f$hce}`4k?9NhizbPsvl52ubFR0 zoceiO8L;40=jY1-m|}m+IpWL@43V0d_^?v;woU}7l3d@v^~9zx>ZDgfFM`sWkY7ZA z6SmC#$Wl)HDuoqpLhoHr4^2A%YcqNvk_{a>fUhJ-B^S#?gnUo2FyY!s_NEI^i7_Xm zWM)8}FvD|i<3u+;bnT}2$;dx10U)KX}>5ZuT$box~Og{_-su3*Efh=PsXYV(TTyx?bfVDNZQ#YY&y zW>ry21dkE5RL2rVp zRlf_2YxDs`v-1sC#M-xi(Zkyhj2j>#7f=Jxyj<)Gf__xDlRX8=xKzOa z@xvVLA3A_HZ$y3aTV)D*)s>S5W4R;_UnLn-mwnE94SN9I#STTj<67Ewo#L@mnme}i zt$g67DIx~jFN$KgT&U^dVoh*82Z!e`gz6KNAN#ZU1goM_9%ynWy-4V-DO_EzxybCe z_D4Pg!<#Ecefxhx0uMntVV&x`gdS1~R#Gb~B#$S*m%~+-V1I4={Jy5+y1~$`h3$s4uVbg!lei zfqC3EDAHM!lp?;f%50it1LiqYn;LA6`)y~%b3a?2^lWG>PTw_t8{?JxFCz0KDo(TS zgcXT`4aqGwF8d0zejcROU$4v(bDsUU8@+ja<~;%M9axJ|ybHF~{DFF=+7S}hUsaI7&7mS)&hGHxe%=Tncb{~r zT6A`br;2U;5fA^qAO6j>+F(+rE%uv^2B7Ie(0DjbTk7>SFw8v?sKXV3;*_R-t1Nih z^RVv#_+2@crc>j1KSCAmWadq3 zkPi&eZPgRaz_Sq=zC>gsK~v>*m^c?rV%IQuFlQ7%CLjKHY3*Bd1L_|Hh+MX8buM&v z{k*;$xbD(_Gedh*k(QctPCY%i;mG)xqg9y9|M-5l! zn}62^GvS|8Cfo)kA=1f8!PFs)vhq)ND*|Mzy)=v-?YI^uBKPcr+=S-5w|fwr=-YSqP^UaTsQbq!*OLXcRhG|=^Y`~ zm<3MHE9YdAJJwO&JJYp}Lo)Q*Gk>K$n4b7*FqPtrdRfC0kJ>HX?Ym<`$+IFY0v6w^1k^28tpaQX6Y311F#iI&wXPZp4nzxg6LCTFDt)+xr2X2JKeOa@O?>1#Pu`5lIw9W3OVi6K$p|tZpbxd(2Mk> z+qSLNx}@xTU!dk}mmh^C;!Viua^k;D#GHQh*@jTapybuN#x^9_WGdRTmgsB9Z3(v4 z1jpIE4}k5|&{YKnC)QIB00!XlIcRe=BOnFZYBY`kXvyp%F7ZJH$uYZe?-g20EC&dD zrMF7^yF{uSROcs5!YZpWNT&i^_bt}`Kuw9h%An1R5l0)9{z_?v<~SQ;UW?GkU)tMDrvBxe3YbG1Qr^{rwXhdD1IsP{>Q~lmk+-G z4U!acoAXQWqqL7ET!ahq#I1N4r?+m0fi)$#eBH@tgD~b~ zJ4-8`j|8t+7zxINJXuMY%@(DwF}ZFxhVo^ul2?xet#K0A-e;0X?tnHVSQ=LFj_n|W z+&tB*3fnX*7W&z)@kk^8`5u}bARsQ-Gm{7345|7|h5c%YbYGNyzr7R|!Z+owY|@&8 zwIBHHiqde%3FA&_NTAtB$}hjS^ei?KWDR=97#5`=d=<%I62so|hV+J6D5vr}4xu&I z{coB~w%?L5m4-C@PZ|IeZSr?mWARm#m-WPRqU9o=9?9fdM<*Pu;9n;#{_bh#23y0mb49J7?Y9y}bH z8HEDv{%ucMkql@M1B@LU3u0>{VoN6UK~tR)cGEnBw#pO19&;vtGEV|~gPeNAMsA}( zf{+zt*1-^$1ov?3JBtC3P)hmAnMukzJR{m-Koo(DHO4^W)`R^)szdvFJif7P){>`G zgy44*F9akg_rdWKZ6j7Nzg(<=aL%J-H;@PHolI~Iozl>&W*lcU6|8yBpY_w%tgGmY z)a$dwC365?WWDb2Hm|N8M zr7i|pCfXy{XP5Tvu8-~LP8)ZYl;VN5Kw;x;bdo?MD?9?%W*wdAb`$BWRflW&Tgw-h zmU*B5N9&a^0Q`~J7GIp&U|z2x0dKuhPZ!CVIFh1Np&yX(8 zefcw4nd1@*{!;iPzUkOR^p=o$miz`OR9hiYHb*?q%KMA$^u)tl^{7M6^YrE2P-pUhbG$G|H}d4T zPs&&W5O7Z*pX;MHSC?nUj_ks@?L47%)EhGI-@>_)Y18K>#G4vCk&vo|fbD37tBC-i zX}vwy%-Jmnpw727piC*f)zaVh!1k|_P_Jn=Dhgn*$B!{V^MUdyq*j!OZz2!S?6bOZ z>nhMz6#0jmvSx%GY1rq+(r7bs+<6++v9k2}murOPmWWj7tW}+S?vb=@-|cv|tS_wy zQI42f@qB5jD_c#8-;?>pvlIzg$>hn3)Yaw2zsrOS$WWC;MY67B7B&hW)upGa9?$uR z)UNJaEZuZ`>p6C}(`g}`cztmO{n*5%&zwOmsvP!m^}#4eTtd)ITX3^anmfHTP!w_^n2wxSoV4@f z9uR`+Ar5)bF{|$oW1r61KGu&Lc*K8|GA&c^2HC=<5uALtqZ1#ti5F0R>W)%2r09eH zj5~LPzO9R(ILaiu=}RJsFq7r^LV&vIdiBsCZt3CuhOmu4XM-oZehwJ`y0G(Ek5*Rh z*z~M%Eweig1PX1hvj(Jl`f;^F(vYX-6s00Jy_zUBCj;+epd)*5Dx_)!hWRCVwFJCB zA>rBTW{`O9sEUyml3cN^JA3dX_l2bYHHEiq{Fq6bNy|&v zt4ikhVrz(6yie+WQ)DGBFU0BlpPwX6UCds;`=I%Y+9w_M6R(A_AX6*ckpmiO12%P# z{S|DL5=VQu6S4JG)&iJs@o^=dHTPADpj^lIPtUri-DGH0iL2>yE!E?W25fTC^V{&& z_v74VaV9WohEZ7sOLc|f6qyHdG#hgsuo9{aPg979b@oFRK|E?u&)n5%- zIy#sLFL%z?F8`$9`?2I5pfz9yJaq12_GAlFLtfQvX*Aml>TC}ZKtpf0v{Rl%K-^MT zLf_hu@`Pi-%lqnZ$XUM)E3@oNFP3aC7~occgO@r%tfk!J%C99Hm+`oqJvVrVfP4qJAEyWR)LAjSfZ0CuM zy>3IF_KC&p+vZ?PN@1g=fy;%ZF9g-SF5-!O zV0b|q*M7)EoFidfFiP}DkO`SXo#d8A$Xaa7$c6rB$HocgpJ;j^xJXzFZ>vVsHQ)e3 zo?+A@Z^ib&-)fGAiupRv$F1%tzX;u8jNA8b`Gyjqa?& zu{dV+wzjjn5coq(HE=D|UD9&XKT+Pk{Xy9ZLJ_#}>FQ$WomY^!TDedBY)H7-HKz%c z?dLzw2Q5M-SD`I7n6cjK2c99&-+RAGsYV;kD?d@Z;~7o7is~Ck`|t3>Hc)Au!i0zs z;|(`V61z>R?+x8b>jQDy-CBLHfmFk|5c!P;zmhwM#2*8(q?iDLCWiS2{Y0BK%@VJc z2al41;S`m3FTMN{c3sPh^_#S8{v6i?bBDr4bA_Ylp4cR{P-fieqvPXj}yMdL}Aw{oc5~%-wR1{{x4E zsviGejQalrxDADjc`|+~CXFAy-inff9~C8NA_z5=rL;WZe7`S@(k+)wz$iq81?`-v z6RA^~Q^X|spf_JrDU(h=Gp}H+SjH}w4pV&;GsHjx(J1WDR~>YA}BM^>cZ z$_-!zeydvDb!fc*=2TUQvhew(_M;W=t3ESalb~;5ZWUpj?MCUS&~F2aJlR;*ho0Cc zt{nrLfrnK`YzOIj$M~BDQdNML0+zmzq(lZhIhNI|rG^toFgA`oE70fKS3r-AY2d>_ zjAOS3{qd~q?5f#FQD3W(XRh4)LKL`%yW03zr5{A*U@N*^eU!&qEN+<90`~}BbLD^EQgTC?HDGXS3G_e|#@om2 zYn}WC_RHu@wQnOeVqzF?r}Ab&+h=?WV;dMgq^3B4$v=9yTEhL%Y|+(1$hAu0vX zc_M&Pw(lV+VsRkS6R+%o=5PvQ813kytlCyKYY}wfQznI zur7BNc||62kZwID)U+x^^rtpN-3C7T*BYjW*q@@KX{l2QN^F+&_t>qRfrN2EZZk%aa@1+Ny9I0=t{lT86Ao;`6KnjPFLjX~V>m>L1-Ws?o z2MI`dC?cA4{*?K6#u1p%1r+F7DIoa)46V*EHfvKd_By~sLA%O29{V*KZ)~e8mFO>^ zI-Z_?`h1^oro-EMKC2Bt!{Ft&1*iRs>^z>=H1cgA`=;gh1nO+O%l&MuvqFUK2Pm8_ zCiEHwDYO~=(eS_0HEL^3@as}c;ZxL9P|WXI_e{faoPx5@7?lWb3dLm2LuE=B%ZJn0Mp}b;kBLSL&2H!KRzl7o7d%g{z;sc0I%w zFg>owEn6+f<#3T#bOh#;5kF?GVsY5^9W^56LT}jEc_iMz7j#49?rT*1OX1@3Z+`*S zC|vc|0AQHdmBeiodo~Avu5@hl3JIpITQ_0?&qb2C@EdOuz{$wE^|A$vqT>7t4QUPs zh_*?1oc>*ZT35Er^TfH!tRz55!DDkCQ|y@;-zmPLLkGwqX6sfX60V1TZO!JB}DUtJt8xyI@pCkSarEvl? z_TL`x_zv`auo%wjJ{mVgwL@ClojSCKJn<2HYhox9w4>`9YmmVCVNa19Z-!@Jq&YtA!tG}vToMH_zS8Bdw% z1;y0@g?s~`VXEXYRv>IW2Y}N^z^KdRe+?iO1)Z7T{fa0vG+LSwHExx&Sqanda9) z(`To*5%Z;z9BhOyN(1;{pmG`^)hMuQv0MAIrMDOlOTgln;J84s zJ2cDGZs0s%&;oQ8U^2@{Z#-A%s3SbF#a~eifc>I_DNQBf7)GMse=|7v%mmX1Z?cr( z3an9jLEuCz?1@RNHsRfLhde}Qjp}-c1J9FY(3WSE13|jTvYNmQo z4-PH-pSTC~9|*ooR+MI-9m)<3DwN~uq^-`%JHyeohnLBS%rqb!=E6}&v%xtD*ifQ(zQziAxMAze1) z5e4|TB;Xp*t0{b+DIACCOC;}h+nT^|DN&y}wt>HH!LF#Ei z^P&iHGxJpBM=}Zo0>)ipoR}jA;F($IJl3dKUGjL=lkbL4y%P%&FnI%c1v~uaj ze<7J#!3%98rg!MXJ`Sq*LDH)OU(A+;%(qhP%XyMI#CIU2VIx#%w|egMPC-b>Jk5iF zeQGwM7`VXC=Bv%-Db6mCkRKHS>KuRmy}Sctlw}H~1D7Bb>lOGeCsrnxtcq$o?(iVO zDX1fVf>a=W6CD+66jyrzW)!O5!J`vWo(CAQg3U+@S7qLVOntmMB*5b2@_zZ`4i#ev z;Hw}oDuBvrb8Pf;j#q>Pzd8VDy5`qM=eyTecD3tSiA)qj#=HyD)|4!W$Z^2S58web zr;cy5ouhF!fSDa&V>W0J%W_q_|Md|`3AWG1`-_QAVKY1DlYw_&MLkkPo#=mD`x8R{ zk`)mG!O^llP(XBD2BY=txqiWj>F3yRf_7hLt7$R1XL1@xvK%3=w|``8K7oN4An*Cw zo}{M)KKG*;*f~gIgC-)QuMXmxDED^a;nDu{hl5sGR?z!IXS8;HBFn1uq|}jvr^&8U z-EGg)*8@G;SkRyN#`WJMj|Qy924S%L(0^@=G=lc{asGJ(tWjLhbg5h@$K&~wwqS4Zg)Lm4|^#!aif9YQ4Xb0 zZOu*G#ozdUw7qpyRQvz$Z=j&4fT)P%Fr<`#^pMgiqDXhAG(!p!gLF42jUq@$hv3j9 z-CYtx4BhuV=Nvts&u^{YUF&=Ay8dyNYsqkC?>&3=>-Bs+pO06VR(|!bsZ?DrCG6F9 z`MV!jNPI{LN(s5id17-K?iPcesEJ(0$qxMM&j)EKCEr2QJ*ltyE#Mwb%SSb}mi zoJ2vG(@AILU;*wh)^?*w$)?(r8m-#1Hr&>LCuKM6t6>+${FM=xqw&bElc%|F*_7F6 zw5$n__ZrJxEZghPph^Yf+rEd8WVhJw_&ZI+JN$lxSZY_Wc!{7wa3a^5YR#`t^-g3H zle0Nv^V;^9p%W*wTP>Uu=nInsw5Oh!q$jhRBqzh%f|Gf2Ou6p&&WCAnE-b!@hoOAX7?g;H?F<-(@Qq)=bzeE-Nj>n9Y@N%Qi=Xt{PpPvJsP!d z?!0{Nwb31kg^#!Ni|EhJ&dNg9*49c;kxTQQ&%dZ-Jr}NmP7G4rE`0eoHq{Xgz2o_v z>->-)tu%kW3dkls<$o&ekKzb!M29VmP_w`}gl3(w2Mf*1HP| zRZLAtEJ(v*E0*>f)2dvxVC47#;BP!#+YCXD$pO_Ua-x8=@fE$gDbkiRSlFMI50!v~ zFQ+Pl?4;1ok(Xg&`WeX3b|%7s`_j@PlRci!QTZ~ZGO|_T`^j9-$lX^NR@w&)kAqV( zRhZiP7JH=K(kTlk;8mox7o^g(^q(U}@$pSo9LCnallxLqF-5gWv8&Y+z2&(&eLXDf z60l6(o^~ajb4v}ym7a^d1LkBmmGh#rjFL))1+}?meIsHW*P9hslTNqkCUzh?Lx8Bz z)DU)x-y7{MG&?Yg+GBsi^4<)$OwAc511N;3cZ=}R=pX?rD=TBDtr~V1I6_%XqB?B~ zG$goY0_UF!9N7Ximt9G4}UfUU|9OwE?c+4j{pulTBism`cj#=Rd2NG)640Xi&jKqtguLYe65@hkNCC; z{4pp6c_ienEkcaQ5oz0tNDDIWtE9wgr)K_29qhn^XOL2wno6U`l3wF}%7Ew9Zm;py zVITwOM!xj6V9UXW+oYCs1vv+H6I|_76pCxIK*${P(~qcX}EiAncgBpBdjFyGy4W56P!>XLLEl|WSDG#A}w>C_y6ET}pY z{DRLa@~pJR(TuZfOhAs`z9B*%Mv;F+go}~Rm0OOo!@)C3PAU@5_RRPaet=^#uHsOw zTzQODSPz$rJJBlAw#BK$ep_Y=JTH@BhcoZEuAKs#Oaxu3i~buKUMFaDQb$JWRID}L zxv={ji|W_!XuZtDV*)&{F>J)9QxP>D>9$&=|8d0!@KO2`Gu3r7K{oQ4HL7Q7aT*4( z987q8T4y&&Ux%4|l1oaAnKbT+@Br{$E$8*{GvlzBANvWk0qY#H&E=nS2Y1(qzjF2Z z9bWMr1@Uu6p|cgmMMj;Y_wFmQI*~!FbtBn*K4Ga;bD9GUHSnDU&?uJG;4gGF;^`qq z>@OpPeDJ({Ib_A48TmX|kd-%?_6=>n_E!f#TanEzdJA?@y=VD--vBrz-F~z`sZ2@h!crZwwR&{q6)s%(;C9j05t1DCTa(5ox z+K8|xPyO~~Ya)0B!Z>Arr`HzGqE2nb>EGhL5QIjq1}YnAC924_zbzngP?O7L{7j$k zAYJ4YbMH7V_gI5rvE6)ySk-EiP-ohOrm+K%uPp&!2MrL`iNYj8o;C8$V7_;HDZ>BP zGvTNQ7_xRH5InD6%f~fL4ibJ-B*V)?&gWuLR^f5vK8M2@fA4Vy0E4&PN`W;ko?9k45r$yn|FC6C6nW^GD(Y8E*%omj}X#Od)-RHE5Z?IUR$Ao<`77j6W@Kk;J;9A^Rgn|0{Q*+yHi5vy<>7 zQk|2rVJ4mS6alxg7;%zYwJTdM{L5yHulDaG$X_C{f9E|P=FuP@286BVkidVg@rZ=* zGeESmx6*lj+r7W$TI8s$Br&&M`Z}9c@x9|6c29SCr_`8mGN)g0`_keGl^rfC+LO>q zbM@>n3OY6I+Xa+Q@r`k=`F;sIruvRg6-2~ZX4ZuxgnC*`=L0++n%8kFnh{;%*04hzaXB^opY~{W_9?>Ky1_S)}e;4QLF5 zbPl3GFpO!a0!K0DztpPz*#MP4!NJJZ@o@bVTCeoM3DuzX|IVh0aRLhVLw0V7#fJyh{(^C<`4%=+N&b4v*Yy zM;dQmAB%cAVJiF!3=LLjojghtxCDw zA*W!|b+~!~Bc)DK&(K~%HSF3VVMk;@|8aVE#cK}O1VIrG9l&?!oFeu z<|Eg8?TK=7^b#}m7)kwbq>H}rN0$#qi1MX})+6ZFX%&4roG2p! zr^khG0%7kZvRe0Xrsh$^LbJxYPEZPfweF04r5FbVy3&bsJZ`~J61qPxnHtG>*LLtti~h@BF|5%lGll_a(GoqY2B!RoUkIT|_}>$~A` zxc{bzPze#A6Ai_wYt_wH#oE!!LDq2{UQXX&PA%_>w~AU8y{o+#uAbq^RF_;*$D)L@eMwX@_ho<% z-tmd6X{ERMi z@KJh7UjRLONTQygQZ9@3wh=rb80+d0iBKn}H1&4{X zzj0fRt+DG`Hty3{B%O{gZAKdmyDRr`##BwsdaQk z!{fN+o?z@TE>#%zm5P*DOF}C0y3%_J*4xj-pkr_mVk7n!9XsQ4{j|Ym69XZo!em7R zA7v9@oARCmmy=v1l1yR=7AA0nEuk~gKX71`)RVzmJ{k&d!&B@;2vfJC5_&JZG#kg_0TAXDgqhMW*J@QQhw{BXOHKJ~K%4%K6VNVyVPvc|g*#1m>E zU$)RwPcW)dXNp_0-%sK;)Nz^h<9hrT2VIPX3(bYX@cL;@2_mE0 zZeK>XY&+TcKJH;L;2)pB`Vfjxw45_CFKxoWa~Q*tt|45JoEZ}^n~;#w`z!PT1o~s| zT+wPzv}OFCw@75e2`Q>=KuX_&a88#*mZ&+Hi7>#bohEp>XH>H0h@?T0w`SoszZu19 zvxCFx9O~U|jGaj?m~ay#lrGAW2+JNr1%Nc$Zl z$3-}C|0pBBVYT5)hvH@-I zJ)vh@xnUyBBg-1a{&19r#dc&#ejXv88YfZerV;MXgJa$^ZbhSrzS>w6;?5AZn;Pr5 zD&ksB;O%FM%^CzF7LnlDxm6nEs)Md%Z5R7FCkfAl+}aiwEWPhp3Ndo^u&vuDD+%?m zPRcppyM5mldG!<~xHb@YddX|9_xd^=`n$rM3p^jM>m=)@xa`+aoy8ORtESz!USW!rKPMh+ z{OL8d9|yZ2UGalHUC=x-yB{0_h!F;ZA zG0S@QhN$iYF6zshXT2Zzbbn<-ow>zUC?o|*nQ9(zMgk2 zk~Kyys1Wx;&>lF>yuB|2$JxQbIM;NN@%a4gO+TOA-CfoA6T)&{f$sVX%@-uc$H)1% zk^|s8vIkJb>1Kko-MWAIQ#J1Y$(}jpPUeY0OblbJ%wx3(MfZhgc8BLD(qrt$7WifEQN;XTTbhc!%85lL z#>UKNec_rHp&Yh>%i}D`M-QF?H5anEv0-fnjARuElT)=Tv-we}G%JbqH1es3Q8s{7 z5PE;crE7Vo*nIGDf{<6;k!`XS0^?waW>7Y4dVinYeo2mhiHlb2_eDw~D(H}e>1*{{ z9Gk0)n`A#;jE%lW1A#l9Yjwo=o&kRJJwJ!?uDwsaE=F_~W>XZ^3e2nThk+mMOT$!-Yk>0Ec%FOPG z4y^8u2_-XW6^45hR|$R!Fcrry5kpeF@hE-hEk`P5%Rx?rjkMLofyT!%YtUkPVgQUB zL$d3qyor5_Fm_1XW$E^C7?UJ#3v!(P4{>O;elLUmN_Y&`kQafnL?m*Ukl7N>G+bdN`07Qw6FkG%Frc{rVnup(v zS3DQy^%E;L{-qE6h2>HSWH56a{lvofIGgyh%4{+tG?_n3Md5S2yx9$2>D(xFnHMpo z)UuD`aqr95TgMknGDU*<^D1B-cG)!(o3w(c6765jB*yqq+j{G=Cy?`6u?4p-V@x8D z`irwoE9w*A%_-3Yamjbe?P+csyni**j}DuNbSzoJ&CSdrz~Uth1>VJba3C3 zr@$~KcRqb_;)Ox*42i*5LqwnJfV?6)o4Zz8LFmk(a@L>Z`ZcHDA8(N@wBfzRMC1+W zRT-blljf7GS>)29<~Q=Tn7#pimU~6EUiwevP5&bJ8Oh!^NU;;F&Af`h_*a13q-y7D*Ly+;d zx_1KD8eB#0z#-N_RJV0)6#O3M`nAG(?K?uJZ;n7K%}`rgYX`_M9ar&SlpuQW#U03s z5nvLjj8R-l{()$N2FK-y{nM<1y=o-UIwpCeiKWGmI5M`-m^-XD&M{IvF- zVO5Nefpg%{b&FwCZgSt`1F@sT^Al4pTd)(uM6JX)v#=g(aGZz|1avDji-il2MwFEb+xq`k6fYXjd$_lZjzzJHV$7kuxf z&1cyd>J(;KHm&gU_G6*)MOJEq%tr*Bd}%|XBUHr%LpbXgAg)Bg>jF&%owL=~MyH3{ z`xCpE)lW&6XqnU6=TOtZy3j^vuqUwN-O3_ZXhWKOCv-k(XaTTTF#xSmoBA`RZcJCIhlu z`>@IQ)6osOWZgObY@a_BK}`*D<<|llnmiUd;c6?oV)1B`IxSmN1ENK>Kmt`10O)*eeL!dQ7*EiWmG0aa^*)ch)&K zSiO#dvP=w<-+)aOSCSQ-|HQhn0I`lKAAUpa)5|Ca21tVWi@w26GV7l*Z(i*y*&>E- zZ15YU-u#KpTK|%~X8lFwa&gB(cL!_S(ZOWKoa^3oT!~Y585D?9eT}m?#thu;=0mvK zfhkYPZ9jow5{7*SG&B)#M){7WFV1u@X)MG3HsW4mbM9>yf7hXWHQJ$ssao*;Fw)Tl zBnBQ5kGic!+(nF&w4Gz0s4cGvemvnhb~F4S_d>{%{lLILjLWQXD#F*)8`G+R)|Y#jg%U!QUmm&MUe%N-6T# z(6*#m&AF0`d=)&cSg5%12gS)sR>4A1`IVgIy~ocnl}EBhrZqpWG<1aj;c;&D`L3ZO z>T7~6jz4br#Sod^p}2eR&s+j)oF7=t|6BkO{QnyE_WloeJOA~<{|Tt)fA_)$dS6Fz zEom*KPsgt#6BitDUl-&RR*4!&GwBq5D!EWCc&BcK5-yv(JvkMw@!H*_;>pBu;{@*y zKhEkUo@c{Jwik|-vvaqWmkW6F;T~F^e-5-E$mAt-i1Yp+CqwQVmX7vwAEtH2w)FF2 z2O`E|&GIx9L;Frut@{UR#lpw!=(_ZUlg}?W9BZvV4Sr(Q+Isc)KEu76Wro$N19l{$ zKhNCN9_Mi`7BjcC%)4olo^OoMvbYF7o1axoWvacEY%~9T=W0)X|Gax`PL9c!QyAG= z*P^IkTKV4j`FX=(*NXe($AVOHul8*#8|;G}ux#W{zve@v_#f2bPm)wcN>s8mAEGTD zw^KvT0!x#3){=~jtRhQ|`-(5}ZP8m%VSu;-<(HopG0&=D(&%O8?K+5l=NxyoW(?g=jn5n53@c#5>~x0=IOfc1eS&^T^>HJPx7T8k%Z8c!WXE-t)S z9ya&Y!K*xv7lah`F_(L|N+hq$_uaau(a&h&sr6b~`Any;M94H-=2mc9RC5 z7v8(2#_SZj2`_zlup*zQsu@OW`XKP_TgwMY`TQ)!1X)NZ*(^d)w>m4U$@l3w%NzVC zgmd5BrCDtSKvG!rt`E{}#D6+ttA#WFwsZ#CGJ@qBg?C3!{NdW6fewgrjQR^1Mc$DV z9C=SM+trxlpzX!_&T-W*B^A%C^~c)xyQUmtkG6KoZv44~T&Vz7rbzROl=hJ*XHGiz z$41Uq5iio2uEk7=Pi}l(qS0ZNV*Zj|D(+{HuJicQ+7R6=eh@;`^g$~NrJ8etjAj~b zNIk!-x;=)>VrRnY79H`^=c3(NWsg|G^6U!y6LpD5z(EOkYVTUU2Uv=V$lI`ex! z1?>16*p|CBft%b9++P+~=GWB;{snjhDAKaMr6;k%+C1n6_&NFT&aUev&x$`{?o1P# zzFtb?r-gxUd1BVRsH;oe;kC|5EGO%N&zw>w9|J`+2#i%Wid)E|3^!|?qCNJLX|Oj+ zqT~|7BVs#`aV54mgJ4AQ02mXE;UI$QEWKgbZ(EWH_%ADPq{T9EoA$uw&vElWiyJ3xx<(q8|P}6qzC<uJejo2NU*+e^Fy}&{Q^kMR&AW zPrV&Hp;u~{<}P#GTfds>Z{fFBP~179QBY$qD)$w&+)o_ z#pYM5rHxIYy!R4~0%q>N4ouaw?19d0G;yuK-bjb3{X0D=-S<`p(V+YunQA=43^qN_ zchWQxi8+jKDd4pFmKZt-v-fF)4hW7fanCK;T4~ZO7ml?}Z zGnE{<#Q2!WgLtaybuN*YuRAgs%o1{~b9f02SK8^Y(+VXFD|VC&DU9}d^^jNf_W|hQ z37b2ZYRSHS9d|?V^oAsoN>`B|^%TQtVFdC;9N^iGN`w$(B4mlu5HGOUj5x#SIVO(* z>L&c);$na5YIku}&4rhBQeEwVsE#YPh{((JhlB=!%?fg!=ge$Q20lvfIAg`csUOI# z)4wme^tiS>i^;Okl9hx1Z0KU=dTvGno%ZY|(=LRkExUCKT)4Xp zm88a`#z?pef<>ZZBvV`00r$x>HhpOUdWc}Ks|BlosP{VEx)M31-79Wvfse}66bK>H zC3rUAYU}pEyY1KS7rOY>f@`O61}P2>G_Btbu_*=pdqUo%tTy^?HK^V#cYpOdfeqO- zdKVau&vLT8LKW}Zr#r@`Q;)lN-NE#=WVFO2=jhFbCY>R%=iv{EY+lIW?gTFaBH+$CaY%nWe_WigcuI6=beIZ}Gcy8z!+;j)n@l zr>591ZF5=am+U!M74LJUdKHYOV{aB|Y-pOk%aRl%nRw_8rILJ!2N%0SAeO3=3SgV^ zDSVvbhR@zd{B*9FCo_XTRZ@#J0Fw@CaeHaZlJtId6v)wxgA_n?>R>jrKDo!&g-4gO z$wd`jo`U{Wfy(W0Heej^pZg;%u`p|5&F)Ttl@*Uo&yi1x12Vj%;>Al%(mL16t2|qxmmAEv}+Z)kr3_D(U7?^YBf19K)SsS<%vMcf7 z*{sMk3ul1+9mh;{L9$De&!zy(-aZJ}XV@&sdurl>6Z6;E@!~mQ9^y}JZZ*@51>b|BI@1<^ZP#$y zi>YGl3LsN|P=1@0|pH7ym>Oyw0>rsQi zYgA_cJ*&Gm{;Aoj;dq@#(5oPi*!i_GO;sYH(ssUT*L8Rge|sqJ2EIm#?av{bi6!)F zuU-{sD-C5xt2K4%Gh<$E*~+w&iRCd1?VU%}=ypaFkZM9gNVr*;&m?Nh0^ILT8V4~! zv)6_T71=|Ci^GJWKi=X)Kj3g!;Twp>BDTSflhpKjv6fM=$F(Sr0_$OA*6j$ZvRx6K z&Nxqm9N{FU*+PN6!ZLOphd8WuA*Xg%K|b`Z$C7b_&{@Aw*5U+)A8UzTXfuNu#@lCT zeLqa*cN`5X53?t{0v5mL_HfXCh%MXwY|QWP4~Hm>OM-T2 zy>uXdy_VGB@LrNo{bVS=Z8mU~Tenbf4AO=yUo)Cy8Mm-hej zSJR#QuQ98NUl7aYsF}+zB(jecFFw3sa%Ua72+QfRABJIvs9u#V2Xe#yZsSvAYFs2_ zpj15C+aP@aag;6|^um{9n}#n0q1-HwmEI}EW*3CTfk(Bt+Y$6LUdX5vI@eh;i{Kdc ztLltE>}ADin`0g>{VuRg53u8erbr?)f#}W7 zp`Baoy#~H8~@ z1iDmRQi4>$JUesjs{{;^KUd<)eF#^w6`RF<&3fdoQtiSxeNtKm3)A7pd@S98N4D?0Te+6IIWvT`6Pw3-;3YgeGe;I!{My&)&Rw>MclaA* zuGQYx{Ofi>T%{o8vu|r68k}-C*YGc1^;)>li|BZNF}!*E6Uz-2By+|W?znG0xLO)n zhW9sfxT8u^Jg%1M52{eNch&>B0Tq*t1C^$IP_L40k&@q_6fR2?lR*w7+RKz!P`to z=9SY-GSwnOgVP*`)ba!t2Mq2&P`fQ$`v$k}a^K079Orr6oEdB%#J(Ts+HzQQt(~~A zD0n}jMG(m=uBJ(M_hg}jmE5bM?)&ELG+rCWP`lRxMrNb8|7 z66NLUo>Kc)X#44%TB%-0lbudnWxw%K#OdZDD(rP+T z4bm`u!=|-+Uu?dGd7aLiS!!E1qb*mdP6iCptTKNQl|G~zRgU1kCqRpDP91KA zpk!r)hDnis#lvA^U78a&WXhP-3Ez7d78g7TLWX8(i~UTaw2Ab{jE{(KfB#ZN`NL{= zECP%3+#KG(vrcj$gTmBD7DHa^6jB_rc@dMU?VUS65!h5A70)HeR?#(_y@pgBC%9*n z>|!o(i3IK_AVgQLj2ddo(f)p9_rwt(_R_A4J@S_L1Z5}d5i05Ajn%LZmWyh^O;deQ zTmR$%gD)A}gfxAo$oKD$A`S$ZMu(lOy5s*QH7C?0j9^NlGGwtx>dD?)#GaJ&tOpUi znF?}HB=+x*vw|Oo_7$NvHpoK(L`cdRVQqP&p3#gt|ISea>0=XY5&HraW%=`_qOL0B z2Z|C3NF*OwPvdK$5!BogMG@9WBFGYI`~=rZO}(4_O>A6?>igec8NNI-$Vd2NE{yCa zmL$-Y?OR-wbL*0ZZq$?`y%fE+%^tAh`+q%#MR9Cr?1a_zq#W0uNwN5ZoO0c?85q_1 z#owHv^TOT6ah~U&AA_8qhTp&W`{@l8)@T0b?TH3o3jF7Sh~ltap&t7E0whlOpSOb# z)y2~9I^d3j-T$(BA)`{_DMS@xk-BE~z5fH9d6A;_pz?8p69w|M(KS-Zv7N(%ERR9F zeH97U(qgHGsrE<824pjgjr#Qwxg~|A<$P`(K?ABo74?NRx;Bd;Ct5nRbc7?b^xlUHrt$0zPmM{fQqD=5HPYM>2_fxKPTe(EnX;mC(~dG= zP)~U`G_6sjUcBa^oJWbO_6?kGXlN*1taxb`a=?sqR^g6~XyL+&EfXfYdlbQw%_1fg z!f=eRebj<5xGUx*%q!;hV*OxucYR2(`Mt+#gs!eGCFvTlx5FFV{Ga6|~=e)Hv7J zL7|S(^zq`EQv}6yeOb@-&uTc?h}UsL!<$k5WNLSct*51vBza9 ze|)sSz=BeD#dhrg!V>4vky60+O+QgS+BCj}k`S!m`wUAD4NA+)b9lkmIMJM(pvIU| zd0rmFx8>73S@N$G+<5e1u(1Hc7jZj*@c!4qmm#QRyywlD=`d@apV)hp1r#32tYrfq z({hRIKPtAz6P_q_yZ>T54zfVPmBYlQZ3*9P(wYbzXOLS}T9YbwKXk8m(S-iz@jDGV z&FG$Xl+jRh@B z5zQvCOVUT|nD@+cKAG~^05`fHkHI(A107-P`vl3+9mj4MQQ3#L$VR@Ct(EK*+#tBz z1k0cp`-$zL9KifW>rqysJ9;Ft6)H|rM#@2VOwGDPxG1dMnRe9cZ_6Vw(H69COZe6f zoxmU7Qu#HDwL6VH)S%!yT%vX)4E|41h$L)4#QH23vjikm<#KUXPZ+hUbX46ke$Vxs z@wm*;WAO5hz~@CR84XPYyGQ*d!5XzHBopT$r7|QOq9HsvH8rI-`X0-2g)WmBi)o*v zDazN~KfYH70fFOCw)A2zMvJ>uT%4bvFhTl)f&%K=fv`&9tCSa3SwQ z42ptJF&te?NsZ!;ExLA0)r-e)99Gq9l8lWUQ3^vIGJP>la}PCpmKK4%-fvSHR6}oa z8gGE$FmkuXOuN83lgEqV8i?~lxr$g#FJ1TJ%d1a_mc+H1^~OiS{&_^47LD2zb*l}k z!@gBgl^<_!2lSL>2#{6lhLU-{sZM!wI_tEWCpqSGEeiE3!+3;Eva5tJEX72bwu1gX zxrgq;jb2>QC&T$_2GamP)fd}J7fzw?H$$Z^rO`@iB&D`XaMmn{%9YfhX5Wt}H+`0Z z4?7O2lMbO8?(NkByG}?Rpqh`qdW~C^kIHjTMlW^q`e(j)aQ0Qv<2V$(w>CVEc>>NZ zZgjqDWp|91#b3T>HF|xarH1}pE|F-v?ErKWRK&&LQN=y^1aw1nx;7qb8p_9DfH6I5 zA){5+ONTNeISOf{80Qgc&b%|sh2!m?+XJ^JdwaeTb#7Mgu=3&rbg$M)+&1Lh7B#fL zzr$LVdQbP2Z2d|!yOQFxUUnFJOuibgf`2cwWFBAoa!sSsIEPu|+mE3y6r~|a@5{_& z3#}%(bZcwBNqW>h3eUl3pnja51i%S7lVB>z&=@ENX^ajq^q+yej*cRFAuHe;RQHV5 zo9nVcAJ;D@+sT#Nwu=CS4WHT*L#J5D!$VO84D}s+XL-Tvvl{k-M zwQ46TJ{vU8@H0Gt0bo;(cOWk{l2wyp@USN>mi5{tM5+#4EsK!UFX$xvnEFJ|$7;Nc zxoZ)$?`0|A4XwaDw}W&tw|Sh)I^VJVV(i9C@A;xpeh1ei#w zxkjY<#9`NzQiLUMG&p9WkhOMQMWf30C%d0&tkfiV^wVJ5t)!zH`I%~(^hT`Iy%MFWMtyb%+58z96G3`PIppVfuoaCc1^{{Ez>uIKGV*E)c~NA z+4Bp}jPCCO<#68T*`_mc48d7^nv>!Iy02sLQK;ev0CVLX5ltmJ!OR1NT^JfswWYQ`GOj| z|5`I5eF^p~1PN)Cg6-(uIu^OL66G4~*Xac=Nl9Goy3u|*QEe-R6FVYwJ}>ka@H>g! zNaj7(1&D*oT{#D#3L)u!Oq+kwfae+B4nKdGAgQghlX}B$m8$(*C+m9}L-D z67iNpOR1_fiL7}jn<&nHNh;S5h_CWsFSYS{%n_zZp%R3wM(m(I^hZDk?c+2i{Se%9 z#XFl~m4iI33p2rXYvxGR!$8*~5ACMJ$}iUH&lv}?W4HRT$16TI+{W>ZuoqpbJZIvR z31-5eiX(l|mG*>J6O7aB=biPtlX+JT{0tD=zYE(yP!yuHQIQMT3n>HZ6&ZNn z-YqGVyfaoPTZu}vYJk|UCv$|BtPpDCms^y4D_>+z`#d(+bTHcG%u?z-$D#&>s6*Nz zZ^ZV(`7()mpB3ZF-zCtcPOcK$LNF0V(3nd{JB}6`F(k?w9y=DgX{lSw@qu(s)TRDA zmkn^mqzFXPzvJuyw|+7*Qi_4Vnko|q#{Qn3P{eSByHS?+3_nC%mB9G;ayrm^LglGs z$b1uy8h`a>^v8qPfxM4P;|;n@99G8>lNFA>Hh4cC>fzPE1wLEyPC^C~SOIRNoEVAp zGT&*F&Z+o&b_y_~HIu`NS^mx|d8}`}E2;0P=?r!=CG!u5^I}P%XyP;@mn1#9y|)u6 z=KEsVyS?pauV30(cD4QCZLrjJq>#kL9J9?!1^gPV7sxkY;n2>}`o*!4_y@Lt&v@aE2pS6zW zbw&iZC#?EgfDV9&-8U@?E($WiBDboE*A5ZJ$`kwE z!!sXzFVKjAb0>>M|NZkm!OZAN%AR0xtUU}77Bzj2ntqX)Xfz?^j^mij*mJ!f&x*GW z5I$b;#};AqTDe6{+*IfiY@UyeeAtg2E4l{p*nVogMKf0tE3v53Rzz#z1Z-DRkgZlL zlNajcM#AlCO*o6N{;nOd1HRR_zE4fUC+( zaGg+^4)Q(P{)ewcmuB9(ubAG@2_RI)0C;F=mzZ))6RPs)`9VUDyYZu-m@6b)mQp8D zT=pNsc(8w$r|A#9RfnfF%ItsU|MG;Xei`*;AheQPR{0!z%xq%BxW6~nNAp>ra6I)a z`I^%J8}?|GJk9u5cy-4Fbb5lc<6VRZlI3nk2weLBGeD@tfCK&#dh_-{d@F^jKnxLR z3avtr-woA;_)9^Idg%aDnUwchd!Rd&$pXY2!DQDGX*jhYPaVrlU~72)vc&bk?&ACe zqqbl_%6>e1gh{EIO;6+!{>w2xEUI6SuTpcU^6AuAKUU3(C(Prt`oZBGcXraXgoTp% zBjCs4Ds9hH2$YtjJqm6tcc>;)49D+yfM-o|>_>YoRW6F*(6#1?aKk14r~Ur$?Nc7n z6EG8DO<@%6K2=SX*XTVY$P@la`kAH6%hDcH^WSejXy@TRHX^s37qVD{ z0JWgJGy=hP9Lb~WDl>~JSyDGm;U7{n0fJz@p*)!y5Cru{PoV*KAfoH|d|2U9%pEC# zGgLlepCSrbJyv8_npC97><}&x2UuEgbW>1mxU_Hhau|Fm-l#Qz)J|%Z~H4&oJw`~oMxMV{j1gK*cM-ap< zV&-tCMB86<%|@hHcX%^{7bloR=w2vXNRfzkb4=jS^o4vECuuirAteyjhDj_WoT~|j z0=fy@wRUznEXVa4f8J^`wXl9Z|WV0B6L-(23xx$&5v|PUuRcTw- z8O96wg7bu%l!pQtb6mPyY2+KTcBypHNMCG@S4a2*aoCz%eKMm}JY(AJ2*afwceO?` z*>4H__7bhqr6vqQqPIGOwuzH=LZrC+y5K)kdlI(~<>qOx270ap*kiBShg33r=TVfX zD4Rge)BrH@-#7jp_cy;fX^3=Qy7eE~5VwE2h`0z4KYe_zQ_r1SMO}ek9$Yr1Idqdn z$|@%ERZZHIT(|2nw$)&w;}D-`;-WckQaIz-;XbW}qf!U_j8Y8$2mnVJvF_fujQ*%} z9{$)jzV*pgBs*F<8JqnWJm#M;8!S~CjrHNpUus#0S{I48=RR|5HV(@4%WpayFyUpl zxhu&7U*c&WWykJ@HXD+huw4&4;<#?mQfWtOv@1e$z?z*~+&X&Aoch|34aEm@r#wW0vIVTHGw+&v^mN|*@JV7|0)dAc z!z=$$nKe!?p48rhML1Tr-OI1c8%;d5IaNv>Tpdq#PCgizHB*;NN^u_%ar%XHO5!eP zGgcrq$QV;+7NV9H!BK0yGUw|O(c&2my|)0RzkKD<-#TUl<*vI85DnOCW#haidPtJj0y4xIE zd8J3bgra9dLQoWd@wjt{B8sBjyhMf!V5zT`*3#myQnkFc-p((?5A&z`M_Pk%&TgW? z?>x##6(ia^oAhed7Eod|#|WP|%(C7D_YD1_bQ!pGI>ZFoLvUIm7lHYcSv)Gxe3O+x zo@T6_M@$NS!r4Q&b6WgcofXmnvnQ`d_-2`p@U?~0BeY{Lm0S~hm|)z2nA60jjtQ2d!-FQ%C z)x$3@{wWmjMM)2Xh4YK%KiNpde6(uwt1^By{l(SRjAt-kt}bVnQ}rng>fPa|{0~zm zjy!27io{22k`yO0ZU#1cj|kT-tm|!RYO@4ROyxujrZTkRbbD$9I`n$bBV0?r$Ez;X z(0djynm%P+jw>u4Y^V7g%gFU)h8;yy%Q7;V>gw+GQ@KdJNTzaXwKw;r=0Hj~UuaO1 z{+L~-vsA!(le0=oEc- zmuKd(@%!UT-iCu56CY@*>gm_D4{|iI->=5z8udCmG(Xwr90mkwHN!Yf&k(KSevS3= z@`7(^r^nVO&3K+h<;)tE9tHCS)_bA*q931+$S>dv-Sv^w7s3gYsCnj3@C@zk(Qf*T zIIuXps}%~gN8(6gDjBWzT#7zv!Qvp7V!Ytq;o-REjN3;_+^hX`8cVl;=JpW5z8FlX zajaVpWK0*Kf~zg1dL+XEb&r;XDQxRX^@NthwW*J3#H%Y(dkcTx=aTH{ad98jIWO2| zLMP_U7Q02NjYj#ZJr-T7y-*U>_Pw?HKUXy@E&dm6?-|u}8g~88h>D$JK}0|ZMWjiQ zPEZJ4K#KGxy#$adp;_OI9$X59Aj(uEsG z`~`W#l(-6sKF8^MYCracyE`sSc+#doyGV)u00aRCP)<{6U7tb<~++Wi*4t?Rpk!A++&MdX*iy;N|96}=Wx&*gj2D@y&1-S?YGs66ei z^Hrvd@j)gj^tA4YFbcsr8A!Xk4n<$L<9XMlb_sFNo#)ZonTz`Iay%<#C)kS9lY1E_KRE;N(-HRJx)b z1yIpubInH90fdjoLh1{Aj!Loy4uE?#UL+5NS1W`nxj%yrfx{hh+TAN$B$Fx6*|HCn~^ zoancOmX?QI){J*UT*IJ$&LnAx=tG*7q>#cDH`gK?2koji;*&&&75E`O(1Czo)8=%n z^0#)X_-aKQE!;>IvR+mKm7|WFvBJ2AYHHCNzOTEPa$kiqBSGXqF@T20(567AL^WE` zxWg>d?NmEc>ntQXOj>#R<}Mu6_E}4==;ft<3bfI<;qo|x5&!m%<_jPVarB+#`^PyB z>JszlpU^1I`ABOmLGHLPMBg@7kN2IIZJu>54ia(@wSw=>Cj?3Q!mg#-Q%3jj`3i=Y zf$?}^{vm@y@VI>HC^`OQYcwhjEFTigYk0fb&&HS=1w5lXt=W&pO1;Y59Sok)tE37w zxffK84C8JZIB{oZ3l$?$-JR-(~!F`z)QRdaGB*z0yb^`HKv6!TEuUjiAt?#ez*CsyWWFRp?7N+iqmPMDS+bGYvDvQD$oDZjO<5jI;uz95eY zHFoJ_RjgSDVIH^8R_Y;EvCx34ZL)*G?;t7bp6%k%k4a53kHP9^uLks$4H%ZxE#LFT zVT_S1+vbe>3BWvZsQF&Y30Ka#9azZR3hEUpAhvS$fRDk)+Dpj$ zaBthzIE8lsefh6trViop=Q7bdqyma1{W~qOjhk^Lm86Be;*r!&Etd6JuG&1h>R}-k zG?BCP4(@`?eoC(`s8(N+JGF@w+3HmB2cmPfy(%y{TQGF9YoGda(vV(SH1^u(>&Zs$ z(H7K<3(*+9vRBbwU8zF)bh3r7-_*}Yt=4C=zsjak)@P2!RnnRl*-0XI_7v#uB!#J~ z6QgP=wE`mVJ_mkZl7mZd!*Ht@CSYc=+ z;mYe{w#p3pP83C+-xwyfEBUTQRJT!-p!T&V>_g(W@hLd9Y9GfzN3+XJP71u1z*O^C z>w1*jk*6~bM7B~gdSOvivH?OYDNsr!*o|jdj22P+v+;+(B%0+MWHXRu9}j-+|m7(yZzO-ejP*d zE-KH>#HpkQ_8KPL6n`&_PiNbwFuJm&&)8rQ(bxyy6S5a!9aO%1N%x;gQy@|g!eh%!J5 zLejU|%h!I_aa!ES3tN1^kAa?gPbu$4o0lC*JjaLC1wHUNUfpC&bBXhuB@O&N{@G*d z?-VK`M)_at0po$HhO+b^t$!V?Aec=vQ0N>lAI=;rDM=;N!~^0|){BCOuWUadHw1t{fU3li9txaRaye61oS z*{3y*6(=!s09ebs!S^xQGImtP0ZHa)ukcc@54pD6_~CbyR7^r;8!1;Kb$e4?=FfJog91N<*Si$Lj1}1e+C5X! z-L~HJ^Bb0-?g;x|7?UIZ?VhkxX_$F0D8NCfDUT&y-Hh-YV5IU!zJsiWQL7wN+ntDm zZbXB^6)kS->ojxuRrRmvC2EIyMO@ycdVaGJ_v*bQzWqzU!EQ`l`*wmwW^#CC=0chS zA(zogNVgL1-?BzaFMEzkj@rcs0M&990)oq#(-hdTHwZ)8LG02Ugmze}9 z25N&5z``8$dc!0jO$uy>lpAxFCLNok5=+qE_w-i0g6OGk*IvMrm!`JKz?~E5GoE(^ zLT8S32?Cm27h6`CQkG6gS;#^)7>1p5sf5_|5c)#NyIIr1kLUu-^S6mP}K8>1f2M-7Tt_`#R_g8BoiXguzF|;62C^fJGfRE|69Jy}49UrnWH} zgblav>bb*UVrqE?xVPexnG3^B-<}nY`b|Hu@b9zGn$B>!oS$qcM0mTCA%iVQ9hcVcXp0YOCoX}9P)Q4pAf0ODx9-> zmBsucj9)p!f#n1Jp&a9C;D_gz_;MxNA$)R`PK6^0W?Wqf!tS_etY7Ge2nDrrRVG%U zLzjy?_lm(eM1&9ZcBX15ow>%1k;s7Y4XX`csSjDgZ}5xkv9yg+ZqpG?uA{5He)5Gz z>l&@19a&_v_IF2Kyog(mF4rnKg3wE8M@m~zyuRYeakKO^o%E?ZOa&IWe#d`BFOi+k z7zJBi>%F~FN+P9c@#mw52FAv6Q?OP&bT74Av0hNE=Rxps?zOUi1%>InGcV&KS~9@Y zL742gh0jTS_fkeS?UvsvO%S8{ux?V1;+;XCr&_a+i4Eye0Au2i^^Hm-JKq|AS3o1| zmy2VHQ_7UW2a~isD}+S(4TZsz5x>m!;XC%=J*L;^*vo@qS3k>qfRtlyh-Rxwl=$AE z5++NKa{4LvPE@Ctv)B3M!!Esd48n{xa^r=jw@>Evh*Y2{L_Nw9fL%2M{lLyy3V!|A9{kbQe22t0RVE0VJ&27Dn$M==9q8u}D zl+5(XEflTU-&4%H>o*!iMh;nvX%3wmr@fYOC&$I8)D@9r<_jtT*FUc=F5bK$v&p;% zhNTW>gK&zk@3 zgjt{I#KowGFTIIWZ%)qk=`u(%^~uX!?$v+)ZotjI|GRurnw?fSkz}NUsO~eD%^USc zJl+r>dSpuyPR@WJGLjw;IrBcZJU2S`5$XZWf_^6^{|HNH(CEABUNGcxFPEWx|4qqD zyucb~dL_GeL4~zl7N3)o`z-?Tu{V<3o8dpj!;XJC$bD$8Y%vcT;dSWQQaxwa*A_CR{Xn(bRB^Lf+RHsBIkA-Q9W{yAKI9{{KwRUmd?ONX`3M|QVXTPsX@1S z>rKeb7)obqOJGry4$btP4TQDxZ7S1mioTe9pnl@ z^e?2%;a(p= z>zDa3na{9=mObvZtilz}t}TaT?_6=YbdHn1!Er*2~8%ef0XNcTiB7VJ%bl7-61&_eKJ^iE^AhQJ#0C| zb!ACU+I3Xz#CGnYFX|J{h54etVAozi>O(jc7*`<^{roOUEbk5;Hf)0=is?tGuYI=j2+*k)P zcQc8-@N=HGg}dChD7s@BME*#y=Qai{kK6G4+AOsa+U2w~b4p$_J2}Pg9VVeRD#&Vc ztIE-f;fbcaB3|$4CGv1W4t^a%ME7KxVG}nLMWoh4RYh17K-0!NhE$&WwYR;pMk;W* zeCZMkh`4|nNeJU^P*1wllrgZ%vs1AjhnO5>(1Ugk55P&lksKn-UCp347o=nMlN!NL zRtcKu`=H>Bo0B~kS_N|G`@kb$FAh>;YZpy^zj45ow*fuKk;d@(qxX?g;C@gECiJXb zl8=W7d@mpsvuCpp3PfV(Uwsfz%aX_#Jvn94>O${iE%&eVC?8eCcH&Kioao+L?&FGt z@p08tj@4X-W{s)W>84^UhClPv&(KU&8~7bc)^CnXRd1)#1@4UsGYzr8=$PcRAQZ2G z@S=6Ilhos#*7{XMv{^5aPxG%i}DqF%vdBmZd zKG_@I=^#A%eXmWZc-Z04U}V&EM`&cjx4n>RK{r2awLBsV9qsh6GFK%TnbCeu*gcq^ z?9BuS=)ishkSmImjeGH;I*e9;O*XMTg3*Z=(WwjvP7EQBRbB7Bf%G&By4Q?gGUPTu zaSd5>;hAS(UqGWrKc+v@E8|CKGswzbTbobFp5`L6?oILk?=*k{bs_D-^$JwJQ=mn) zlx7uA{EEZdLI+H85xxxf)4;9T!EpCO5AB3Sg+5_;`HNU%RS)@OwQjpWS6N|_?`)!V zdX!PdXIONwpk}Yj^VXywzBeIm6?2x>05Z7$4~=t`M5i=D%*Ex=?{2k2`z&XZ_^4hm zedSUYaPVFjM z+*s8wx%d^XDeERib@YM37o?+Nl)|V<>)T)Q-Uf>f7<99CU9&#)< zUgf2d`9KCnOiPTxXR7JotL$vMa;DWQB<@ET2EHpmWfr*M4=3<*?+08d3^r!)- zr#1p=lm|#)W?5%cJB%TXAIlByl6sSjKxk$u(FSRIwU6x!5MmN4)EK0Xz(MeZr*TUI zFjK~&;lMSZo!mL;G8jdVB;^C08>Pq*>Pz%)=F(<;jk1u=6Q z+7n~p0V1+?b~?n)N$i+gCa~W4HgVrHiufwG{CK4_WA2{l3iplGv}|#B3v1m-TqE3n zSp8>ZT3~URKVfX*3n!{Zxvec$_M_Xi9_w5*8Wv)RM#LL%1E$@HLwXi8|WrKfkp&wMbnr~ z>ZYkqUfs@!xXHPfeU!EhcEEc%TsA3cTSK}$M?S$*k|!wuHEs~gFmc@X{-NfT#^Oli z;a{~}?!)ytAn3--gvvTKC*fL9^O<%PR8F4&x0Icie#XRXCNzmU;C`vBY1EKH6r*LB zJKc)xHL>MYJ%+Vg`#}dCV+N9&(smgV{gZnqch8MME0|d$=jFq#%ieDI1dZB|7m~6L zCx`2Fi*<9`$(1;O@_*e-VgLJPdgssd0p2wKcURf}tG@uYd-nB*6}N0XE7mJV9;+SA zL>=E6Eh_%=n{aMp*0i||Z2iu<=R{s7HPg*o{pX{PxoTU z62-@uNue`ToSfDjUEd#NI?g^?m4ELw8v{OTqB{AgH5Y2o7EWHq*d9i(drY}-V{WTc z=zsPIsZ>GkXiJgxJe>E21Jrz|@S+L2ZNPi&#UtZ7zk&&$DR43!T}OG@M=T^>_QLS@ zC~WbyMw%PkBhHa}=^=m{lPNNau$+}b;0EGMU@rx&_^|2uBmPx`1F2gl3vCnqNd zwncfw&JlLC797c6LgKk@BgZXf9oGxlxaPB&QhK#y8h}`E{5VOAwTnbMwyL zd*?;oUe0-wyVo=jDKE`Mw==I81l2w?H@3H5`33d8uU1UnDm4GOA>+SPlzjP=S?Wek z@rR>|wtGVj+i~PYv7BQMQC8yb{ZVdfYzAd^$?*|YN0SW>qoWQO#z`|tW9auxzxa8DjZpG`a!OLP~8)sJFoRza6QEH4Ggv`NJVQ=^{MG zlnhy2tki>a8h4~9Hne{lUk(l`d}yKod<}isqdkKaWifDNh49Wl?cUEKOO)H}sUA1} zNt)w(vhfqQ$`fCd5iU%|)8I_=c)Eg^C|Q3lEh$DTFr25lr05VUhhpgpT9pp6>o6a@ z_(}P_pF)Qi;_sPg7iF88I4~0%Nx>QUwS`@io zjxBP~DyXWobQlltu(z{EZHtSo<;Zfb5$EU}TE*{i`mD<*hAWy_3CMYT6z z@+oRO+g$d$+DxisDR`8aZ?*PYSx_p5-sQ_sk__O3B}v?&(1RN)F_bIrM{2{a*1|NF zyg??xqfeFw2cQV?T{6%AS(Qwz7+dpte!lq6ZU_*^=kgr6WUU#t)J#^d4jlnG)Se{c ztjY3vMfv{nXRN%=seMVl-28wNFJiK}=zls?EqSq-YV(u4iSwmd=gC=l+UH@Qd}NLE zuIJXTyh}gua%R)zPNe8(UHojs4s-Qf!Ph>UVCs#-;Kl{E1MuuSKawvF;0}hzaK% zBa|DC-=M-ug&I1WU}Fah?UcDCbH7vGbmnHBql8=%l}WfFQ+ZjexJ9&|KZzj!v-#MM zltz4aCaq4~W3?1C?%{|e>nM@rQSSv;!20iRE&@P14_zALOhq&4)(%SdqAU(b%ezCc z0ra-3_u5_-)SfZ)Jg?s!vFjp9Y1Es#(HY{Jak+F(>wM9v|JpHI3ek|+h2!%4Vb z&4AyRojm=)|2N7jAvItETR&WU`BUa9;PJUrt61=731o~`Pk1CZl8m$tk+z$ZddvMs zV2G)Jgo}Jh+wHc-OC5Zb%IY8z*Tys%vznTkSc<_8znr9`k}gl9pl8pV)MSuK3bvL2 z!p0=212P%xkR)elu?kU6tqF7&;tgGbeGg_Bs~4a<{svD)b}En8H5zLz3bEl;N;En8%@^vQHYgI5vCvs2Mi@ zOF~AiHtW`}S@9z{!C8`RZqI0JXVka?pKnkXdh)Zp>F=yc(;;|)duZY_NuOh+{g$b7 zeN}id9@(?vKp3VUHi4z}xIklOhY=ozc%vYyy3pJd9o?-K=J@(~mUIxjQFRF#R0Saj zp5}v1mh^aIue`=36(=Q)TbOu71s3U$@6i#V%tfS1hSjVX)pAnn!jh;%7F`~xLqSvP zRwpad0?d;mS8}swgESzwUSG0OroDr^O=9hV!C#oG{2@JF5_mYPH)h&%U16blYF?yK z8w{4Hi@XirhD%JGNVN<91TvycmnVQHOz~Su&GdzR(iYpT;;&BYBT~4373{lx_06DO zTZ=4T>h*@@EY7<$Vg%IGK z=Qt5aqeAbP83n!w@9TUX$CM&()4&W^}_+@Jul=c-Jh42Z;wk zS{yGk$4Qv02$H654?r9l15A?`N=N{grQ8L*%`g_`TtIY#zds!ThE@8jI61eGVxweg zlep{5%4X+<%MZRX9(}tax%F-9tmFKvZpey)kgovEvSx3>ZAcB(kgD(nABKla%la(SLdpOj<0NF=-t{GsM3_4+-r!Ooyr28=&${yAfrCTA>HSz$npIW-R5<0*kTBD86D%@u|EbdhfW$u93Jm9_@g8Tp4) zrU9{w?&mlhsM<-S!+%7RBY=~6AnQf-_;eya`e8<}Zp5tz_heIq;iHjhI#znZ)1j^W zJbf17v~;@pejvAh>EgW^jlkr;X8VNOJA^cPZ(DaKM4@KMFqOgg2Y3&iuMElu;rNAI z!$j}&ReqFoPuvG2&)1a!hhVo>Lh2v1-iZ6#)b(fzJm^Y9w!VR-HuU3Vt^Sm3-FDf8B8*8wN>!BC!QI*_MNEUZa z3A62_E7>-q-cI<0d7fjJc=QlXMJ@ z@}6BTlO~Dt4}70zzVT%y=@=ssehDEbGqF7AglXfg`yOyr?UtC}euq3XdeZ7}KTp5& ztYLui&#wWA6~jqb+)Wz1bg^lw_=}o5I$TpJ)kmNG#ws0)RA?nXUrFZs8lE89DOayP zl3iydW1{Jh2)|yXs*%c!;&B5`7T3QUM|wrpE_s7gjukI(TlA0Ur9S_1o(Ql3#v!SvCgENw<1N<;?0FpESrFUI#ibO&_qCbs)K-`0#zAPqD8zDU?Cn~s-iE)zh@tJ&F3Zm0un9e4Zy0%3 zBBMDUIbO53Vn_kH(DNX~wRR3^py8Hg-zqXLLJ0}9$8OJ}Wv#8PyJlSXeShgauLw$J z8vh+MrSjh(eA}zJ?bhGLzopE2c0-kEu)B3k!nKCgF9Z#^)2oV%jD&RaM^Qy%MQxV* zv6(kUA8E3UCNxy%)jg@V_~lamSYN|fg_o?va#7S*#zU-FJAb%;&@7PN%f<^`r(M8X z!S+T;@CMcFO~jc^%0-YTlHh(OXUql+1(O+Jj{#qWIk)3NpYAf`-WbY3x%|!dav!?I zC^d4wcS_@JZnz8$tJ7XK1aFF9d{{M>}X- zy@A&wI&J7I{+EZ-o~#G3qmOln%55P~No7HT1MJjj!${FIa%-^T=2PgnH4=1$KqkB9 zrdU@j34_#Jwh15q?^V{}e=jo%obK_R4`Oev#to^$S^v3_R0mR&le?<1)ddFd8PW~C1l{CPpIuMy9qpl ziiI)S$=k$juX>MynuPlPT`5MgD245OTiXY3-aIdry%}XkOq6n0>|j@Jp)y}S9sBlv zG?s6FR#r-Z-&eL0>5|c)An73T?q)@qZe*%dI|( zknpIN%jlHXP*E%8W{^TQ38kGI%;v>wM)=?(u|nwU5vio4@d4B&#y^>+#r??l`9MIj z0@ujGyL0JnjQy(rDry_;Z<{eY28DUAPwUuUk2l66HXW+wzbxlXX9zth)>U(AR@NJq ztE$qCS@>v``2HeG$yLT^n_HW3_nA-EoswO5*`!sBrY;4a&KzzNWkK#nOAFq@GA+No zFH~MFltuY0NKCyXs^g;QTQn3GC^_a5YRac-t~VF~y|w>-M(!3Sk?ion`~xCc6oq#| zHG7|RX|>oi1q4d=e<&%yDG^8bs>^8Y2|w1Cvx8kMb0$&I|S=Xaf| zyO*CF{X!2EzdX=U`zoGxq6P=C(?FdfJIrLMN(6v+OoFhp;5Hawom`MzfjaEBIk9+f@gGd z-YfC^n;BOGQRg#^%^B65u-6XPxGBI7dG%t#3-i=h4d?^33(A`_564qIb02`n{nNy-v(oa`Kq0G83*F zFRnJY)TU@;)|4@Fgy+e4qaI389?BW*g%2jsn8SQgz_sn$rEq&)kHIylDT8ZSo-RC- z$93)&tX^S|$;o7m!@k=(9fs%@z{}Tv8u7eM2tq|sgtdo(RJbqd&z$6Zrvm62?o3_v zHy_lBRF8RZzJQt@j;&XHF5Y)|zTn&B+j3UI>B9ck{2*>Auh_F7JCk_Ose?(7ICC;~t!#-AT zp0Z!j0R8Y+XT&ZVx%v9_>p_$8`$4su?C5705f*foMDGK9tB+alLt6K{A&98JhXXn$ zCMNmK?1RBRC_dz$=T9Q;re00t+~nNf)j8#Bi$77)?Yj1fg6;ZjjBswv@Y4Cbc3nd3 zOc7!;Z&+edGcb2}pfGRdE~a)2dA1tCE=yxaqbUV2ug4=(V@^dq+&osc*VEIJ18v@Gv$lg(Ay0|{)k9z6jM07 zlMFptX&b|BSo3YT*hrkKw3~IlrDm4z#teC^W_leT`|<;}%>=p`{#?=!B_=MesRzSB z`p9=fzoMLv9(7ChGJa~8V3uWYU!<9CP}u5RkfCjlm1XSXop}=BbK*&werOf{XpLgm zszN$B*JFjFt_2nPz&^=lXt-0`Hr+NGS(|pH%mwo!?M3AfKAg{9s-M4yz`d~fv}n~$ z)19xR_7mboaV|2?s<18l*4e$thrpUwfVY%7iaP9>YWUJCx^UZjL43*<2p9@q-of69 zFuN(-r9uO&Kn zLf%%oK<=PTR~4e<>GvL1noHpO$=g@uGk9BXltFor)N(q&>Jr5_Bz#XI?rPmNF@TQqMfRuME$t%p*!6 z;gaJy41yD5lxy4wsiBWxr(d#Lh{@j9s}MIvMV9H;S^=PFne&W1uKs9){-5PKpg*jI z3iOr&SNI4Djx$RK8V!79xG3+?p?bpVA5I-qeOd>gQibdW@BXv>tOs2PtDwSu{U44* zBdEgJUa|X zC|FOl0DO0IPLY}FF)YbrEAZDbh-VkkyL2#tPs*2j4w9ho3!qTU#Q|&rxZ<6Oz>_W! zHZU=fI^Q!o8^$O#Nupt7@ACfyH6*J5;;xht_Ra6dMUzrsS*NaOa0`gM!yd0L#c(`FvaEJMI|dUE_MebmZq8ZHd3r2SWH&z`%hG2Tgs+ zfF^SIRqDXMNUs7dltp*@*bzM3xvQmLuT+2NOd^{or#EntKSk z>Pstn#V}1<*}SY&Fa=RLW4-)F;9fCk_VbN~!jjMNehDe~oq zq*3rZl<*f3@iRG@jD(bM0Nu5Uq}cvXEp*rgN3L%aBf+kByi_C|AKvK-lIZs#En-)` zhzL)(Y3kqe15wi)d$sg`yb;?uJwPEc1?Ft;m{)|yBGV^sGw^``qrvaqrTojfMg4Qq zwV(6njO!Qn>TkA5|{q~39Y!4 zZ2d7&32m8d9dD0x+B{OOx>hFFgg4B=uo{19Q*O-XxB#@LR~>@tW4cMVl|NZy(^Av2 zn|9}uH4!l2wd(po)BIbO8kX@5{1JT^?Z>&_TLWrp{m_?32V0j21%Rr;(gus3p*5eU z!sJK&0Fe#0u*G^36(--6!B?($v zJP2_Dj)kuye+D3?D;8iSufCEW;$Ax+ox+R%bOqaWN&jQb0KaeQa0u z=uCL!%#GWQ?2Io{QlEE630V!^jIUzj6bvKM3fAigBb;z7D^LBb?kyEmU+B>z?M0fJ z{Kim?1FWGXPWjD6$)E0>S2w2>=s(-RSpF`uY5qZpVxIwXc|&O^fc1S0{>dCN_z1Q{ z&cwo-c9_ku8~Qeq|Loj3eoR8%Rrfr3-(}_)g}eJ3TzoLm?Wo7$iR{v0o-W{kk^nAT zYTC2tg@#wGxPO#WP!>_?I}2ef0|00UaI~08Sfo1J$QX3ZpiglWUq^HYuYB(D2l7U? z5DW7J*Hvp#UIH(|TWuNscBvIxwWZJa4=0npL=oSrae8tzx(|SQI-M)i1 z-Z^>O(PXygJrYx=tD`5KI!XSsGj~Q#Qunr7V{!B8OCM8(k4+64?W(v9JxfAv^0E{t zGXWR0H0-jd>}rS1hbSYKO%f2OU&E2P1g1oG`bM72sZI(GmiJ1`%vYESnXp@mM#Ly> zVxo)!Kf$t7fRGuQ{Y`>VMGEGI@Svs5hPtxtsX*^Eu%OK_J~ey~4Z@?mEMjL!-#%&6 zl$||4xFA7kjLuT&5V53GE?#1vO>N~n>28r(@_W>ouHW-5ZRqIDJH-u6PxvVE>QDt>TDR$G)76&JtIy?A|L| z`OS`%W)0QH<32>MT>vk&o8sr(;dPHPUL7MZ9Cs~w>NQdqP^IU(!Xj*#F+^Liq2TUS zSZ7t_P^8TjU#MTuJmGcJu*+i^h_jU13pV<_p03cRpLQ(!Bnn3gg3u(8JS>WaR8MBZ z7km-88>f^kl37P#u~Ft}wDX8(NJYXp?;2t{XVsaj6@EQxK59;G=y;>-e)q?OA(@wnk|`^vwS8jsi4GzLqvUr z1O!&%wVk;LD!A7q!(^``137HPIZNl_1s~e@=-1u|?wgk8ry4-C=x` zc6dG>%SxF=ju|n?6bZG{f3c_LhJ=5Q%4uZRar?`IKqK$9DvnL;_{L5#k9 zPdSPx%F{zA%67<~8 z*+_ps9K?buK-rC$tR0n-@zGniG{k(OqA8Uva|u_8+@$9Z8Y)c|p^U-?z2t>BM7@xE z)T5^I_trsF&rZiIMCyT*AahXb07H~T`eso7DF;vO#NGSkY1O38;(?nI>D@PI=f)E# z%+%=ckSrE-2KP3^MHLEAX~nUSQbT`Intj{SBTVlQ97J71B&s8l9GKYe|W?Nof8V8KYckmN$&8IpWiBBIB2de&7SfbPuT zT((VUo8gh+_oU~L06MO5n^(Ul5Q5V?$SL|_$jIvd0v5cHvF54$oq?yrzQjC1X2%CU zJ&ZV>BEJ~Ae@L!AfADZf|Dt8ZYkF<&EBYw+&^V(|&K?!*Ud{IXg4n{L3rJU5Y^>J= zQoJZ>sniaUGUT#br)$m0Ga_5^v=q*5UF9;wI_54eGn<6iXzYWz?=sjpXdo zwC=$Q5$I$w=m2<(Z>O?Ih}fEa>E*|CkmUC$M^<1y&e zw0JEWrZT*Gyk-e$OY4C1P}{vhGjjuzIf%PLvw+mXHjKMyjt9#dpwIBk7|%7qi}Q_X zs9f`i>9heo*_<<*NcU&md(LRidA;dXmxP%_W140k&5G+1ydm(KUs36gh7V3(WO8gu zm&s2Qd9#SPoePud;DY4tdg{qAKG}9)YmatcCoc=*e;m_UAs*WhfBqX~msLfIvwh9Z`ZUvQAoIs?=xqAq-P7C+ z?C$8xO76>1%PhmUe+OyCw7bI0r_|vq^>$qIj^wvYy1)hodGg|X;GH6E{H{ia~r=O z8rB_+K6-il%3*5KmQ%-;+RE{n+pek|R|Mw2ts`;J? z$e#y%dArAUQCrQa|7t91-0zOQL`V^5D2~wo{H?6IC+(n^%_+#3-2-bYk-zZA_L

    DlZzHN^f$sAL_bZjDI@0hSYvXh;vyT;y;IY zGU6<0{^tvbiP@5#4{7#NU$ZPh%sfHj0B&Y%(%`ljwX_7oFUjFfe_w+Ft-=D=z#`*X ziC}l5O!f7TK|)T$x%s(4?#h3H9G))xT*C`T+dO4y;!T~}4)MAdH#}cU7*v^wHr?Wx zSzd*XS62*Zm*@(y3~zgSXxJR5ms@SGYb_+C+YrG-dqM`5I8S?H#nt%eg^ZpRc?1Su zPG9!?={Y`)WiumG!!d{j?OZ z`>}GNEIPWsLu2R+t)x}*H9UbR*VXo^Q5&Dd_^%Kd#4aA@q)07&p#HGfs2pMDrBJ+* zM|Hz5H(~o**}osd^g|}@GcSo4ETfoUvJ{Usr-#A=;2?C{)ud@<&e9eA0Jlv4vIT=-pwe~a zv-vIla->{)ROT10#}DBl~v7h5DbMfBxM**;^4MiSfY{kFvvZl>JmH za4E{}Ll@@F8eQ8R&FG`-PSyeBH|o>M92LHK9@qq<6W`nWGuB+x#l8KwnDNA!`xByT zcj~ZKsckbZ>A|y&p`@o>*Le%m|mLQIIw#QwT+qE zuU?^!!F#@Ms~Y4cK=w8n^FsGz+FAC3e2%dzBh}kt-EU_;b}+kcz|wDzXvPjL+?tV9 zT9_3Ny-MKP-Tq+GHQ@0nLaY5n0>!qCPKl;e@dDo!hvhZI$kWb}7qjYtY?ax`i~b(7 zG0O{;1rctmt|eNWwpVObja!zoyi$aZ4_YMo)UmGb_VOc=%gSF`IjgLgujj|_ZTs&f zgjRUdZ{mLLNqD3>4VJ`vD}#;qY;r+V#ov~rEDvBrOHL~3%; zx+BNqCApFjJ8`-Vc2$K>mF`w5yJ}9J6?nio*XYkC8r)>tsTlN!nQ$_~jChOH#%^Va%hS*+V7uP%GAy z+&EMep?6i=ZfM|%-I_D6SP!QAYfg~-bdB+_xb9}{T%p!B)JK(d-R7H`7v&>j)BADm zjs+k4G#@s<;uL=qX({2ZPctK3?Y+OZKR^%T4l5K5dPnwEeScddj@=oVYA-gqSn(+R z+CpgLuoPLb@JMr#qe9kSLN62>RO&vrY&&n{7(g>0hp)6(5wOE!&c<6GTUd z2}=i!bVTw2AK&7^od%`7!o>KUxor{EbW0`UX2a&QWZC7|*BdM8G*}*2-wLSlTl>V` zna-%+FW-I=XpW;T4qhL5xhX#Fe&DLcD@2%W7BPOKI}#rl^XZSv#B-B>OXuJlBe*6H zu6r~@#0Ipq<$Ra!an`{;r2gphG4iy7>GN+wj^h?|!%me=Y0&CV`ElcaB_}5>Q_1NB zO74dWE}k9j$HU*wv(a(I8CnpAXZLA&3u>NE)6&lNa`UWb=<>uDIkjZBv0k!N#DA$M zJoBzdw>LY|t2+dG;jM(@VvRz7dW@`JV@j-hAKAQ~d*_VFxAQJ%>^E1i4;~T8&*l#g4^I>F zi@3#a2-IF-)tX)_ZtkAR$%gdkDwK2kTW85iYxKAe0X0-z?u@4X*as&gW~6WjyOKj6{aKj5 zet7Woc=S<@PmJpi$gL3U9mM_b(kP#{d-c-`&87Cmjgx-BT!;f3^TNgl)`yKeAu^ja zy!!e{@O>f!jSS2E_*Tx^=n$<=)}mrYD}SEXGwqdZ*KJ+OSfm!F=jyd@KmXf(%+AGN zwx${s#pt!ImCTnL$#nblH?4eGG1GI=1J~z*5TiKf!_|8{UyHMBSN#|Ziq7N}D6@>c zer*=Lo5mthgF=41dtmbG`q9 zpD$itzc9C+x2LvquEMZTYA4NI-Ta9AZDG3okOv%epZiHRO7*r&y=N)znMCK#?;CRV zw#g1toF%t+|E#9@OZ3iM${n4){oczHS_;DFd{ztNor`^LbeCxtWR;usVcW+x3wg`a z@{s)t7)-5Qnu%-e&!uG*0#kE!{Rnmf`%zyt{aNzDkWV^+{`Sqv8|j)%CIm0vyplI2 z%Fw?29f8rQcxXt!X&ZjbWq8EEtF_K86Da#U*U8~_4Z=@}l+2y0e@gR! z<}-5s&Gz_4`1P1HNii<_3CGeWqIUy8hm+FWY%`hyaDphtTa-kJgqaf z5$iWq*HGV4aj*6}8o3iXnf55YH03gJoBg#%J0vnOphzxu*s?Db)6P)I>9;3fP~kNf z`McIlxK_a{c`}V*e~=yeELqs0>^eqgG=g_O>Y{N3w^2hY&+&#D7z!`*?D!csk}0yu zN7yMDFt-Fr?RU(#Jd_mc341MuyOv!N+r<;M9mG8|cV4Hy$m92JoDphF-v@QhK05&x zzgOtYF!W=j;>CSMOK*e8wwlPjM`D<{j0bc1!#~Z#Hu>ku3ppR=II$sz$YIVlHcU=4 z!!R4Rw*9WY-}*j&dpxdxcWu|MeXi?zzn-txEBeR=OZ8woTdXDh)t!X2)ac5CYyQpi ziV^mwar$f8**#%Oh4$Se7#oQ7AuVrxvcE?Gm1cjMP>+sPZieGm=lbE@UjQA&MHA7IyT zbSFWV0&L4Whg?3oz+DL7uZPvFJc0JM;t6j+7Oe97TYsc+VR6yNt&5z{3uOc}=k@{l z!D#_}wiYfLWqPP~)V|sW^q4{NtW4xno?{<>IScqeb(pn_uTM?Km9W{II(czxgDk)S z1dP2XwTf~yE7IV<-TB>91swAbKEv+YvI=piZpa*D{}>Do99=p(wCt9Tc80@cl+SWU z;+j@YS=XrA1S$>y=?jJ~7qnBBom2X4lg&;w4bM1#zKsUxrPZrAK9;gPBlLaBU&T?` ztkYe#t9}f>B#%4Yb4@HgYK3$eu9rq}>;`m=TH(ZYz$B{=2sEDB$yt|bXe;BgM~Hwd z7|G{zR>>or_r~Ew0Jz+fLVkK^qL24ZMh3xHAwNtBW0~M)I5=2&@m0UV+=39uF{7?e zc%suA?bpGuDZe^=_Y)$cQa3HS+TNfk?_9%tDBWwW>ps@crB*EX_2xYz3Bx~xlR$30 zTIh-xcHyb$(Br2WV7~f>cmxArfsgT0#KT8daLlZYv1+ciAHQjh?KK)G*aXw_MEQX{ zf5bvoE(Z-57bikzjLelKhm3YT!{7nUFxugmyx9{o5 zALs17IMv9IKrZB`O(j|>;y{eX?*k4oF3J3pj&3oY27Wl8t&9@P2!6mPl*S5qOrHxxBx^AX;^ehCVRHwd;+hJ!{oq&z#({jNV ze(&Fo8hy4lql@{%Qw?q?GCHnDobSzi_*&^@MQ`si2Z+%Pu9b9mb2Gkh^W&S`{?bxy zN@I>XWJmmGVormq@^roL7hi^}7Xb4sT6NL_n8?lgYOla%=7vuTi?$-a-> z%DN89Fv1SaZ9N;hQ(+v=sp4dGH@Zjxhbw@gT05E|V8n&p1{H(SkPyh^<{mv~w~!I* z)O8|7{Xy+`Xfc0Xs%f?H#D;inD#}5eBfjPTEnx>n!4YxkfN$m|JCRUJc#e-hF_Juw zf7qI^VYvD3JV8HIn;QHktsuZp;=xI3$nA&>mi@oIy)prtu)xtSAVKMZS7xr4=h>|~ zEy`viPcMMBT+7=&%s+M?nK{9k$`o&nF6N5bCOzy;}b0W^3m2|Oyw z=O1M(E>#c6fEXaeIUZyY5ZpdHAt~5WP}jMup0zc_vRD;Neb*$%m>KZ2r~d04%(8Y& zNzW%s#(y;{pud{V8Bw!eL~dB689c!ljP51Dyuw*s7Nebj7$oG^czt>)W%`B-#7^au z+BA@3Zw1z%P`36V1Px#sY+s{Nww2pJ_p*0ss{if_cAnJ5Z44SL|0ntCpFMHc0kSX- z=G$4jM5L@3^lhQOJM6ERTo4JOHf#d@=NStkWCu~%(DFF@W?{@Vn%2Vzh;XTDSyOmCIE1&V6x611ESJvv5z_*OKX*l5i!&UUVL15d8A8Ec_4ln?zW<;s(RId;Kx2H zeU5`m*BVpKPfwn&cKDL|By$I-XOr4=hOqg=H%#gU##eb90FhtkD%r$!bAfJzlKiN& zQ+BPn!dF-KtuL1&Nb*n#(s zfB(O*?p8rujm_QLjnoO4X5h8%pc~LWb&NAXHD@W^5B(4m##dQ-b$VY#9?CZO@`b)G z&AMlD_jnP}OjoJ=vK8y(D}#?xdJ2c~$m??|CGIX>$)!I){RCe(%uUm@m@y0nKZpXsQoCMhp}XFS?aljAj1_AeF*W<`ZTImH2XK zppdnCnNpkYHvx1t{HSo!S4{GG_9l2(_Q(6C18kDIsm=k^4*3P6p#00vUxheDq+p8xG9sB$J${_wSjZFk$}(duSi zv<(-U4#hwJk%|Tr>-|sZ2VkQ(72j;rchqHNTwAl9aXzsT>Unb2hJ7Z`f1{*pYwwrh@`qMF(Ju2Q_SRC61}Lk|2j`Kr)x{cj+w2qkWfMI9 zCB~}Ai*ccSeXh=rmV0K6%a$IhB8fvkef^&?Ji}zRg>Km*6je^jDbpqO>=og<9<#nOK_q%c$ppOHyw71-(vfMZ{(m~f0F4YYLv`X@|6@-E zTy$rXYMnabzP96R4;IQmg5NkbG+k{_^Srn}X0qPjCU!ya#U6iA6-^6fZ|;RCE$eMr zV@@a9J}}KU#DYB=)K$~aI!>|v%q3Pmf%7t7Z(^U`^y(A-e|jn1FV7-=`0yVzi$KkP z#Op0DRrTE=#a#^3)jCy_xiwg9o&0UgZ~h~r;$iCz+%_u21b6VxB{|r^S=_85U^1x% z+}a9t^NeBhvf$Ca%oJixz5Hf=U+_>Kfv&S=W9FSGkH~IfQ50!3 zp-je2elccRRM;Mt%A!t$Gpsps$fE7DI_skjvMJCD$ zo%5yBUzMqh9tpRuq7iPT>qqHt*H`w}{j2-Okw2etE%et6eL;W1y}Z0)Gh3F%)J^QK zxg3CGm#`Zb2UfTSgbT!#7DAvVbBS)y_nV9FPB2h`vOLL?y=AYD4eB%jb3Qqi_76KC zjE~9|Hz3WdMeO{nmgp+E(h?sv+-0!|_Z&-$ae6SRNqpEMJ)crJrvhJYWx!m)rn9<8 zMeUTH$J!0b8MTisx+4RqEg?&yR9+d9pRGo5q6*6(c+Ys?I-I%atUmsADx@Wjj^FQc ztuCyAj4uK4$D^aa3VJi}_4`8qk*%I~0EY{j8_`upHdvtVREpwe3_hJ<;BFITFG_ww zi4<4GKHr@5BH8+ts@4lH+c0VVyyZYEP5bi8O`bVGNpl@*UnKxhP*A0mrBruJRpdVH zVKVpzPoopDeTlKG!e#EHM#5Iz=V!pTG`!qsc`tquZTA48686aC5q36qW*Y3cI4V!d z0PB<%=Tj~i?X+ov#}U%O69G>G$=M3-CAiw|efHk2z7@!35<~-GW0xv<(svdJHu7=% zb4!C{=jf7w#EQ91J|{T!Q(mI~o~#d8sa7yZA#-HFue~P%g-Gnw*VC`JmX}trZvpgU zJTRZ{DK+=fzBqZ?di`kmgNPgdq@|JveZ5h4PfwZV z-#MCKc6#`nvD%?j+n2o31zst9S^qelH#~HwW-oBfOKIG)*9;U~*7W0e6xZ!vSz6ov z)Vy!&_^wzdmHS1LitY+cSgpyRI5?%EH6c*BZ!WE5aWI2G1Jr!u@{q%mUP4|26Cgt} z9CB{NbF_y~&yCAJfF1|Z7l#^!d?rQx2ZaKd3ds~IyG*|KTuxqk+Fy8h##iXN;ZbC{ zVOVGK7v-)yhf`f5b)k7fnR z+Ra+hu7Xd0i~(8Qm-cou@F!ctvZY3W({)U$acd`Up-EtK7R;i%Sl5~O9w1QGB~_NX z0R!cKk`*eEt68klPN&K--p$7$wpgor$ke)Jfa%P8A9=4QH~nH?hI7=>`o5jM0F2@_ zQLh2nqzs%t+o_iw<(hov=6dpP+?^^oLvHT6Aax0Fg;YAJn3Fs6(>)rH3R3LDvc;WU z;|1Po_~pE`<>@%J3Nh%$dEQ`nsGR<$dZrIH{z?%4d(w(wZwUa6I`?I`gRz0+Z(@gs zS$zCE(U#*cPfR=nE?ouu)o>vR${On%{m~q3Cf+s2r8K?%#GR_1Q4~?L0CPrjmI9j^ z+M#?Vy4)Vcl+hLAn!=#=bdMn7E};*29m1#?&;Z_JLhaYXRL7MSfCn4c$x77mS?FI9LvKYl z%+tg^OeM zSgFIHHx)Xa-*2h+Lc5(pi#Ahh^j|CDmSh}MRZHFIn%xEYhMCjZsheDQ!1oF<+aiib zOWU6TtId8TrEmGlnga)u#tVm><+rb`05=`(;OL$}|6CV<+Lo3-mX)`Ur39a>hg@${ zGRpMG>3CU1SI^InW&sf0a)D!F4IsDoa7E7&iIbU&z=A`>SQN)Ex(536QZBRd#xBVU zOZ+mI;VyZCG^D_>BR~?jR z9zzL;^HLCC7u^}qveuDLD@j^-U*){TPM?0O9tK(_k{4T`AGj=ce?^&4x+>2xR&c+GmpX%DAt(@4fnI7!|>?8q@<# z{Bz5o78w?L!V%vq7q-u_!>H0H%ri7o9gogQ)NW7g$a4*t442xc7h1;Vq%37c9nP1& z1aJnM+nV{(B9r%ZNH0S67>j%t?h%G7Fwi?=`aWK|^Z*9N^4`w86S{M5KvK}Ut$kus zL9LKPg;kuS){UPlL%7b5lwQmEX^fp&2&bE>`^HH#+;-A@DcZ$FHpBP1Li0}P1)1`D z@MZIJ^?!e|J?t)7e34d)vG)D_SUEQDu=LQIT1Blw+wd=`X@2HUlnPc_#ZE2SfZp1+ zt!rNT>^B7R8SXP1imThj<=NuNrTJ-6R&zsxvyFBrX(`(t75&vAlCy@E)c|8XWAvS_ z){dY9M-1LswM;NsSG$5v;A(Qe1P90byPock)YiJv+g%g=l2kNyXhu!^u&TvZGC^ws zcwT{50e9~sIwi<4|HMqLF8%t|@qerP9AS>Nc*PNN+tS03V{--fo< z2wGKm;<(VL;#6qj(B+Y6A_?ue#-z&ZO%u41i+g;rf zM1GfWFRZa-*H><65pkCEoYtlimbp8Z7sPE?HLY&Gtaq~sdQ|uqGP-&k3cHIwtyT;K zW9!`ugw7NRBZj?99)+S^h}u<;Q>p%>3D?bu5DXud2h0~2; z*Qtg7&^^a}jIfVI?VC4vg}J#?w-V!QV|BBC-|}cbyP{E3udbkNSV^O#^R5;hoGjOJ zopHJ)`PvZq(NWD$*%3WQ)8BL8pfD=*eyB)KRKV}udG1&J<=+0~|8@2J4dii>rZJBF zjW>K#M3lP=zVRu*rY^J;IhUFlrhUh~Ykz3`zLANL!&ZqjXa zqV)9l(y|GguYrk~!k^_*d*kQzilO%NSJ2zTE~$)u)Uja&DiT5{g?3DI#0CG2*L!oh z=1k;83jqSkUp=LrDeiJ#L<>47y-1hW*g)-_`Ch0``_?2*ufiOHKXISLdXgV8NM)5C zZ_}jdoGTGjXCa&oY2w&k6!Oc=yEH?HJ@Q0+Os3SZ4BN3uJV*Lyvf;<4Cx80>&syaI-b&=&lrvFHgb1w2H57LQ{;2^ZWaYLL;W_E z!!oG15XZ}mx#yyKza8K&Tg}@9e1XaxhE0QB+ZTA$xXzGSSon}L<&$U4$k`q2f*PTn zk4DnsSqZ2->6TWlE8v$;Y802Ln7?tyx@M~B^-mdCPqo#7Ut;ln0yqaQJ62)w>Zsg3 zCl|ZA>wW9EY59mdh~WaRg$bKuJ{X66wuLN@{V?AImQl5$V0|Lt-W4G64a?WUh%c&4wbOTbau6~drg91Ci7@Yc7Lvr2x%ps3fVCXgH z6s_45xwi7#FVo};m_f6BnBd0|oAJeling2)Y12t5&eeL%lJ{^oXy)>|>9`6YDaH1= zyp{uXKgL-*(7<#OSx+UWilIv1#_yyegd>IZPx4a;3Wa%^URj$|u+&m@=s0CvLR}ts z{xZ_^o9_WC_N481{lu?>rpMUpl}%x-z+ThW2-slWRDaU$#cof8ioYtvhCnI*^YHq} z9lYJ`Xyi;2SP(Ku9)A=GBC0;eI|b$Fbhnf`ygzH-@Zv60j!56!TLD6_xHc1r_TcuH zNA*i)R4D(uBqUpg6TWcgFvuZbSMP`s{_K<&34eHJEm{+NS7Yznx<;Fwrp%e}d9R-b zUEH$%gcoM6Dk2&MrSsVYN+W|xCj>q*jiaigo{=p6IY|ty)vl8pI8c$0JH?&&Z(78( zv4I4`0MuB(dBF;VIA*YVZpZfSkvpL_4dKn*ChXz?ql*(;vi)D`%lZZCNW#&3jP{#i ziw-gp1a%@_GF>ZzvHdd+RIu?^96N0iui}u=dAP*HaxoXSOeIfj{4cVy!Pl>6Fo|B0i!oi#}NPi6EoQ;^P-k^kvmo8hzZz;kn1F1Apa1oO zl~~5zWLSn02pe8s)JGv=Ppvxjwz{ z-Bx%6Q!i0iH7FFL!>PZAtO@u1VvkOq|85cLs@5jRf$K{a2N&&C=qs*+n(+(FIXRV# zE1l{gJw+5GZXz+H#AF?HRi^w;2R+GwM5RWDXpB;9C}$f=-9wdunAs_-2g~#oSs3zq zawm=X?_{rTUqyuOl-L=HJWRP%Mk>q`MAfq@vji^^_}&F}ki=zgUe+G`hoUYEmFo~M z`?GID!NbhE8Cfu4GuBRPE*Bk^5jC%68+c}fQDxesiK~$*Liau_=qyD{xC>=i3X98ZdCEXLF#7NxNx|?#UKFqejr?zu=CNmQf=DCsqw%@- zdR_Ojc z#tNRqLfJIBeJ-(-8bvCGolKr|kwb6pC^pD3aNxVgR@$jKere9u(2!h|FvQ6#?h~PB znAz%#VPsA3O09Vi#lI?bC_qyPxzTF;8;8=7AHrbCh1C9Vi4XNl#GIDKT)Pbhq6d=F zou{+=qMs|=P2Xvw`JK`8Jns0=o5k((HzXcKZTmpCZ9#0=%1qCTe~sk7T-)BG)b-)+ znU8Cb(=zIw#|-Fy8sVm@3WRq59px$yD?H$EAcW6~q!5^LOGFKM?8uQ@b4yp>eDQVTx}^V`a`kt_c~E&S$nOJO z0%oiq+ORj~!pSDfbNe=bUs8(MbmSaO(>ZR6z5vuwTX4oqq7ETniNBPZTiWDs@>G}U zX@0vF|F-`*_1X`}yRuL}jN`UnJ8W-7?=ZLGe(_-*{DWWo@;LXEBoAd>=Tavbc&_S- ze*-%J;tJFm%&`N4MR_RvD}zU`{*bFUuBD-2Wnf^SbK`>kZutvGTlNgc^Mg0Apdz|9 zEeo4uyvSfkuk1K*)38%~d+)e9b>i~8BlZjX*!iVVb8HIdHTU?{hzSal5(*}HPl_aKuaiY zNYO~y(#EE#=3*da^iP6j-f6~k!-VRqGml{>H*b7BcXIeY={Va2FD$?o6A~aCOCYEQ zifYr!ChnGxc&W?T+{{-+M9Wvke5{l`H9kI`zNpou{;Dsidhd_V4OMPK2@2v~nnpR! zx166V2fR9zPd<*1Zysem2=maNm238Ruk<&_@o&ZQcXnzSU zI7l<%Etvk4joW5!a!)X{GK8qCR@l8ezkZD?-@`7{?8f}6QrSO!UcEAR>en}KLu)t- Zfkl4(^6&0x5x)U1{p)wGm0fud@qYm*E$#pS literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/images/auto-enrollment-outdated-enrollment-entries.png b/windows/client-management/mdm/images/auto-enrollment-outdated-enrollment-entries.png new file mode 100644 index 0000000000000000000000000000000000000000..20285204d4611b1c06e7adb4f85895f0de36bb35 GIT binary patch literal 93206 zcmcG#by!tjw>C_NNJ%LO2uhbqcXxM(BGM(@4I+XdB`w|EUDA@9u1$Au*c;fyxA6D) zoO9myeDC+3KfZNcplh?|oNJ9a=9u?=k1@kll%%mAkv>8|K){xjkx)ZGK!zb8An{_icAt2!VdiX(%XTl*v zK)BD9l@Qf%H#)fWvw1b+u^lNCS5x%~d$?b#D(b!ET4j@Y0%4=$LC>(O6Ac+gg;(=H zrKP@|*}c0gi^F*EDeXrBl3y3tA6YACV=hr)tj(yVwotf{ML$Aiw+}wvn1b8JFWmv( zxy9MyRU`Q&Trb|(i(yaxTpPw*$n4wG2-c4B%Bz2oN z|9T!tuA^Pw^9w6i*+ljn`}yUs{5Uq?J^s0%5kjj^FaZnv>*CST>AKa#^>0@l zUtccv1=OBr2s+hI&O+?ZQ{l|2Fhn`rCnjdNq;7aAH!6*B z>$*H2ZBy` zek3FHIq~*mPz4Xz^u2LLPTT4i3*?bWUj|BgElF1X!h zDoiXlX4dKI@^#)?{lfrMtU|F|rSr`kU2?1%KRnT*;^P(D_!qncyO7ZuGXG5gnKbrF59sS26;RJjA{nkqK|8GsA z2#@IC*9FQ>bDts#H1lkX6Wn79SVt=By|BX$BmJt%a6HB)R%G?<3zUnz_b2HJzY$bp zozi4if90E)x5kl34_f;MB3@7Z>+{m+xs9V^V%3U=b(^HQgsMdnk*-1RPO#J7_8;oY zv;vm=9jDF#ii{^3k)b`k#kdD*&ylbsHeT|XpJg$@TKpWlX`0f+S zNm~O0C4=e`&(P}-nT|#(++sSMcM7~Gmmsb_a)00S;Eh~^c3{dA->#6iRLr^B1tuw< zXFh*)V`knxT|gr3V^Qb<3VrI~&B%YJq4z0~*kxrTf4$h9D?LjyMHPm;*-?UOcu}^2|L&oNET*$&OPq5J4 zOv>x475LY)cdXJmjQA9&OgD*+pCP$7W*uSwkM+%EM zMqU1aOi$N*Y>&z#CsOX_rA2ncxN~gQxu&3UL}7D zTQlnI;k-tWMmQ_s%s^?ILW^@~yeKDFe7J#oG+{jeP4b|QzDswj6I)a|{a+5hast{+ zg;P&C2Uu@2&Ici;Y=Isb78yVB!}^fmgnVXiyzu^=odw=D)eE#$#$-e`3jS8g+?!j`O84<9e1RHwu|V-(p2b7`isVS$ z-12jg;Om}m{_DCKc^)(`s-ovD6TsH992pjT!ox*SlYrSDe*5$Bj`}~gZn5>!z+7Rq z>d6Z=>AQ56CLKW-`xDylb*X-XZU*rTE3~JzE!~)*`ew<8AICdBb44?97BsFXInHvv zukUd&{}QaJq(hJY&-e~CJ7P{5*^<2WyrsW8Ll!E(Xt9?PkG$O{KArrcF|6;quHi6T zDY#)#Qc!jrQ1l~YO`*V}iT7UZCoxi;56iK=2KQQ0lbg6*D6vKIL~7`%E$Jr?7?P!| zO732CEBy=8Tp#gx%Z$|Wve9zxRW?)cXFTdC*Ytv=*o+6HjtlQYL+ekllsCsZ-oQ=Nlal^}Pb2@1g212tUqe(7?>}&+@2g+cMd~~f z0)hh}kK8z(>zfkDB&b32@7ax1^nou$A^Dxr`Mt-4A^rOszOKf4wv8+5?!YiL9r-7JdIx^_zeM=I zi<@!{_NrzL%1T{{b`8|tI7}|d2PuSpw-xuVHTmA=!QrE-n{Nj)Pv4Y&4K_W#{y>Qh zM=n(^vJQNmE8aO{<>(yD5?;opq-{=0y$1bxX5BAc{FZs`=rI$I5t(|E;_k$)$3mI5 z`uxqdwIe3C?o9W|DuWxCH`8U}87^hw<_cuyn@4O}zCQj~=x>+3$ZkOz*=Ge#{9W}Y zlWxUg-2oT1VY4n13(G=@-+~GSY`TtQhmCpsJf0o99QryQ$Df>( zK+P!k73@_EmaTu!=($6l@!KUOuDsrKc>|6o-$qM_kw5bi^zY#Lz4-#O-(F)0Wp%im zS1Cz(vpi8;Bel0K|0L1P-968%BUPwZaI1Z0c-2Kc0WhY>lN<-(#l*Z)h^-M9_>;Uu zBJMB!{1l~6QN3R@^$ta^_hT*f7&r=Bf2a%TGIB3{dVjpAkW|1?-kQ@B;bRv&$PVSi zT#3>>8q$p3@~azfc$*s43wS?zF`fp|O~{km(W&wE!~mX~xjujBnoMkPIHoh-73oH1fiP z5#7mGe4iH2&llVA3x^STb@xSrIQL;^ZnfRlRY%^Wqk!o1N)uu37uRTKKcLKyv6Q1* zn1Q(H|3PNeSEa>9APr^QBZKdkJvng$caRsXaupvcFqQL~_zQh8Bnu+2-Ey&A$l>0G z)ftA4s$()9l1He>vKxfHmKv`1!KaqB9FORuMV<&nKqVO(I&xP*xmqnfpSIOZ?{oVW zXS!Smqe)0=9(IJN$%2KQ>Pvo+DEh-3CZ#lIQBM(!aqTo`r$+1q$shVq^KiXa5ubk9 zN>uK1aMSLY#g>JpJ^AGKs_^)hM*ey>Oo{F2K3l@Uv?vulZ)%ToHIoRgm?N07cX<-gAyueV zcJ>tBmJRi7FQBayfsGUjn|KMvPD?1`x?G_=g0?J*$mv}NZGtE>iYo5-F#k6`E_zGM zAT??I2q$G4CV9YpUofaOP=bsld^cojY^Cy2CK)1Cmjp-poU7Tjo98_2`rd4l+a5#g z(~Bm5s_7Y+N*~C6D|M+TOG@2n2r;$_e$=aa`_v#k=UgrzIi0)a*^xkmQK)+@)4SI- zBG@&oAi3;WU6Rzql0B4^k<*n&p@sN!aD1U9_Sa77Xvi!CH)$Qw?xwlTSQF~bz7-M# zvW$EMwiP0a7#MVbagmLcnLb>|mwqC9il4T;SH!qYYs-nY`xWG-ppwu0nLjWnAR7MC z$OnF`>!=hqS9+Wtm!FhQBRW&hV-Q|!wag~ZOU`)rz7XN}^>y^jr%&u=2sf57- zU_Q_e3)cR#XDSJzo0ZvKRp_Hnc}+gx2G;HD3L%a~naj>V5Ax`V7;e5g}+@B+xwp>WUR>Ye{BSbqK0JjKC zC~@lX?SA>nV*86jzx|h4(J11DWZ7!M8eTyrjf&wX)*Dv8B`;HupL3@)nwDIog+QUp{ijQcH;DHO6OiV^rrRzItNlbs!2lcsi=;fG+M# zp6jr^E8!Y3TB3~$SZKMxxvvNaTM>vKOL0Umh$gujN_DrO-euAz5$bepHPTq#41DYs z#%z3%Rf`R&Q~m+%$j^22^=^ty2Q`*x?Vip4DzQf=rky$`YNHEr>ic!>^>#y-y429B zZC`QQD+9|~T^(^WoCntKdS7*)K+hdTx6(+&gq!*K#8i;3JHtNB^0B)VT0(B7z>}p| zJ&%x@zR4s}7GdVkyIbRW?ly0aI0$2erb&l5;78m2b)!1SD$FM#tB(s#1fS3yiAWd_ zP)k-)oaH%5rpi;(RWW}Mb#^QFny*N#@Wfz6Cy*WNGvHEnoTh`!uPD?XQsuNLu1YQ= z6EB}*7Nv0fJOU*Pbv!3Eny7o&-d{;Sf+b7-B;h5|Aq)RVHEk+J&lfK*7ahITp<5p` z^^T$>Z2@0NVRG?9eUMIWDAR=}zZ>;kCr)YD9?DQ+G5q^QGFgO^Ri09_Z>w8dYO1v1 z6Y~2G(SRQub&p*#lg^%vR#qqwOKXs-{Ths%Xeq>cifcJt{2ROv>Gb&em799$bdMH; zYGo1)+k<0L+hjq7oQQ}1 zU(vTyUEmqw(AJ#Eem4%_RicW<)rZUk<#+VhzTD$Eqj;S&TFHk`^~Jo=DMKpM zoM34hm=1rt=&svkWo0u6M{UxNtmczv{MoN)jM7UKk7@098T3p8-q=omb^ghBXgHd0 z$|AvKvdY9Dz~CeT;>DR36N~(w8}Ko4DJBgi__d#Q#M>RI_e<`ZM?Y2^8+gP@`KT4<^lOQsS{ zGrw9}BnaO6o$kN+O1^jxms{LUK{VC99?ahNdfOz}gtb&U{*=?=^^R1`X$rbjiS=5o z5Ah{h8a_z?BQg{A^@}Jmj5baxosd5AU^c*P6VMmduE zaeNZJWHCqNFT0H2M|#yfYmdyg#h}ufc~yy7oXh)7oz9RNb?1p=3?H)CVp}l{<1R8f z<~|2!kJHwAl2`Kax6jwps^s(iUT=G=gG2C*PQ7C_Cj{N02RnDTS^1;g2v3B-T_e_QCfXz-VIrNxrP&*FKS`=PX3uv zhB@ii$g9QYDZj0?2rs6JE?VYFx9g2?9S1ulEUtp%A{j<_B1U`daNq3r#)f_N>WCAf z=r5nQ)~Ts+aecC=o@s^&n9}(h;n9_3e_lV-!X1n<{`nv}oFvazVFVp}Ech3-e2{(u zSGe>PdYVV*5tb?i#QO^!o#ISRQjxd5-Y!0cot~h*DkZb~FC(2|f}Za^*flf zjE@&S?3i?v(&czyMgJibx0l*p<);yi#tL}djABYk-!<95aaz48&|*%mXiqlEMNGx>nmhII*x@pGom`(n){lV~ zZ4QrZ#EuJn{_KcR>- z>=m&2paS@-d~DalBs^mC_K-XL!@&<&ny(pJ*nD>7t%~_^;1BW@4#iBlF*pXfFEQip zJl_iIxui-vg8yw+;wYuXky}4Mn|CsnN?g{B{q6i_p)F*zwB0pX3CCCQ2pD13%a!qG zhJeSDWVq=gw>IDXdSCg&fNZoq5`+rl^SvwNVIK^~a`V;OUtyG)1Tf;AjaFPNm`Bro z+bAYXcU4H7l80u|XL~0oUuw72*hpRbUqS%_LaXUaFuae#OTpHqFSF5zaqDVSQC@Jg zUCrzm9^cpVZ@Y|{{%qvN(|2OK@5Mi`?~Oj(=a`$JQ)IN^Hn1!-RoFfqXyW@o=_Dvn z!`Quc^X?4gufDV*gD~70Adw7z8rZto2Uq=2xM(Bqbnn_M6_i_}Y%&uy12A>vN0rO8 z@^izD2#9S;klfJuf4DP1M<@NamPKraeGEE{Z2G<*0$jdQH_ygJlVFAOA5FXn6A~08 z!IbDT;R9&jJy|?}MD8E1R+#fZhyklpjxCbOxcbzXfI~jm$B<@<)yWl$P6%Qh0y25d zWSfb}mH>9bR&A$0vE~+6p#Xax6tK-@B`SQ0;6zb9f0j}`4~PFk_Bf7r!6Sbj zMiv2q=c$O3{R`*?b9LX7gF|rI1b}&44Yc|STDc^XZP@z9byUe7TNvgMo#8w@g~KV< zc{AM#WU{cOPU{g5;|B54uCt`=_2N9CQJZvFfn}_y$q5cZMg2psM;8gYZ4UT>KJcyP zPt~`}Y`=WfsyL#xQlLXLzYK)A)$@iMADuSm2pMN}Lhk;|xm=k>NOh6 zIgLM8O}IAmiJA<`#}+>(ef%^CD9<7<>P*V9E}O+Xzl`7}Sakgyg#2*h*AvaXB^W(_ z=kgU-*I2X?DoESK0&8g#@)_5xsIMt_TjDn*r2^y=-cc;>mZ(pzQgw6NRza3G`9{>I z>KZh#sV*td5&V|{&-n9jk#XRcC|=O^)8hJ_GA|(|?y~k5H*3^Jk9VJ7PZKl92q`O` z-du+xIF%DBrcvgowMl3^4VVUWU$GOwt}H9t#B({^J9CHZ$7OrQ!uUvC&&Quo#v04* zW@GAAjS#`H%}a@V?MqZTuZkX_;vxkJ`h$D2%4#H?_KGzb`KF!q(zqm3oaRyXPF_!V z9B)~~)Z0c3Nfy(YxAh?+m~8(u)oY04G_w#k;ePwpL!UG5=e9~d;OE$%Ndi47QKGY- z%~4{!KK(tc!mFPH`Ed+*zm!7Y&C#RFERZo-&V;xBbQEXv+0`hiFgeu=W`;}^Uj`a^ zRIfKgw?ho2#qZ_4zHJmw&RXeh2egLm_r6&w0~PfpD;0w#3DelPWVDF(PVh1nQ#h8J zh1Sx6&J730@ z-%a@n&{RUIuCMTwXi^5eQb5~#G#Uqzgrk)jXkEP8Z?_L{S1<89+wO1Nh94QA%HsdDRdabDjJt>#$h7;%7Jk0a8 z?G*#JChxYv^yTzv0qfov3)m3?9IEqR5%?&^r^e(~Bme|KYLW&_A$ z`nRGd109bYP}u(2T9AOCdl0{s76K!n^bJ;8)c+X^6JlQ6-YtU*(Jh*Xz#sdp#5usy zvT@T%b78(7iiQul;Xl_oPDw($dd~aw`xCj#J?)|cpLQLFzlo?0Rz%=2DmN~80&j<( zRtd6IfbxZ^-#4zd-i+A#s6}|G<@}A`9q$m5y(q(HC|5wH7|;aDW9gXOPqD&sCXd*VQ+J&pM4a&nisNw*K_lS#SKNborlYtDj1f9~$A`9YIbe^7 zC&1niMbFK6?VV=utsOO@@uOoP#FBh(l?1ejImS}C-SlB-*g);%3~Y+dEl#&J_dvUE zpNMq&MnC@Dwm{#3Ft=2XR5+~w2%+S)U?{Rpldu84^pBrBz>LneT&_igFDilmWD$AV zM4ZY^R?joTD6+hc8tIb!N8frecP`&8(d)+waO6!K9d6?n%V`gV;W6z(el zI!BX*>dx2amKYB%g0S<*;)t_>AVH(UJX7n@>HoTotjrFP$>6HgCFAP&v&nDL5ci^% zq>;cw@Eh}?+`C0i;dom!?rlCvToAdAZKqUA#6LpNW31ECp_&Q$i7N&oV!+XGO57v_ zj#?l}S3^M{ypxALD4NjX$fv?zSU^Cb9_-spcv4?qKNW+Q#Q}YPe_cEZDy?4r8#f9~9TI6B1=*&(l zik4lS9LwZGei0~(1U+C9|6d|b$3dJI*4Ea}>%G{8oyW(=+R}meKJ0f)sk#;B_hjv! z5l2ni>(1-fSY2$aF3Ac&TDp#2!iH86c@E8%a}#HwUtQC7J|}OwfB^-fs7+4!%~LXE z2%I&f=rkdCz7jOpCoeAmE@dll_T}T$ zkGc}56ZT4GDZWtu-sNb{K;LxzA<+3b1K)l(`3GEnT8nswV#;qtiTpz?)I{%_e1Y6e zd$XtR!)SC)1w;>peJo0+R7(Az(PIo>k|mF|V7@G>;EvOHB+j%%u~6a~<$N5)zANV< zytikXjMKk3Bh_%3D_g|m?P6x^o(X>!Q{d3^>F2a#?pzQnXF6;h3H0#{c{E=+KgKm@ zdP#nAl|DKR1rg!P7EL;oB`W5y*hb{(2iC?);=A{qMlU2U zFglIys_Jj8gGp*ZMk9xud(q=g5l5#zl8$YB(lGmlWM3R*+?O_BlKSn<+^sdYma&$Z zpSXZiq|J`@!?k_s$-9w+;B)S`n;+3j<(VWxRD(oV)BA=|2Y+2VTZLX{Pdn}=6UMVX z9zVZ%LwOi)J#RA>uM&_ixp`_yTEtn9qiLnovJhDg+TtoTzpfpfPAHgktP=Dmc!DFN zaCz&N+9`sZdb z+n4LQ&Yc`}j9R`91D{1LTcdwALy5@!cdKs1Z_;`JP0O@AP#FVD%G5luPT3Z?d=qQp z+N0a4OcAF3aa}Hv_Fft#ohy++MaKoxGDd4Uf+Il!X^joD=g z!gGP2jbN(wJGT9EvS*uBev#x98~PYB}r=->I$!xQ)9fQjov zOjs2@8#d=Nh!%#=vA&u3tv_=_vJ^5ii#lgnJy%*Sq905AcF<4yRqb1z_ZR_I9`Cw; zI!>9`=Cj1P1bwAjw}{r?bWF}e)eHU5j=o_bHT6b0XtrW|4YuL?#Ssi89Zw*oE;A!d z3~b>yA>?N1yGci1K>(OVK$_7*FxIKaS&jsSPkf!*YLH`MM(wkz@h@Z>qeVy0DfeFo zarh!;7;$!y3j2)Lo5~b92ZZKjYvGwA##r!?bCl1Ew3dVnKssg^UMh0#aj?ZhTQ8B2 zc5)zh@{#iym=sx9Q2#Hdz7v>@^=r%Zw38RtO=Q(mm-~Db7cx#%;$*4guPh&yX#irf z7qVly9{`R(qZz`|!uR96O(REP+dGHbQY^3o`qqozpPhx_ofwAT8*vw+hqc==KTj%n zcPY7BW@M|T-+$nkmPjb8yY_u~e0tk)RLxKQ-YUG-vyDfToTSV&uM#?|^?6a)^GG61zJn9pj%R#cze5yg8on)nOJ?>54G|QR*JeJS4Q41da(DgS zb27JFz@%f@mW9k?UdY1+5CnylEl=*YgY42l+4k6~5Y7@V;?r)!2SjCNA zE8m{A*}rS$zF#14hTUtn^Z*g_01HqbwDp%9&o*R}Z>>Vw&U>Wezx9|Jx66>U3FJZp z3$<8o7qh=9^@A7e{W8|gO({*=P9r7DiJqn0L=mvSHsI&YsO3#81mPaw6$?lDqxM^b zhkXl`7lY2%O|n6lwW9a#S1W2I5$kOAeTs0Sg4;dCL-u%<4XWN?ZsdI`c|GFRmJR*v zdk^!=0FVn}<8Yr2NLc7jc;MFR!tde{49Q4Uu+`_C{nn~0q8}QwaxHR7TerBO&nJbj zZQ=EW3;2L&`#ltS5m+S8bsG9oA11s$R5A4K+wqMPa9eicDXeX;UuICk**TmI5-`N2q^q-6B zbg&UeMExlv`HTgSpEaY=KxgKE2^}ZzY0U=b!D@=Q4GZ7-N=davFAR(6Q`taU29hi% ze;NTxZ-xGW2!5E6#)2BkK#2?S89z*!E1uhi3TLQIYFS>a3unkGk6(2@QG7bNX>)!2 z11eAC7s1$l&8>_oKxFa*9m5+a70k0&#w>7;atR%pIrHv9i$5pQu6;e*c&g{9sDy)c zkCK56JnzHhZ;Ajs=X>M7fEJU1l;MLVq=@E?m*Uxatp11C+i(#lcV0KSoY>*(h$&u2 zr7w9SB!xwhc>V69%2!$uL|tx85<#5%*ED*k%qWx3SV!py7oZwQyv9RhQva&^1OFTj zpmBT*!9hd_LpFNF7QV3C!SOJB6dNGseD-QJOJFkyHUYO?l`Yz|!>}qd;+U~>N=qj( z{46fs*8XZQPAO|o`soyGV)%!8-z{8C7uLzy+bLjd)Oq-&X>kv6tS6S~Yg@AKU+3qI zc(sQ=CoH4H5jWWUs{Kz%;L%%TUB<5~{7eY`-Q6tpi`3iWeUAA`X<49rW$}&&ZA(NO zkOey0me2R8`ibv-kydG@$5s2FsF2*fXVRFyFfNWw z$*g)H;o+kMQ##hmc51xEHw@D3n~KTBHNO~~YIL8t!?CtcW`xrXT&H{~TV#azc~ z`52P*-dDRR#x5^rNxAyxWEtZ;mN5=Dd-EEoH4JhVvhcV8sJcyDKNs4Hs6WrD=gR9} znj?=NN)Nwcp#kJ|wIlgE;XyL)eUvkwvcM?{#~+p<^Z1V+u<@Cz1`6JPqC1*iSf=yq zR>k@)O9161wWu4ozfvKtsScps8=vu%Q5^qXCS`6b6i+`qqii$&v+P|WF|uY6PBQU{ zsro&&CPeFoV9lnF8T`}^sD`)>^qhWlpThXH?fel@@(*KN1RkMOemA8iU;|XSa;7Gs zzxZM3fhjZ+@x92r_|x2{jxMGV!lGy=DA7n*Yk}2ofkVtR%TrbiYrcP=_h>?QyTy9p z%VK7|HN&H8OV*q;UVY&>3+t|P(q)b?2Ia3N^iAG zO2=73;a17*%1d&D6$HosqZ}}5W^EmD4To>K0!TZyU13l7UgmDk_c46oc%$6s&^iry zm>DC=9)xGBa{nnv?(U7zx+C#x^TKvZ_^EGtQBShoSX^uH*bnee)a_K_`079PAmjMs zzMZ>9xo@uQ!ejCUyAz3Z69mXv=+j6Ij6c0t5Y);@eWl0I!oPX7;N0n3|K;{mwFJ%m zK>8&R^`E1=tB?Tu;wdK#N(s=4_A`!c*p7MzTVozDjSgSmy-QoVWfG2ydY5TLsRO$n z8Wzz@)cX90ouivQm(^v@Ejy~YB6kwWEVV~1DJiBHjTa!b(E`plz%f*8Y?+I$ZA7H$Nd2r9#60i`$zDZJ>lDI?^y`gos%Ni+sUu&P-kh`7RlKEhpC@jYSNRiV&6-qJhSB6Hmf z*!d8mkpINc+w%J%zFR4&#slMVVe-1gu)C?)Pjc0lBEa3z+fd%WG9}2(;tTXikF{^?W z+n*0Z%xG%z0FYaNc{d_vKd-H$r)}}FTBNQdiP6x3L?1h-9E7^&t@(j2!0D8A)4f^2ZX4ONn`qzT@#S?me zF*1O8`-mUJ(AK*&5+Oxlzq{wRH`3cXe9e^U+4UJ@wTso+=hN&jCvFeWUpo6haHljM z43EoP=(f(W@%#wYYOkw|Fe_e!!leay!C-lsI={dEl^N(N!h zRH~y-Cim_r84|I{O#T4Zi)ct^siJ7|HG9*R@rJ0aUZ6c^CPSOBG8|o>{;{Pxap1uC z<53%#J_BX{!o=Fw9+4p~gEH)>6pQb2TZI6~i_qbSoD3)LA}{zKD1s|I6?Jt|--LZt zn~Jql*3vqUBi)tq+w^k3ntrnH&VwavaqTsP2py*g4^Kl`n-cWnoE9K*kkPFR4Qsei zP-150q2qo7tIYOCi-0_a;kz3KA!(p$vxgLyROelkx+pt;JvyO=cX3H^eWg|#38t1M zKI=)!A-=~vcif7QonN()a(**jCPxn}{z~eHuFny(E&pncrDp-{e!kFvI#r9KOxW=v zGT;(OV1PN5RGN1RjeNPXzuS1bbnCUo0%TxJjA!?c7xy)a6O69MrRg?~59`}UPpd1x zy#ZhLt|6vSYjOLP3v#t${J~Ye4?z=7{vJC*0t?z=n?{D_=Gl^c)J-&#_f42R=UCny z@g?tDum=m;LrhyyVJ5b8ch`Azc;J3ba$Mc+bFkJ!1F^bVc{+Zj^zD{c1h9J_@$W`h z%`@f|k&1N3X^^moISkb%O!+r}%`gDrH!?C3+w*!ipTJV#GK5SX z&`HlGB~DVi-T;BdHEVywWGp@<`iGXl#dG!` z@m$&93ZCOFIgJVqpm-w_g7F7UiM#%rtsrmeHMS z_%Bo&I}qZOlm|c=q`U-J?Iy~rZjVN@zpX2!@k!<@XN3Ac&|d#CAUBC_y*D#Gz0(^> zrWOPSgUh2(Om*kOu%HKi>)Q6?hA{6`I|Dz_%br}N*oS1+Ink#%j*NmhHhdzfuODH+ zffWv&|NofGi`X<02$%mWW!bZ7sdqO-i%3Sy5gy>>1d!}%1-q(4Wa<>OKp zM1J@BWoX+|azWc=Zy*oFu~4(4|K^(_q+wDsjK=4Hr0*-~L!CcX_^U-RfId$jMv;z}>LVPTM20u(2Rq#tfysSf5F5OCwF1 zOZPO|&7YO~Rc1ar^$>R%LUcT(`y4%MTE_BbQJpKvINM?c-COs%=R)+x8IxUAXN!#H zoWjH8WpV-?4&)y#XHrz38XVtUKR)A+d+vXB@$z^GS!LUsQd*Dz`u!znD~fe&k?C@) z5q{K6fC+uVPy)%o>omF<1f?1S_V0_FCK1}=5w1haKzE({axg+bH;GS~)y>pJNB*F;*N1F&%V-$61y!7ZK-sz*l?X9LnSrh)Ts4Y{ zE)B>+!pa)z+jS|o&XN+}897t;a|uofhzhs3Z;_k*jbATei`GhR&SC5Q7~f~_Kjx_% zLPjcl!a0x4c$gBZu)$^wV5G&-$S1k3{Oy%IN47@}07L5?8^iNCi_Q4THjBmlPSBvD zJ}QE88vq&|j-A8}N5)r~&X2J!56ssu5>om7t7wLEGf^MPKlkt3;T7LVNPBoEhgumSQr8!hSFdL`D()xweiDj%i4v{WH&Ca7 z_XLN>poVpPa16El=d%s;sHe~NVBSR58KNotgnu;j%W%BbivMrnj0#l$FO&ns8=k$2 z)MYzx+<#I%uQ(^E8JfT4(Q`89x~*mtxGYLr#XU-5EJc%TxzH^7_~=z&RWxl;U1NP| z3~`qwAQUSM3vOQzgA_@Xti3*cA0CPgrUW&;U@mVCXukHRLVB4AM=q_|GC z*R17{P}HN>=PCFT{UkqBbD=uV)1i4-J$~9Uc}6}t_59E&Nd2(os67GGV%-LMz}~$j z+Dv6EetPZF+xc!6#CcxG@M$mV%#B4)AWzHr=rd@orBle z+?YO?l9GRqi{+bsvfLmZ#Qc4rs%U_S5V5C+UhYoJ^sTG zg}hdiL!DrX^4f?Ee&clU!}pQ(R}GxRRB4-qCx-e=b?hxKeOtHRXz@gG=MOYaXQ26j zo0LMCDkrv%7M@N}-$tyJpP%=1?|3X>mz<{zDFfAKAa&!G6xF_4OPJ|q$mn7JxBM2- zV-**R8IpP*Q!lLfnX;*U`W=e*!li~fGYgJ$m$%-I{pXgjZ*;AEo_d;3T|J)|m>R#Y zeRumq3x~R81U@I#L#`p!>)?Gyq0r}j8k`VIAvFt;fz?CP7$b}JD~}tCC+A7s z$`c{G|XN@+_{N9{dy1JNdxk{#QrT>c?6%FK*uRvXI ze}8mCRSg>wfaylN&wp_(^;Je$5^t2`?9)>PP7H-SJ0^^H(H;fZBUZQ-DrT!jR`Rl| zVq3khG4#0aH_}`paFS;cYTcwAIqxn0jHYor@@hg>MTskKJ4V9KE=1to^R8tQ!^bEz zBqL`SrIyzLuk(*W^*@p%k%mqvueR99S^G0?ZMJijAfWx45v=aQC`Y}6*q0JgXz0k_#T{|*lH4Hi*vv*ws?%^+n;)Q^3r*287Zv=_HI>3 z*=-5NyDG%AXugA-AKZNW+~;JHz7;lPy~p?vvC$JIn;l6%;lPkM4@XKt0h*Bh>?k*t z`~eQOE#k$-kJyW2=M9`-jYpZ9*%gDN+j%>(_7!nOBQ9%%p1Au%<)|nVzxR*Quld$JXv7Qu*ozuXzY;Jj;aM<*!w67>3q3N529r zVC4HXox&}X(ejJ&%fSVY-67C_!OBwDj-Pzg^lgSP)r-ZIqG(^sPhO7EQ#|OK4h-$p}j#{lu>0g@iw0%0F zHLiRk`0XZG;Qom)+bv2hQ_9J%Jg7COZmZPj$MJJsgN zGly8zY%4Z?2&)#0Ii;BCeR|~%oBs$L(ot0}pM#X?_B3>Z z5bI8k;8UnxmE`huu#PPbvq38?>dlXXHN57ShZk2*u+!aYFZlovsbNzxX7*4#;a~z( z1fXxg2V7h1yBC;O*x2rqoZS{3!}yS*DA#V;(63z3ZRvR|+}lgj%ZUroMDhH6P=Wkr zJI{Y9j}R-BtubMv#%ni>1}f&X^dG+j;BW|0G9Gz{z!cOShYASoOTnn#`mv)p2oAHW z0m(VES7E3Zx>Aot5FJc_L}Ta6sQ;Y+jJzwoF$pTL@zde(2U7eGC)G_Z2?4u3Tu}mJ zi`I*uhFHQ;y(tRg#JvAkh1UYm=`;-(anODj+N*?Xk00!3J6lFu&36GwhJUUHy!Zh6 zw*{7c;fHD+;N@j4X|c}}vk|xZS@8)k9*eu;I#Afem!+zYfUrLOSZBV460^_0Y)`7z|eYvQy>? zsJ{B|OAW@Zrp+T5ol-Q6-bZ?W$x9flN$T5c1m;I&711;OiPI@aAK`U@iba^m4+*;#=E2bMRp~7UBnEkUcOgy@><2$YwnX_UG+i%bS(vS@jEYmIZaC0~+9;~A4j0RmahP1a zv}^}e+O@oPw%R^h6!S~@L3bA5{;rf}uzN%#k85 zVVib5UB7vNwssW>%dWnE1aBM3UiDu`0*+$j)f%N zIze=1hUV{OKgjPj!b#D$$kv|eRglz{5*6<05=isYrm9aGxb6}$TJ%|oFHCBL@vlH2 z5}Yn}&2!4y60Zu?x*Lu7@P$=ltd^!3c0Sb4d$h^*Bx4k-W@%(WQ!{_}+H?r2NQx#6jzD?tTQ3Zvg-W{kB3QCh&CG{YutzoeoUg?x$F83@7uv z-E7aDDXaAQV$=%dXuY0*1uK9P+I{LK`OY_bgDqM`wZ%};nh#pK4D8-)SaT2C>W!YqLR=O*KGmU0 zd2{Bw9em^;RcVJduD^PWjbCbT##!}nUR-kg&L3Y_%5?9pfBd(Y2rrU@Ou&|J*v)l& z3CR9K+|V7-E$H2l&yKMm!}jz&ZF5+9ju*vs-Oa5Elx->=@TVv~=KT5v?%e-Sg~@q( z7n>xQ_9aQ#A3Z@#X2`hO-*}a>XEnbe9~)=HpaLpSjwO{_U``yZSBMeZYP6YP9R8d= zL30wEAC^6#15N3x@=GtOQ3ADelr;Sm+6`Sze(APV%`PA*-S$*`?tqY(;w>sEHW_=k zx~uO$D)EK)l|{UH$ch?2HR%j;7e$TJ%&6Tc63cI!#sfjxos32iaS%kWnFzLbfX4Fs zYoSlbo79Fwa2z`92i;>+-5)BeGfVrIq&`iui(b4VkQ^7Ypttj%<@OHnO6|!G%@BAr zfTWU1{>;N(lHjiFd>EtL5B_%7Q+>w$m}|&-hJ#gZ&4YZ5%aE^@WCXyOr&UuWpHW*w6{pd(w@C`p7yS&WwSl3jH5jp$Vs@=2m%J^g9`YJ_GC8dtTJv_PLTl^helcJ%mA zA8w*z>?0;i54*6jSHbD0mQT9KU%}I>hYnjnp1ovSZ%Z){r<5PgvwpHuqzHa-|5Hta z2XQp?XC3JebTYxO1y!%9x-w|=v{tntJ{+uS3(t%%Tc5)`kUCU>P3V7^y*CYrK5Wdk zG{w65e<*wFuqgkw+Z$B6ML-%vL6Gi7x=Xr2q`Nzm5=rR>N$Ktw8f55hq&tTi^1ViX z_jBL-efECdck_>j$DzY;F>}p#oolVnDHr`$SjhN*7OyJESPA%I(DC>Me8k7+En>I^6q56t5vy| zoot)3YfP!O%AEn&rmPBDb3cvgop%C|wdb@TTUyAWuf+3$@kWBN{dIw%G-*N5=F=*~ z4jkk1`9_S8WQXHw)m;(8h5n(huFO^p2O60KBDH?)jI3$?W}-?u7()U05}&k^uveLi zYrrS9%(#o-P%xoC6(ai;Um&?Jjo=+}dPDttnqwc$hLH)qD<6f15!5Tfn|9jOBR)xT zeh!)A`?HiL0RPkO@Y&=#${Ui5Nw6{ETL+0I$`g^87`^!797DkogDY>=F(5NN9C(i1TI%CD#Fh1k*8^PwS+RZ-%~`ehZZu=W1g6CC^5@N z;D1%$vhWRJmp2e=QgttztH6F=gtDE?b|d2G_)vWwp(xen`gA%{qP*RPVPlG?;rSQr z-;2yT&eAUe-^2mg+mf0q#cH@#qp0~t%#cPwc?g|cW5So(-GB*Bu?decxC3FX^x4(( zuS;*y()Aa?yS_tBy-jYO#;s4=AD+SztxX0F&u&vm^=cLNUR?MnH)chzRIfJ~743|) z_}i^%&+II$X-YQWmkw0mo5nb;cN$T*Qh(JC0^Y5yMm9DPWPW$q&Kl*Mo5ion_TM9~ z)zQ{LeL#+p18DGt`x*CsXU+-jjE8zO4cUhg)&E+C!+H0Kz zykg|<14fZK&%Bl&ZZju0_ijuzxzlq#ZxP8O2z=7UBg&Y~7M{=j{N|qI*oEE@j2AtV z|F&l)7Y2&4lR3~xQDKi?w^Fwl)V~wc1tq_sbMG{{e(6S3rJArx!=vHhW*D@(H33>- zXhlVWvsZ2Oy>FV|i;SgF96!)_cb>;2SmaGlc6%eJE-xB$YiWSSvopb7)3so?%8=V;xV9j!jY~!tu7uy4aV0iN*yt{UPcK^|+3WnUpgezx+-kO7h-M5~4( zsBqlq75;WsXLF?JAEpat=93ap+n0@2-0JpS?F%$k0b>KOIsc_5e3fJ<1w|_CR=hQA z>sD@qX0b$3THBB+Ok#wxCA0wt^ERgSys(?}g;XM9VK3xx3P;e-Qa+FdVci~Hh>L1C zxfmNfeBnXKojKEW`rN}7z$EMi;6dp)>g33I@u2!2X25o_w&QA;n!!K(m|VUM6A-@+ zST&xjGJZu@K&6=~whKR?4$(&gKGgqwac9E@uL$0pVJ-i&H<3GO(KeYS@k@`89dI(C z;YhgrZ+{CT_sVXTK;#$STNnF#25oWbb?`)MZXb=g1>JvbDGR+$Fn<-?^G{$0j>I;r z@v0-m^TBy6f|x585d;DmkfKQRN8M>~1A%}CF5e6MC6|%D-QEj=Km!r?A5GTDDRutz zda(mqL-fmm*e!aS93u;MO0E>vgz^8>Z*sLzlfH6uxdbB?$~f_jWfU{(LLO0v=2m1k zjU!@i57jdw4Q+T~(Q2*X@qBjR{^;Mj`BzZg!0K#(H~>EHF#x3ln+VX)R)-2&orzWk zU1J0B3oVL&1P?HyneKGFn4&Y`3pC>#iW==?YhsI^NzrQlYm@0r+n|hx01uKcajGZhTIpS7D}5`5fRW z+S%BQwYU4vhi!$@WMsii5_rFYfJNBvnOm^p11_Mg33`D6aJp1QV!y+8d*BEBS916X z7Fnt;WOe1cLI{Gl`QH$IoF49x+dS=D)P6{C@J?*z-6!u3eM6M})qlry-_w-Tn*DKN z$WwXciwY&`zzMarV%jDHmnPCzyrbqS1^k&lODMP6i0K#W!@OvG)X}@sk!IktckB{R z2FlciEqznEEUN^*?AvD^GnKjd`5;0MQ9U29-fNMdU>fp}1zvr<_YU*KJbE+igMUgd zL;-ubzN5nt`RTX5NwXV~>8*43z|rb^Xt#5b_?V#I+mfKW_f9XwuOcxDCV$$3~s!4`&NxCb{WXer#iY%2;G7WWU{&Vd9m# z)koC6@4qlS7e;G6n&0r|4hD;qy;&zK#;}Rq&8f_=na61a}{4iYlDDR3TAbrJuZUepjabQsN4v^L)NCyh-f0Husz+krJ z!IABWzP0mb)(pjLvgdzUM%&E{*`iv!mS@toa$l#3o!```(D6n9nHW`wYra!h@W>o% z<-qU}MM&UNOoCF`8dm3ycg_eA4SN`AAFt(PgH?wP{>b^iZva%TakxXJ{D-xn(B zbx{WPT1U@ib*z}-+d_4=J>@Xx*vB~I&vlKhewMP!DO82JCsgI{Yn|w2=ATly3@UV9 z#K9ZWg$Vcy8Ku&Wnrntc^F{3MO_VvHyyF9od9qU<58qqHVG79C`)E&mY#0J4f&1(X zAUO8jg>8v~d6OkS2Ha7Ji(9#|rWz5^w&3wq0>|Sx@GCi&!3Z5t`6Tr7$QNc_Nbk(f zgcxrD*4(OO-uL@^lfqc~qnq4KnsnR*THCPSR?oBrt2V3ff_=0M$wYU|RlY^qe*t$T zNrb%K%pG=#!8u2-9S)tbjcIXe0qhozl85Bit8CH(ov(J5`Os^GukP-kPKWzKL^cMG ztLC>ht|Jk3E1s_1jw9hUewP6)&cJA6#n)@yPaW29oyCHUfk=6_-uY=CotS|rI1ONV z!R6+|;>^eG@t!%~t0lL*VpTf27x~kSAM#sARhwf>y(s^9F}3TpA5#yBS~a&#Ti}te zdHK+VoqnXV1ggA4?0(}GMyLCZo(6OMB0Qe#D4@ZY4?_dA9JjL6DMPg_$;;qF+V}IV z_cPt;WQ6Y@!nQ;tNM{BpqO+=0b}o=SzZQu$w>4nQU%ZXlH6g1h*CTd}lAcwxBAC8# z)#daRGDvIl>I==GTDlSVc*ytbwC0U~_hTJM*ZZodFzsW3a&xa}OoPigbJyDRZcA@l zcaz3~%nXHYFEl&%zvmV}OH?NYnz zDg8|*f-^Ldz-A-fG>>MLP7b=HHmN(qpQRz3Fkxxewgc<1HR zW>69bd|>oF_vP^3NF8x*pzyn_)_Yy$#3p8T@53~fZ1EK?!9v&dMt7BomM2APHcM-a z#aQJyqVwkzWz35u@ugXWdH)c-a%>Ad{eGpX6dj5k<%ZkP!PxjVr4MEnZ-1(g5*WB~1$JWH@teSOBr>;P)Rvbn{0Lv3&B%K>HYVpjB4S^&~_{4sY)J zXg%=$Iv~3{Kkf~p%viP14<9PwF_gDgIltu8^i+jF_?{`y8qPy55wfefbzEx63df#| z4e$?@qc;*gcahIMp|dZisgG4<^4fCN*VZaPPbGK8D@$M`Rq@?y9?4L#oL}ZC86r+0 zi$abyj?w3gv2E;=vZcoJi-WObi1EzaoWP-rWvduzgl(N|QZn3i z-G@Lt(@p}ck$7A)`)tWfLhd+*Y*Lf}_Q@yN_nh+9@Qwy>?SZs6>KHQSH4T1DR|N4> z6yOuC?>{;O12gY+XF^T$=eT6=*Yt3%Bkc#-Z{G^opnE5uIlLUqbvvh;-?l{Y) zTe;Gg+lE%=6n(d&Z29pQAc;7Q2W#zS98-0>x6L=XbtiGS3HDy8yT&rW6sG9F#N+lV z86Cq$XC5r*qr`Zk?-E)Yo$G&-}X z=8Ty!L+nU3CD((!1`Tj~&UOH|C-fE_!-DJcA>YOwX6GIV?4~U@h_+jJ{*(J2?S%B1 zySzT7DB|TS*JoD4Zm+VA`z~O1##XA`xG0u@SpDL2yTx^&jTtr-*zxrc2TvA)p0^-2)R{;Ec6(bFmK)6cjS}rK=4}M-$twf1XvkAM6wC zb|w}~>N8Ij<*j&}kD)-lZV!*0?yL`t2f5lR8_d+rn^DTQT6kSm5sTraP_I6_Gc)d9 zb@jN+y<^WA0b!j#y_NZ^47sx)<-%Mf%eUc3Bw39bCvZq;m*p*Is6JQCD|xA0T5qFd zYYgp_y1D}m(7RL%8>kGsB8e7xIeB>K?+z6|sG4i0_c6NX%1Z_rxRtM4Y2#r|kY~2z zw%I6{%TV1`O9;12y7Ha@vzm~kkCjqgU0ol{&H9dMm(BccXM4hA&+cOnNS*zSV*9fY zj^97KJE~c!uKObu;drzUuo=JHwfla^%ygAs@4#8LUolGpvQ-2$RtLw8+Zmsp2!anP zpLyMKp}u+M*3uvJIGsciXg>38^6ijUB#g6b%y0RY_ZcjB6ldXAEtd-Arapaj2gocu z!Bk>-?2z54s4g>H0zBUc^I;VJw-IZI--{oMb`h19fPpIu7XOLAx6s^w3!h<9?cH|W zwYBq~F#dKc@EqaAOc92=B)_m$39yA)ez$yS508WlhZwP zr56bM)@aA+=z^f}`vkP~okjkZ_(wBqrv#F|c9 z{2!g52cvCfZ`*&>o+Ghf{*k;uxvlqqluEy!c?JHzmC_1h46kTFhT?lw^Rj|W*2+#d z`BUJI_~+|@3y_`_h9mjcf1-%fMbJ8I@>c*lz^dUNbimMt9`}fdYi0jfcA8mv=gt`} zwrRLHryyXa7@dG&g$#xM260E z46c*zi0vW-rz>TUn>FXd_?MGDX#>oCs)1)>vwuA4{`JE7ie0= zs^J;+Ju7835#O8@C)Jw1kcJX!qdj;Iy~;DW=cR0TIsa5jMvBz(Vs$w-eS4wr+>3G; zipjEmTEp-;Jc@Tg*q)bu(fGkEV7Kx2#Z|#)6a`7KHj@nLI*08du}$olvUYpj4K}B| z-^*b?wviIUPS6{epc$k&Q_-IL^nNOWoqIwL99uV7eEGE)Ds$Z>#gS)ns$BW3UvZ*d zHynME5gk~~swy@G^oIwmYl2Bf-@h;%Rob!L;i|uQ@kd3G9?8vVKN4Zc7x;w5nZB)N zk==}R(cEWW8S8NFvSh@Tk4h9LknHF*HAtyrYQRT4G|83?ofh4URGXHTwH?DOrf#aU zT@3kA{eryI*HXM_i$~X?_R~I7Ov_t zrGGVWb|~Bud*-U3MEcD&V@2t~TQSn=D)Y*FZd&|akFff_bNFgyg(OPvc=go1NVl5{ z$m3-{He$zM;+vb^rtT$C&pIuz2@<3@PhS#X#bGEe5G0LLqP(S{wZBkap{xIxe!XcE zA3&>Tw95QoX4(&>+*|`OrJ}77wle1+(tX)yXt?Vd&_L^RqTk|R71Gv`UF4KA!L1*1 z?L8J;znfuMJ!W$~62N|rg*%-OyOK_ywt;vs5T}K2p0Ix$z{)e$Y&R1kE(a}!`-60= z-Y4%BO&hK6ngA3TZ-Ho-Ta|5G>Us~H{eCvIiABa9$IvNDuOO{%^on`d zjmD1-XX#C+z`f~b2=-ph{~NrsCVaXd#5V=Br#+#0B-m2>s5YNa+3EJ9KB z+#kR~Dgh*#zHV==CCzKRX0TIfdevzWZx)I#1}*l1K&3Mh>EkfRf+DM?SmOQMp}hUZ zmrgWW9BcfFIoMhFB!*<_DtaF8o&E_I(6Lqexh$>K z>ynmylLbn*?DCoh3Dh*z1DQjVGZwtRXp~ZI8?+?FKL+hv%ANbv>H(jUKW9Hp$OMo@ zzG9Bl^XIEm2$^}GR(07GfVe-wP8Q>Oba!@+t{8%Mfa#4DBfv}@m}wbvV?BO(gPqP% zi*xv3t2dV=2jUapaB=-Q-Ib>;9F{A`KxAa8Dl^qdgUmp>Xd6;zp}$1sqh&G{n_KD` z$V+X@`>`VSYy5+$bDVrOr&aihq|(xB;V7Ch2-ljvfZ=;5SorsVD1qqVe=SRol<{dgWxK>QJf&*V zHxkKzf#@QvI)m;;@yv25yhVb2A30^eW(;Hv4SO01^`WPAO3yb7O)yCk*S$AC5_aZ}AuY0K~!G z73mblp2n4%jTEsIst=?2Vd6rY?}%hRRZCh+H-lY0$(IQe)R5Z7SGA;9ic&2&n;(rZ zs?Oj-!hS5HZ`#ot2#_SRUnN0P+`Fxaja*_#c#wbd*LxWDb9Qh|VHm#!zx_C+$8U1*%;rR}0dyt~a=EvVW9rD6f5d z0BudG0mH)IS%O^c52u$4cE|lJ2G9w|5TRRy%Em^RVkiEi-v0*VGzwK!-^!IT1a8)0 zCvc=328ACMklHcUuq7ins9xh2>Xkqv!8YKZ?T+HBIlrwge1y&#d`sr-6%npC2#Qiv zkOf(~ZElP{%`kXJbi_yS$kAe_XN((-NuwLoN9t;CVKo zuey&HWg36uvTZ!^P{<$@^_1T%U#B%N;ARyFwwIrgI(I{ft*{Y`f3vPjP71Q7I=hdt zAP7_E?rma;H&NxU++)ll0dl;ylIl(%jTAq|9{0@7=0c$IDvy5nod(=fYZ{IO6J|Wf zKka}!-7LfP#mRR&!HLx`cXK1I-=(TM;Z%fm_|&(>OYq-nh88oi=UQlgOqM*e9J#FR zboqfZ?+27(L~SlpR6`R8IN8GxpJqTS^(fYVDXFQc!(6}@>;?n}_|v*)%2l%bT(m^txzJ~H|+t>GL;!uT(=L2SkDg#z0g(Kz%Seyl#Y^- zWQ|Fz4^AliZBN~5vB{)aqNu{Flix(UoV3|_iqTX37}=}RCiuzoNo0^-m;3UYU-Q9* z3eRh`R+dZrS>*SpI=X|hn6%4UiHJT^$$0$RP)>}!sB8v%lua#7cl_DCuTu-%4dVx_&ORr;CYI<Dqc=85(|}86 zYObtE!_<~97?!}+ORUWJ+-m4^#V6jRffdy@-wmfB#@nQsuf`d52^BUk_g}lFUi6f! zWahSzWNqzAb-3VqyyLlE54D_dIGzeX0_q*M^ukGZHYMvU&wzLt4iLifr|SK;l-*QB z4&@S&n+X*xj|R<=vBIUL;*joq>>e0IbPU^@kapGWjKGZ;Xehx85f@oB{!DE;UG$5! z^>g3)nrr(fUDC{684-Yv-dAcL{*QK&(_AXA{_m1?6nStDjN!-|VzYkLqpd8?x1aWH6QE2E!Ibxl~KP%O6cJ<%EHz*(zf}K zb5r&lh=7klA=`x@P$o4sbzFHOPz}oiW@;sGdjK22%M#WqJSR@B2qEO!0diesV{rv< z-aVdC#LFZMzXIZrDg3{9dt1{jU7{_m_2-I4?X?$G&*U8Xp@RWrzU{8^i!~nmyltji zd(3&_eE|;ZxbB^15V<3YFRUi@}0U^(N;DOWwBrUB52&XQtHM z()c}M0A}G2CZAK~P2hP>Fb@G>D!IVg_Z5=x!JxXJ8xr$k^Cf> zy!mb46@cBR@AMe;cpdej;;|WY%SYQ^4Wz1oF0!4S9T@V&Xigy5@c2PuEGvd>AUAan z<*}57EcE+3I4+qR)OL({63yp*anTIVj)f_i!9a#`ez1=vlwfrPhoSI9OO{obBwt7n zGgA^#?V2N-hvp=Uy^0p2Jf$R`xZ;IDX2EzC_8F9am16cOP-N`+_&qozByV&$vLNbI z@OGh(QD1j{6)0Yrw?Ew~>-|}+2s~vtXUBu>#TC!}Qg%K*S(dGlu13qDn2|fy;`wX|*vcA1LRQv9}jAk>gCTTeG!Kiz>$N*2W z=9n}8&)OKB?*lS8594trH?O*8Iw#j-SFN661Fm3Nd)N5S?_^ol9Ex2@fk1iL^#A0$ z0+~#HX4@--FE;>;1nxaek`vQ4&ErO<6#O#&30lw>$%+~Ii>IOgEx-6+WES%7O+mi7 zyl%Z1uA@Jk$`gQY_T`^ECh$-cjG7Dv9Zy;qem|}efW9)!%KmSnigpCj=|6tq94Mblc0^e=l-3RxYz zLitZ1acqu$7IJJglaY<(bFMOd9H5Bm2gG&*rp`WRw(2uH0uG|8&gnHkk*Hqpuz@`> z5~18P)w`o__9N-B=}FVKUPvPEwpjafgyVP#jE-yXVR$V_C<~tr$Q4|no0^PAb z`zvL?1l>~cZNu85vvx7)87qK7K65JwScg3-cLvGapZyE%!u|-}t{{m0goCe;SE|Qa zD9z6K?!SOnz=#8QPx$L?85>mKOWu$9)!}2;Ufrh|+?cVmvWj2{TxXqC0z0F$zfQWg z-iN;p$;_*gOK5AwG7l@eypaDkNrKq9N0WU7ICpz})h4V2K4zL)rP+J253V>$iMnk! z(ivx$!2~Z1G}~Hc$XIF|zYP}bE(UCk^c$~UX%(kon6n*mEFST8A^>!czejkaa6ZK} zB^_QuZF6lRKi9CAx;w?`;_S0fC}TYoV`Psd{noEN)U-4~qCu?AhO2Q1 z8gS9O*$58^fadHv{%JOyQp8{>u z>LKu#@5XIs1)G?DmuPFi>%khf>LSPa@eZOvx_vcKzv4B*tN!;;sFy3JgZ!a6knF*> zFK<1pSlwF1^v4pR%Od-s$-K+m>E3NVJI4YVp(R1kBwnU}MGD#>Ivzl6FO4^FqMTr4 zL>8iX9y!srj13~wm-NPgp6Pl8{&p?Idy#0>8|#2E(TFs(@_Bzu*DQUT4Swc&4Ib`5 zfPQA3?+Wp9&$BG#|E6HeOtDgPm^v@1v|tpQMcUKm6U&6C{L`Mx3*D!ye(K>JPtNd7Micbx7c? zZ=d3t42W7b1fp6~qh}L;Ba;h-2oit#S<*oQb`z*t-)`{rv?=$<1!P61)Z&l-K%cY} z5@~%2ml5^GircB_3_P_XvB|8Eg#V-!4Pvyd3+}7&#OmZO+MQB^nJ-6#$kd7H0y#g4 zH)XOCYl!5>0W+vCz?0LH+gKWv~ z@+ym1g+$Zc)%SJ3%VikKpDEZD=;ORe?5PwVs60u{$p1lLpC>CaCUm-Zu8sJ-)Hf)cSxpD}1eUeH+vg74jub9~UNGBUMdx|t^76asRQLPD9 zulFTpGN4_|n*|e~1x{S`Eu0G+NXE&Gk>tWbHhKrk7xK*ya4wm@A8d5`{VsLLzk@Qb zpDts0uI)oowKVH-9@s3SI9774^w`R#<%dDj?6rl@_1^A@q@mzER6XDMbgiA_>22v- zPldcyoD$4TAL08!#QeEOTmY8vh;oqAab?}|d-D{}h$8auN8vfN^(>R=)aZFYeLozD zrioIt&T%@~ZRE?{sFs%9u5S$F=w4e_z?aF^eHDr-0=oPe3zWf?^=pKScCR)ZUd!K8 zhhf3BXTShc0#l3NNc{#wJLswJOBwqEO%icrdZ;`dI8r>S{lLi}rK`BEN-DyxL* zIEIm*1h(#r^!CFTvzb4&sc3#ld>Jq7`H?64Tsh%%9jk2Q+M}MpY0Z97+_mMfGmvTI zm7+%9fqkn{(wXtFS-lN)?qEdU+A{8gIG7hAl-7XW;ULP6wQC(?OV0Rh&sS;K>**UR zwd~EHaJSFg#GJKmN3GPM6CyiCDQgrHtvEK6?J2{f!jVZ*5KsB$qQRUw{+6E-jvsOm zvJYkTajjxeT7~#ixuL9jUj3)3Rc`1p=1Ic><`1njpA*R8Dy(36;Su($>>QlGjc+A@ zK+#K@$WmKwu9r7t{aIq;Y2pxssAf}eo5Qi@?X#>BHrAEw0kKd-D?xY~4sjKMU1I2Z zwYl2X*MUxhL!{W8wDe$r2&0;+uZc~Z3;Fz^O6Z8U)HcE57rn9@cCtcpnS2x7t+295 zGR1@D1!00)P#-@q#4^c_2d}mcM)G^ji=-f?Jp;m{If+w+5LDKR`xKGZkYmuDVY*erL zSiQ;j%q6hc`=Yx0rH-x<<#bS!B1K{UX^eDXaUp)n zwB~SgX8s*}Bat&>$R4}AS714S0ld}#)pzC~+%|5#;WvP{;GsM551lqhA`t(C5i=XG zQPQTdY0i6<1?_wFnKPsGQ}_fwK>9`iKsT3{o@1e5*ayZ^m!==696yuFZee$-X_`fj z3>6I*Zp$hlxI^;G6f@ zH0i8*+YCd_s#?^cLJB?-n|h;7P11AlR~%`)Y*G=-C|s-~^7EGHU zLoct8;BAM`;)AJ={gSkbx5cy#Ie4PCll2!p@mN<%-b4OM=Ued{1Z9ehpyLMJ?x;t- zWSxVr22w>ug8|534JGYJWS|tC=D5ac`IUEVq|?FYv^fE65^$!a%=mdbrE^yDQPWipT#kv-?^k;Ze7!QgYHOXvlU1k&$e>O_hP^Eo@TXe+7@({WRJIs zKYy6{Ai4S=dV5jpms9rb)oPdCgotO};P(|C~_3sW4TCI29T%ttUnlWD+pty|lr`q4=wT^!gu8 z>V3#R@thgoYJrigurmnwg==0v`F-81E{gv)=F>0b9nL!Ru*2D;Et-%aolE1MnIgGS z8KXj#{ej&?s^J4&h_G2CbhhZ^is5}<%9(Hg;!Hq-hWt7h?YT6A>-)uCXPI-J<)`cg z1@DUJjeD8yJNMX_k3D_F%=eye&uQ;}-X3d)Y#<0jjpQEmY6!!kS-D8j7`le5Shs}g zrH0P($G^&rPG_+(!TV!=>v@HNg*5^AmXYf|morhx8epWp5YN7~jGJ35e*xHit`jv+ zlsEE1x~{4*y8RW9I@N*U()9K0ZZ5DXXCV(48kq$;cFh50kJs-$3K2T$+Z%PW#5<~w zV~C_gy_?u$hHUGvc55V}#dEkoshEKi+PxK=*#@l@9^b9DduV&yf^QA zzJ!b8a>V$lLBe=4t78-qA(9W~b5adfulo=$o5K738wF>72N-k^lIhGo;ArP~Bh~-4 z`Hp_`ds-BH`|4Amuh81Gd~QXxJoCSeQnKb^*E`PP2<{iFjp$kt=%a@a_*C;@)28r_ zgdJXUbm0}9i~XKihq!!lAFBZ}msTnrkovv5&s@YAY^7F?I^9(|hWMo39-E46YTI$W z8ptJ1YG(09Oeo{DK}vjjI3|RA4?l0hW8K6(+pDvFdxvf=WsPJ0asooK!uZdD+i$-a z^8@Ez7jXNnF+M#;p*BsQp`it75P1_PKUiuj!n73vL;19gEOXoRexQ3a!&b zPCyt;EEQ;eU;!FsxAV0HJEG+GaTmA0V>^L9-TMz^2B0$FKCijF+2 zug&*6<9}>uD6#&swcNgJadapI!+!k}%j|0Z$8?o>3A;crj>s{a-=mwy&Be;Yj4s+o zCV| zS&djmBV`04_x~eOD&dL1{sFZ9xbCVL4Um^4&i_)Ui7VuzzhR1;0%%?Xe{ypk)Nc7& zS%JqE{SMHM*20BuMyAKZ>d22Fmy6v|n}Sa<1YzHJ?Fq0P;?_q1kg7QWjNNQaS>;Z? zyP0GC{m6ew#uB%z0gf3XmPao!g=9^V>3zKH3Kcye=FJDbuc>j2E^w9I0H^d~eXa_U zJgmUmH4Y92k1Q}g*{c$i_PLR6u|sBh+g9OCdgnP0ugxRAHQ{_D3?XQ^N`q$D#aCx= zu7iTF?pL3{T_SmJFSqOKJr1K~=4T4|MfyJEI60>;VU3I}j6`T3%_)2CC*$n;UIySa zwLwGvG{z;9|1D@UB}`_Pwt2CL^jF#H&9}=X#2G*l<3`v0x#~i-07EYJl^bVplW~W> zZ~laUI`MpdJ}*f)nR-NU{zT;Ocw*esGRrSsfFU=^TdM1bQ2s~C7L=0W-<%O^yUWv+ zTj1zL(+i>FlbOQeK!$<}y2`;R>c7Ip0oZA!Lmq#*je88 z`$7aUBb?zQfP!h)w^)X*x&s)_(NHfm=dzOP<*!p3B0=f+@qGmrKezCT9K*t1 z_$^ZZ;eY^3T#;#{V7%aOIZ!)2?H@ma5VCE&8nVPY!%%Zbeth+-lMz?E18kr$NWpgL z$z9+UI58nd47MGEMU9Ck1xGv=E6JTX-D~ttoT1c~e$=tMov@yA%uoz$C^z%f)yYVT zJvE2B;%WOTfIbEoTY{WbxP5-MMP%t7J>L7ez!MKa@U^b*aY|cq@^hF6W+Oh$Q5s#L z@=N31i2;MQrN*(bTC3$XrGmI8=5LBoK}Y(1Gg54NwZ~&;o}Kj^E&1&KH18}{?c~C- zMXG_aey>(axm!LHuYeaEnriYBX~KE2{pY161QvraO-(dF@Kr88w=<*OA}IGD{~7dQ zteSlTc~O2|pFF!djZx)}l|KNEJf2B_K@vHtHh===4AwLKa^0=rnxY0i;y5vk4l+R{ z;2$6VBx!dR>^WBUX`7!6B{l;Q>mckE8yCdC7_Xnf?J9G_xCN{1#qcg;b z?12j65MMp}#+S?+VY}fA#AaqJ$rF>(Qhd)}f|;0Ge=Wq|X{h?DYTZD_92DPrKP-Dz zr1LJT3BuWDE|U9gnC#vygtv|yZ4IT4yJQC%&P|_R(!->&)gNgrpgrRQ!D}*$d5{U>;{%UZP4)Tw-FB- z&8^r?K-l8fT|O4`ymoz*i_gbQ;>DdBuYcR4yWo?!#SYIpa01G3BtBe9g;`r*ca;!4 zve+9_`=)s)ctdin9Ctzh=O8mh+iA^s=0*CUwTHx{fP{Smsm(ShrCUZ7{RwDY%`HSP{}jizu~5o zl|$q&(4subxWGIXMDK_kpE|jK!{7Y76Ob1v8B6b{6tgUvc(=;==czR|doUpfWkFb+F)$J5#3%(3$e81hNY|76eIW2`SmM+lQ(7 zpG)T1p&_G1gE;Zxyi;ul_JD*e6m7u$vH@t%ppzqIIghn)6-GMHhuKf(ylg$`IccPl zd*~QNL+%#e-Uru9Yw&ogK!fU7(i>cC2cpEy(vyyWrGThdFVM$57$;_-a9Oy%uKOd$ zxeFm-*+kD&hJQvVerq_!=gi$|Rm;f3FvG0K#7BXu8P|{FiWG@~=}Lc8^;K<~ zi0rctwki#ua3H7<@x$}Yr~a7N&{CnU)`byoNd4wC=(=9$J80VXI1`$k$P_4jNM;pp zQ8ypJv%*Ptx5Vm`_+$?V=TfBZo}`#_qDP-|J^ME3uZoF z6Gia4t=G|AWwAf1M9Q1`#2^`ha;C83&_JK{jWIm>P<&K``GuEsT%pUUL|qUUX)FlM zs#ScjO#Y{=ODtmCu89q>FVq#W`Y9z-%k}1~pn(_xP&^VBJFc_n;xNBs#=AnRQjv*I zB36>)sFl^|*P~`C=kb>Ut>3l-ioM0t!PHlx0Qa`h zv;&`zXr4^NV>}3KJ3jFa20CQo#@BTle_@c~ve0){Q(18U&LkHo(c*cWyM3!LW==`< zP2Au*60CK%^E6w|wvx)1vhdqgI4!&p6jcU{BV5xOtfHVRvDTQm7DU$AcI{)Pm9XLQ zxv||z-sm6)BnA1Xa-R0-J`YF~<14u>CiIi?qcy`~OMm4zP8Hk^9^mRd&OR_bZh~qa z??xVVAI^MV3f&5~E&1B~PfC32@mO)8{GR+V-v_efHW_a;IWJE44aC`!X_J_0sWC=x zwxG3Ct!@qJwgXOTg^(|u7Ik2)1*W}*#MxC&@L`F0!J@kO2=LYux^J;75aPEZsUxjd z@b`Pam{9?BucI$}aSa|>PBhxNz=>30q=eSpRULj*&g*$mk9j+{NfMvm-r#fbdSqOjbK!d3GcTBwmQY?Yi3FMOawa__7%me`&4r^AF%G?5bCwuD6^Y% zxl233Dt?Xa2+BZ2EC-tnzn_M|c@2Wa$R=$Hr=Ha5Ob0Mfy8 z3;O3a5xqZ+7)6B|#f$KWUx&S+lMikX=x0`S4?dF}?|ropLrx>4H!1zBrLH5(G$ZLP zIo!*)_+e-F_NQwx>+YHN7sgvtXHh)-5$)B{%gXu7r*9$wTn3!$XCMLs*zTB>o`s54 z_$zkGPk|y0^Y-%l`WdH?@F8Zq#Rf|G^V{3osqcn?2i<-_Z2ygRc=7ezzs{c!O={92 zc(G_ycdBNVc%*z?d=9I= z;Pbk3iM+DRuz0n`p;@)97o#@75!cC#I%^>oCse&V9vF2zRnE-4Go9PpNm(m{AbDEv z)$9ePQ^-^2GM9C-#T%q?Qim#U%NhEL?1`l(qgyc`DUx;%BXRGvoR7=uHR}UaSS;>N ze!k`URU7=1#KcFrCcdKvQBs~GSQmBz`9SS7iob0;#TjQr63!Kc$LIB@HgQ|!nh`1< z@~8e?K!gIZsWAh=E5qs!v&91wR$;_pI(Q36NobGnzRhtgXld+Z5G^6BuF`dy4Ga9> zos!QI{Uq^HnoE(}$uYA2%7e_+n`YH>)sDmrjjByS|CqZ1enMk(Usb(a& zb0ZV|Shr?8i<2N?n*;TS(?rJpfbAD^F*2-o1VZzTtU7gYR$uvGixwdQF7(Lqu_&b( z8{SJNjvVzY)Y3X1R)aPR%%0Kze3^m;=LwVja^GYye6hZniS+sOiP%RA0mpg!yB%DG z{;(y~@b+MEv`|1Iuw|(Qde6V)^X&~03>#gp=k-nSd`wXbge6FO2guUbn?U|tMdw%J z3_&FSsT`Ase8$Be;)j^`m!bHUD(m7?tD442Eh1-FIUsUYCLV)9z| z^gwpj8&nDu#&#zP+*&B;VNWWO=6?~|VTg!`llts12zoj|BS*ddM~(x~p^%Cd7_)<$ z=mf6m7YF$R>8`V8dkEqmwvY52$Eq)=jm^$Uv+Vx{1($_vG1oLJx@u|*q?*KSXLWC~&}ZXrs2xJ1CGq$VYjX zGY_mQ(Qy?b*g#2d4DyAr<@i3;UckbhPT! zYwPS4$_|g39s1?~_`eg*>BavWKwQYbk)A6kTz1R3F!e7P(@B~hFf|sPD>M1^j?Cvv zjqGP``2_-Y*{?vRxx=SI;FTzve0+lT_aYCyld(vY`hJ6U6K?YVKiC}wF+)lBfmRq# zr;Oso4%5-@p$pyg0k76;MftBMrd;1t7n3e(-7xJ$Yw_&dGdL%8voK11Dx+BzR#Y8! zuacLKxLa!8{d@_@jU+r~dV^i+h&I8JDBf~jTewQXd>xV>hQdhoct57wuViW@F)7Vu zVY_O36Kq&SeGu98zqC|wU*dH3 zT(e`Kbo`=f&X-Z;eOqM>tU(YYcFxP0C^p{iT3{JuxOpa={$~RcZK-PjWH23CgiSBn z2_I?>IKnZV6tOwU2-)$n*^c|gstl1XH?pjg$EtAzg!)Forl>d2FVlGQ{V&W_>tLHu zW-R#3b7=sLmv*UEFcpEI9T~?6vz;>KT+~nnd-=te4QS~&y4h?T%-ts9YSZ0 z3d4Ky4hPT$zy^ z3%xagWiDMD!SEf5S>J)(nL5CHWm$QfH=+ynD)W^$Be8AbW9cnSCYhT_T@R;=GW_K3 zFhEVgz-fDrt|G-rx&ehpK`%4=Oli9g6^xltaVKWknwb%NsX~-9&KO1WHiyE`sSOW) z7l8uvZqXJ3(P>CT1-(nhxSiWs$cBoyU+EgnYu=g`8TfVDPKNM_-|BdWylA;WBF|T9$Oo)sVF%U zJ%Kvz{Zua7c08=M)I=NBVA{YWuXE|(3UhaH#moj-Tu${D7A>D8rO|fGnU%!@+PsUP zjFvZiu1erzNe|`XeB7=AR}U?(b;_^r>2^+Ol$%Dme|F2(o#yMf<~Hy@9q+U^bNzof zd+V?$-@fY?QChmBOF$7Ak?sbOlI{|b?gjysk_M56p}V_58fh51d+3It+1Kdrxu5%a z-uu|ce)s(2aX8FyF>}o|=Q_V@t&hzwt`)7!NGt8{Wt&_fs`JUG=-u5OSga_gS1C>! zijOv^QHN~pZeHiGG40Fr_b%HG)zUO0bas2#71Yw1SrJ6)q2j1EHJf%oE5n5F6X%ljT4&EW z&oh5{q52nwX0gL2D`CP@^V_?$(phI|$zW9K4@j(YnDrFIzldS${zkon~hLaeG zRarz+DaQoiVY^a1S^```h<7E&h`ni+nT0%uOKW{B3eiuL?ax_GWD+9D4nGyx zd71EwbuX4adL-wZyoSIx9r|f6?6l)FI^8ci#1&=X%$KU4)WdI>=g8j+a zmG-j0a#x&H*eaxSW8k{b4>A7WL!Nz-FF2P`C4x=X|4lr&i11j(pqV}}3`qD=nNXU$ zrlOW8$*{J&9{f5kMue$jJbc$azWpad7sf}%S85H^C2Y%@Byd-R<}3h27?MN@I+>Rp z|0R*eo6pCvGtXX@w$YJDJn)!Y=|!8;5X*%BqyBMK)emJ-7*2{nFA@gX&p2zBXJ0n2Yp-;eB<6k8Hu_7t0Hhik-|i_zkwgIZrTy~BlEF~ZeYu(v*rqA{ zoaJ9{;fCOMo7pgGB{1I@Em%d%vZbN1GNID#m50xmqulFg$ZIP z8!s2{CS-n8Yz1d+qraeIU7{(5Bry*bE;h(2LawhlvhNsX0M*88N$)oWD@osIW;|at z=SDkS&qpDu+SpR7GCZ^_q(t1Aq*3^Ml3Z3(rFcF`_vdpn<%q%>YiRq>?K`OG^r$OA zWsjS<59|FU%KUxhe(^e4#QPQ@0)QZQis?(2YLh&Yey&soL8RgPF`6srXst8W|f zwI*-qk#>GqZo0TjvTu~yjC~>1D#8RxW0;Qxj>M3D$S8!pbxgxDe)6>yocZ0y`-jI4 zGm6ZQTZ{Oy>6O-wH|Q7GecTBA{;3NKb(GXdy%tqz2~U8l7l^O11kZs>^HnJbosr*e ztQOyRRzW5ZC+R46VpuB+P1vno;$n~+Y6-ei#D<>sT6Wu zNKj!O^snj~B-J6{ING4);|b62M;Jt6ebU2Vidm{vg+|niY`xzaMigkLJZW>RjqnID zvtwxWDRaaZ9-SC8?U&3Xn?1YR>e$p=j<0N)*lW>dNyqnEC<;-$SqWH*8)#Bv>#x4= zWMzLRgwRL)Rby3$ zuKk$tZKK=d?5FLaa{COWUC|~CcZFcQ`5x2_> znO@h>GPI-0DEqKL*1qw(zyPDzdm|CgMR$G?!vfqg!7vZ2Tx9sPL2d+#r%?oUZcTn^ z5*cmFzWvxBXVUqEd3mysBe!&ttn)s2 z2bTL6uOiSiaBb2T?zepi4uny;m%Miqgv}oAeD36Kio-~pO>h7YN|H5(=qrLzm<6$A zQx|k@P88S|8|z?CJq$4Km?G*j01Y~DEjMj(psaLiy{d7K5hM$zD@2+m$&DMTnzNfF zCrkv;3QBm#W7hACds!2=hdcFF|nV}Yp(Z~PGVn6JmX9|qmi zF7o$!u}WrIXJuZ9I3j;5man_HiL%#VkNzoH&W0UDp@_JkS$n*-3Ps~1oF3($DGkljK=Pgx04~UVbt*XEs(q0}m-Q0W%lpeUf^ZkTR z$%WF#x4Fq>$EMbbZO1#6PY}VU7`D6rKn;xikDf zcAp;gU@t9KI0ang0)N7n3`L&fq1PCphOX{^0cEWvga4_nH}WSG?5SW)552!R%>5sQ zc`W}b%==^aD61_SLx(FQmu7MeG~&H04e%zs^!D$KH6Ab%mX_4|o!hl7^09jVp=|uQ z>leJ9(=+$~6AmkKd+y}l> zH;F3>o)a|R!s~+#|JDa1Iv$8mAMV0st@nTQKpe6kHXWH4o|@j(dhcJ4)LcO)4fy35 zQCb;b@Es~sV4FxsM<;yq-q^rSSoA9M!OF{V^kU6x5u9{cK5v@V27gIJbm6v)(h}2^ zyUswWbbJ`m)_OBG2F$%-w`CX&rnMp@PQ^n%?*-lR&6V12HqcjrHw*E|ZHWnFVqEh< zeK~& zdOREIiCNniZubb`22s5qSVm9Db_qPJ#2ihOs?OYamn#E)4{|biU$HekjX1_&4LQfB zsTW$0(SQM#h&%I0U#ohSg+6h7lXGRf$|Cc0u0~!O1<igMIs0>&rKq#k$BZ^qh$h@uRdB|3kA66zxMxw z=U?%kwf_}&xSGLr7S+-oR##)Dx)TAUmv?MF@+j7&;~kGmiCK2NDaO zzUs3LRLR>)H71W$MJ02sWMM(7TXKxSI1r0;5Ij$AT%hm3K^Od%>h-Z9++pgd$L;s4 zm4_iBewphzX(&$;n;zXQ=xNX=Ux00Pg9%?&s5(;p#f$o>`4qs(S;)|VtK>F$aEM5AQi}c&3bB`;T!}fV%I=W{yn)MGb3Mx zAKQN|Jvs>Ggf6Pr97On*=QSC8945982fdGbEKp6ek#CfhW7g*`lWR_0$kp}A%ehic7J0i~ErE_H z1S@tncT#P3fXGY&49+b7;9K);@o_#o$J-<)&Wq?||5Z^w5Cj*TW2ebaJ+=$Ms$xAQ zGXwU^fQ|uv{D~+FSt2%zmJth59VhuQSaTw8KNXI=G7+kiJgtCGC)+42 z7L0UGx@(gw-N;!;gx~6%0DkNOMXyXa$Bb}G0WR8b9{2%7YWJQqkmor z=*E_&6{HP_V)E@1KL}v6){?J~O(DsWS~mNxAmNeuR{MeyubV_*j1OSw(C1Ec zj`**Xgw(%M62k}SmC888@=}Q(ZmR1%ZuRGn+D{4ny!VwDr9(I~n#>+l`47}}%y+o8 zJ_7-pr*IiQb3X4ALO(s%dYq@YsVAD44~V)Q&2eN|4x<@H6_XGC=q|&3G?FT^VgpeW zY!4Xygdd8;ud8R-R+@4$XiMtlUy}1a$;p@19Kp{>c)CcJ#g_B=jnUOHK9K^WaxZA+ zlt_zbT<%I7VwsUtfqityV56cZ89+G6;348d9UCjrN;PnfH+CR?n$L_OG4mwx)YlkW zxM61I`N9FUT1EhmQ9`%zqJ|_VreysHG+92>aykoaOX#iuXD&0 z#dH`TbbYF?C5v=f^8NKfuYNu|!H*0-vP0};QLb!~aVP11VvX5=kJvtD$?9v<*8*uR ztn=M@heI0sJWKxUTX(GJ?nit(;rJc;tOaQ(r27q2QD6{}-2RexXsG*t#UXZ~PdXA8 zb0YJ&+q1-9im3A=y)hT#mmexN06TLY=2+hTNki<$ilqQ)h$IejhiUXSy_k8w>be;x zz8yW{0KsZeve2KW2e~hWN!dbbq4|Z!JmYEYcND zGrkvz;+cdGJIe1laKJ5s#!(_JY(5X2E*`(no%+q79GCPiEJ>Go4 zqWWDOx?X%J3I;j5<#EN>DXnfIaZ@yieTj`FmEw>|P?%!-b)dKq`{xC@CB64{z|33J zcTylI@~kf;qn}!I#&cVA9t+oKpR3|&JCV(sC2Z02Rl?SQC5=x+nyL6%s`5NNbfoHsHTefkvW%RMRP*2xj?Lac;_l* z%V<#92O?~jm@)b-@9A*6t1jcJbgJ#}IuZXW@s9$x#RNQ@*wVBra@=X{?w5?LnE`op z`qMvlLr}!(bh%!n5^mtRmAnk~I*UN6rMG-1{aj!=H|HzxfhQjALAvRJ2P5Z7@Bc$C z!q@I}|Kj1QwaVZ|_+I{|`QhSlqclppd{EZKRoRmG?B!lU8}2hr0aN--5(G!w~-V5D;1JfizM|^J^^+W&#OY@LHYU0e%9-w z5a*97nlg~U&0eKmW9^c+PQWqX#OSwPDE|*u48T)uC~W?x$zzFsM6t3t@^=;S(ZORw zgB2k*`1)wiLks&;So8kyx$~b{JA8kYF5-e0H1mWiMY63$Z%0 zb*PTcw}*$-n|Q`m}Zb6!7WyS&(XAaHR|}4O%{1Snolx zY!u8~b$R9t<3Akpe3w&xb9Nw5ywF9VtHJ*YM%kv#c%>zx#<~aSMv3bIn7CbY{H&Lg zQ1#JRlZOwnH7YsA|Bg#Ymc(L*Kbm#yvgc=8LP?WVrq|wdHI6(F&k#z;*-pnmV+OQX zBa)B22HLfu@IO#$+5G<#N)61K-}V7)&D@$Fjt_S*$iHJ+TK*f;vI{0Q_^gz8GFLVN zyq*Bp6AAl?IH2(kIsO|54Tlgat$#(KwBxvfGnx?)BA*n+0--YX{y3kGe<;oH|Ne6W z=Jc3*DVr_wwoSLsn~$SyLzY@|rb_QHo9|DS#w@3%1tm-MJrni4wmrpi0ElqQ++ry! zJly{0#{3$dxc*gcR0`BJl3zdn4CP;%IbMDPzcZXF-jS-^8-RTyEFU=n=9*sjGyC~` zm0Wn@njcIA7lmKe&^TZ>1N@-RiLXS4vg4|MwYqqj&D}cgmZs!H`x->w06+Aj60qVI z7qgH)d-mRQ^iK`h!94HFW#h;{hJO36n?iog4PbxR|4l--?ANgSKgDKcU$Flg>wkQk zIDvonDzgp$ZTeKZ_^0VpnsRcs(sQc~B_={1XfL~7&uiMKP_@YyNBMf46hI0G*4W9?K=@8BVAJV z+wz!O)+VWH%20_sGU#FHcWDH~sekP$A5khF!n-l}&CA0deHNZO=bTu< zy1W%ol24hlxquMj$`p*-mBcA@Dyn8B;^V^KdxXET2&CVs^sRZL=Z2<=$;o-ZyMD^7 zjAI2glsRtzlVhTsGx42_LE?a|vX%=|6Vy@jujMz85pMZaT*?K$;lx+Qve+*G>XWqx zA6JI>%xJmNw+SX!(GRp^oV8k6tDCxIudVnfmASxG&RKJQ!iT!CE`hSxOS%kg&Uk+H z-~pp2G2CnC2JBJ|(KYEkZBxijiQ+rvJZ0qKV;%AB?2{qX%v7tIMHjTmIsrLvPy;Z#J8Uj9nB1P?}E6+Wnx(0+k5%5y3gKtk7S%!#ROL)$0YXvy|?`W*RKx+4zaiZ zfH&*=oQB!Pv(4^KPix;2zsZOfjmPGsCqGl_oa~jddPN+QCfV@`tJp{(~ zWL5MNNMc*y7o&!QjA?G|#HR2(s0q#3^!f`^Dn+0sqS~AR@B?Q+8Ua6WCQw65!!$4= z_tk8}!L;1(8mVuZ3~IOdb&e^_DR&ED$N9hLixQ_5}xfmM>Q6tN2PnoZ$-vB zZ%(wazRQucBXb>R+Nl<*9^QSX`D}MV6NG#9eNG?Y`xmM?>tk|LnDUBicBPRp84xXq zYmonLW4?-&gGN&dl8uh8`R($D+hcx1zUx-Mr(Nq-wNL42?`f!vt#VlnuucJT=-JJ8 z8GsOPj8V%3ZXg3wD%#B=Y2RucH#rw$slsXScfXvZsUbSq6Pk=YUs44V5W@ll!SW`= z$k?PsijX>eMIr4Ct>gJZqc6b87fu5oQqS#jeqFpjN4psP(VY5Mqqs8HMY91K#l^IT zOHd)~{a5wgAO3!6nrbPblP22c5>7n-vhyxQNayVkvix|H9C@TnryN{)vV!A0FZGH{ z_{{=TylU&)m!{eh8)cVYquHpu-jSpYXTP^hJ`_Y#%bovx9-6h6Wqr9)R^gG$Ya?hL zKSswEXj&8}afNCQLXh|%*jOrff_8N?+Ull$AJF#cYOg&KF_}SNlgPR-ij=UhGI6<4 zf$XmTfNf4-KI+!5tX1$6z``|O7_Gths>MxQiaW^nb=HV!u&hMpqD*0K$oPFHyKL2f zk(MKRG6!;Q%9?3$jkA^3{DYdi3xU!0qV@PMG~oyh$po%<>q1;r#@Anb)m;vn+`X3D z6~l=ps!)V#jTuA><<=k)80<2XWAF<+I{Y=P+^t_ChVvrUlu`#EIhl_LRk_VYoLww@ z=@TQlx?d)0ibTVBI$XV2!n(` ze)Bo1XK>zHaCpTigdrrI-GFtoDd}~rjA6{3q;*KqIUsH3dHmA|dzOdC<0wmJovlPgjuutJ=0 zS{c>S`Br_(N5bS+5aC~DD?IF^axzI+o{g3T6j$^AXaEg3L&%Sxp7V1j00fn6ZnX>y zN%=M>-8s9ZLmUt12ot2Tu{?2mn(|ksH^^ zHG40BxJTM&I|cS8?LPkr73tYJANT=ccaD20CTSn$O>@zK(+(};#GYeM)rLqxyMy0( zYNfBBWzf&em_eosCS}a5Ncb#2&pat6h()ZP0}#$6>Yi3=PDN*us}-}KKNcI~`z2!( z^Ll+zGQq#9{ucPU8zEWx{)=OH%a=!#Y-iYe>_E8Ew7aTpep?*WfHXCAh;3of# z3oD#3LuN#}#{gT2 z)U({@ZUVYJId_n@D|{b3&E3}i{pS}kqIZtR=#sH^FZj`l?gkP!DYY?vbGk)w5d9jX zx8Qj9^CHO)gQj>hiI^g3oS>MOg1zzaZiq%52gnR+CY=%9!%UXo8gmft6o0A!h>=#_ zy5|ZBPu3SS6`N^glGCj_zHof49h}YF35w1{7N51`kisM-AWrP377%ziL(SEvJ&oGa zN2DhAj&)u8kO8V-@K@b#WY1dG3Nso517OdGzN1(fL6$8d&~DX-()-+DPVVfKHG@^6Qf14Xc>HHf-TZ(pKMB>+~OaqmiAl zr6$uRos_C;P|Wm|LsA7=UzwA1gQiVbFz()x%7TjC6OwHLpXg+$HXm%y7pv=8?}x7p zk@aNuEZ8W|5RK4Ako9#(5J<>xWBvB@5YgcXM^cEDl>C_UhHYF1r`zKlj+AnPC7H$C zW7kCY6}}1c@B+q^>*pKX{bS5i@!-58xpTajh`N2GFR1@Ev-Fv1_h{;|FaJF_f+(+& zh*H;GYu=j&;2K}V{BFoyK`|<(1}V584~0&x6K%}9^sfe_sCKDzWQq=rj9kk?;$ znG+xP5C7IO3Re+j*QiAyQ2h)Bm2}G23ZZz%UMID5ak_@$&8G|#?i`=yBn<1TZihS9c|k+g-YC)NQ=m znVQ|#pu{hsofm7ogFL*L_rbAgS-2N|AYN&i^*;A}n7!j1VK%Mj-?E>n!0{~d-7nfV zDAMvq9Og`Hm1qsntC?3%uRr3gX+8YRU8k+%)HHAB=Qu{cvL<;v6}q){RZWoCn&DtTmW(5_D?7A4q}O~LRjs|e?T5oUyAX}mUYwuy6V8+tJ-BKGkR-9^B5rG5s3-#!>^=*5Ovk9yK6cb{~_= z+X~!)MaSHGdei1oV>o*!@a>G+2GtO5w4SpS!gYXV8tn20v6hxKY~ESrFs!|AsVYME!gD zD#dm2rO(yfqkjZYg=PDl0zX5~rpL_TnlLxZ`RCr?t4RQJihzaBy!;Q`1_}q`Kynoi zF9qR3@XOktMvWa0S^WsQ>7`Jbx!Sxp^NjLursXGNY)z(*9T%SGci_1X*-82tDy2FN zQ5Cl@xTz$sX8I#*fEZa9Cg1wKbWO)IGwu6H2RL&GNv*y zb@M262e$wVbHhBQ)g|J|cvM`TC#}(Ez9@U3rtZz(WslZ}2%2df?p^IIJrkujfzH9-%%X-4X$J@5U2Nc*n#sl$=NsBT=iZo zI=qRqv=h`cvv(ywHR=;LTYR#5`8P31v0=d~D{SOUFpvDP;d-pf1e&q{$RvK>^d8<8 zp7V(uPQ?r_YwoPQLF=E#f%v0R;(gB$@QXp82kgDAFokM|lelfiQWzET=zzwt_b@TX zuVx+sVyJR}r6bJ6_g%MXyMjGr2sS?AG!H#666-fEeycWosyEzvKTq&4J~MM=vHNe{zE`iqR8+?r+D9=z`&) zvys!!Xq0B%wQ*k&%DJqqd&M2chLEC}0^?fvM;{hLTm7dDYyy5T>7}h+qwDeg9E?b9 z#P}I>JTF-FU;NeGT*(bU2o|`bs5yk(w@HWnF>iMzX+<$90YZ>6xk$O32oGy3IGyHr z0Jh|Ga;HXcUi@86+WXsKkmm8W6CpRk@(XyqQggHZ**fi$8_i}xiiol-npyE{y~Muj$e&muS`3Pgle3DG!dNVcW+Yl=;5aIwnLl&FTh!zU+OPzDq2!1*mc&{B zOghlS$un;iqaJ-hw5Cg}rf~02%{K9vE+Pec6znPvc==vtjR7+mfrXQI+OhV#-_79@ zmtJ1n9vuztmxVHm`Ru;qs8sUb)fjDN0;@*T?8Hu~l)Diwml<7k1o~&1RWJ3nt)_>i zmWbpzXvE@o`^VtGS0?N7;qf_TRCJ>^yXGUmc$7P(|69be*M;b zM;6Xr>IQT-Q`lY*scmv)zhB)`EP8L$J^vUO(s+p#zM`(jJ|U1VuFo;i$N$uEB`fCi zjDlF8FAD7*Du z|BEY296+!v(7px-%Z6MGTB|wLL5gtIty}6v$lQtM0TbW*tO5o>0ALTK#qn75dpz$d z%+}PLJNXz65ayEW;MLZ69;D%PyByZSg_l>5k$yG)9AR!wmO_48eX@^0<~C%Xflz(y zL^p!E8}*UZ=S06FR{={yn2{{2JOcC)=`qm})~dv~676bdu5mE`kk?#V!12|W8_F*o zi11yX9S`rfeM1KSP6W5@PCyZ=VWQk?L4s($AaUaCD(-_To~Mb%G-pqBPAi)olh3b) zMX??F{bo4Tuy|V4{)nXQsho1PbHoomGv&w5-W>ZbHbu|UN7Zts{t+@AiD|`cdG$y; z4PQ9?;-Y_Pl!Vq(R-Kq(jU;<9zc|bh@LL~zLrkSa(MM4Jp`PQgCGT773DggeB@d}v6CYT7 z$Sdlc+`zm|TuOG;GS6Fh)ncL)51=2roUb2hVcca=y3iERZD^L|tJhgk#e00;vdeo8 zz`sL#pT9!kHge2<(x};5`#VbBCo2XsGM&|K^zoX_z-IHaU%!T)Xks3AV;lr5d^@zP zTkPKTmeF@b&p(HG>gw&t>jz{q@?3I*yJZ6b)T zxbHg&3wHjqOnl$w<3@QU$Gk8Vth1|$SuaPnJk1l<3+r>+w1^20is;m9nPJ47e1gmG8Xc12oJr@x_u;|N$+m2tMS9kh;(8rqi zWCV(lmz&Nt?PLoVW(vQw4f0S)PD&@dTE_RhlnEifrcj_kC2rD5e`zsuniaU)?^_5K z$T%nM7{Pkv!1smE^krl5(@zhY`u_bP#!B@&*wsklvy)sEH2tg3J|x)*2|X1Sk`sRC zkn~p98T5>Ivb-Bo73=eh54jfe(0$kw*~ORETl=g;_|_to{i-tc@VXqeQ;uMJuRXD< zq5RyZ*ojH>Mf{6E43~1pP>~ASz^sU|($yJ#0y(MjGNm4$D1foUf%FXz{u+nn=RPRZ9u%XDv1Ncq>-m= zY7*cu=w8stJet2fX~z1)Mp(Jm{Pd^$bevl6@7mt`;B|r9W(AYX$W0pKCc~taueI(0 z46|zeR1(rWL7Cw7E4OC!!*NkCoSfGm`r|zfv9F$_*>_4b>S^*FJWH%d-^0 z{b%~aWs$UrgO+p?KX4F1p_Q_6aq8xBi5^{EDx~|-MGc0#M`y80i77aQHXgj6tm%kL zmL$YH_-d-yZ*9VWv+xQy3j-c8!-xWi^uPN)HyYLTiu1Q2EB+_J<@yCdigbI7!uSWdvDJJOiXb9MK*K{`zI_b0hMjDQbDE7tqwtm>X zAapC_$+rFQ@A~x>UKYg)rq66cb?qiy?@NbVM#f@Kr|^WNp*{F7eP;~N-w)32wRLo3 z>YbfAqbg zqCzb7YJh!AudzEd{mkare17@Jc7g22?zwx*lv#$THsY=-RWgP14RG4-@%3dU7#?faoVj%v7?ZmDcqv~u1}V=;S#h;&5`KE!h=TBx zOg~yAB9bI|DA(%tUj#VFJdh^>Apva+!$Xl~>A zeEC}MQX)*~Vw5o^q6d=d5isQQS&AYde@gHM7Okkzzn`>tw)tzgN4V$nH6%pGdlV4u z2w!|3wYvFkEVhrd_rsWMfOpYds|-+CWm7NW`Zn+YNL>isA; z6xLNr%Ws}8!POe|*A4GDAg!95mg)t)sUz%+(weS(2s`}j?|mQ`;W5`^2#C5bqSNyI zUZj8tQj+)QQlKO}ZHpj+S2oZ847|}I4P;x%o3BrxT^ATiIUE|+cEGc+ ze{SY~j;{^l5Q-eBvTO3{XwnwjI+fe?en5#&;6%n9cnzreJ8IyAIOf}{)CXRDEcj!o z+2IGL?nZP7Ygt2UfVJUKcpuTVd&M7kZi%;hy|2R_(TPBXjjWy3(B*E0QR!)<1CQE6 zI;dO2;*Agr<9Ap`r4aN`Ey?&Za*T|jz=!F0@$kN0$ub{D ztGQfx(-q-_NDMoLB>hiQm8C*(bd%ON>8Q!!BC3(sCD#LVJ@HTwpO@?L{? zRWVfaz~?7D-vx%M`&Dg*CH*te?DsF9DADzbi@6s~v3t0CR6YCHD;2%@ilw@A`4W4> z{7(0o;vwy5Oq%w9^XgC>lBM9xTqx4cyo`Zd(TJQv%J&#AdV$eEUM$(fppD?k^lIDh zZlQORn;^F8T;5b)n9STEG6H|=8JRxg)n=+&EBgb_P<@E7Vsv!$*>omQn3n1nr%{WP zEPYJ&Q!)fP1sfKredjOQE_uSnth*mQ;!=@3dnE?+dUHUiG(=y$SSrlCYkyCC>!95F z)>DflV)!SxP0Y7NwoZO~NOciA4do?P-uAK}-< zFnasqRpF-y#gw=PP$mm(9_0#e;_!xz$s%at%;v zt$;&WupAR*Hg-zIDT-~UuZstl-X-2Arz>jva3fez!R9?nXCWk+NDmuonR3n#k}KA- z@k>L9qkHCYW}K0Q?+d3g`qXU<#JeVhW_ee>wGuP$oyw|?4RK0w_j<{Wu33z1SzZ2U z=Aj?coAi)`F%^$8vFJ@6v}sJ4?fH4UH)P`~&*_>t0ChS)d}9MYTWx^I((g!6I&>}#%&1ilJLPNhjKlDn>w52g88Gpi~HR7y8N)RwosNK0nh>yHEZdea!x&5mWxYwG5ri?Q_Q}p8W8H z143;JleazUjQP*fz&y=S&WRefn>V@mS%&Mp% zVNWb+dPK~_SS~&f+zX9*Rj+06&{JkiZSDLL?q2y(n4EjEgJ(|a=o4Mw`6e%*p7hS%;6_2>ps=wn}o^+Xu0fzNj-t z)%s4`51Y-Gt33UL{r%oz_xoVwedVmmjNmh323)JDgIJ#uF~VV$$XtBmMM@Z^_K1Gx z%~Vh1RE$Cp7ncW=Q**zTomZ><+*h%3Odz_~l*U)o<_qGrj z6D{*lRWrUV0*{$Bab9E1wXGg~R%wcNPrbx(_iJhH?#<^^7%fxhgO)I-OONy#84sX) zE%!arkBMOrm?TU-fNH(x-E&S-e3IFH*j*0y^F|924@*>hipk>k8_`P-XJx8Q{>bdf zs3mq&^uFOpZyW}f;jtmY0*x3bE1oSC{z89MRRbmn#W6RJBS*jDw586#opccYgi(Pa zcT~jA)y&xWXSidF)pq|SGonzwu7~~wZqz8&xA|iw?S(q#;)yofU};f;f^iQ0x$@5P z(|e_=3q}9?H*aaYEpxetAgeE(lO^{2@evG7zXIoPS-a;X=}M<>3hbE~(M7Y4a7<$} zxA%*1$TB7|Rv^05Z1Y&ZDxrw<#7$3|UJY#SwY-Gc_mEC2?j~6O%8# z=gt(%LzK5OW>y!qiG5i0G0RT7;&(etM`@n3mwr1yU$DY?J=&@T>&@O%RS3t7p$tPL>CSTTn^v4`3 zT01y`+xBzFLDR0y?CpihDvuzYL(>}!ntUl*u@_8+0;5C;g>lG4QZ+`SR>#Z|P&&s% zI$ZXzwRPGd#GBFBoPjTfLyE7|1LmI=_oBRYS?SORczx*dO0uyKHA=|2`t?}o2Ae@T z(ZeI?%63I4NfALgAKPZX=BA&=EGzSQO3b~3^PY2F`xy+=v9SXUb3fZQwD~R66@8DjolXtQ_yU_jO_nuSWW*3BAbG{50ZK*H0CM zrUe>fbE+UAZomj@?%3 zTwduBf)#Puyv}sVQB83KEVSog+F$Ty>Gl}5-GV}yo|FVaZ6$EB zOx;Z^`o91ds?^&){e-9!ME4@D5Q{`*=`~EJ@ImC`VYJS}!WZ9wEwQnyj|+$5sB^Nb z=>k?YN(V;#IyGUT4MKj~;ls%lctP>~cOLW~TwlYLc&+AY4U)!%DJp0aoNXkNzwUK{f?4KwahM)8^9>?*3v5nwkwV&6e$otqUQo$>vFhbRj{Xjr9+n zx05wh67Cz^qG1HF@4XaGlam7}yci%u{YG)uxl`A~!qM$-E5CUhz25rPL0S+KP4(LA zs~JnghKG#P;+4n}Gx4@ZY8}QJFNZt_$#_Vyg6>uD8%;sBre9IQ!U7-(d%8(|^IlTv zYX^Vebk}LEzA%-UydY0g#5x16J!CDmyRd_;dyR*q6oW2QMw$V~zwkNpu`;3)7Sxzd6eQS&gUR5093DO|5`~Y(0izdE;;V~X4KSoz{kGI$m$KJLq+~j23S%6YycOMCcaIUu@V_s;m}a@Z2Zb~*x~3A9FwBdU z!dzQH^F9PNEmJph57hIF9?cK;ho0Omw=H%+6w;7d-{iShZ zx4)?9eG)xhqK@xFj7Zx2ChVMuZ|D7p*0bHwX)#3)XCe>dMY2c3F=XxRlngFbPuFgG zN+E08XGGnq@#PMs0-LFjwZmasKNcuAk!vP-CudFBvVy1d7RYv5==0EUZL0LX7|Wp- z^!j^`39D(A?F&*9`{t!?zVfroxQ{QV%632Znw_stM8Wuv=3Xg7y{4F4+6*>judasr zD;K>@>^}x{klj3gpfvUx2w^88hQ9nEgYZkCt<@CJ(fhU_tNO*hkqckE`)WX^-Yi|U zeiy9lT3lMJyBD~dZ}b_Q6S_`50%Tug%;2DWHTSbXY^ofL)V$Fiq3f)ZW4CLS;gPF| z;XFF_^9EDkh4^h=ZvuAT%$PkL8TJCC^ocDR9EB)=87O_usI?V#se-6Y0^NR$fGirW zOE^b?3!|p+0d?LDx14&-qp$Wd10&RK*A_8h7+AV_-xvpmfbbf%@#Vpvfv>u{`Z(_B z zHFb)#toQvJZNPK@5Ou%W5Mw=oe^G+x^x*Z%2nbIRLp%W|tkHkc)Q42xs6q#^VeXF5 zVe;$_y40UNz#}Ri|JC9bbpQV}v>TQeQEg1MKK!@amHpB0fwn@d{$69bN7E10ait@7 ztz$TFlPj{(bnH!77$%?nsvn=jsV~*-mzJ|^(5Nh^xoU%W0R99#n(z$)&6VaUrr+&g zShMB6ljYhXQxL9eK;n)-M=Cw9lN8Jd5XaaZ5(?bIPwv;MOHQ7$^)S8;SW~?5+b+ZK zZ5Wa)kAvu9-JIWls^?x)`9yi|1+_yvU{UbrwmTP$gOB_} zafI`}X#OTULYPTj8s6e`-GE($zzrb_!89C00bpivHuPYz>K3V)PyYYd+T zh&J}Bzw2drH@&u9v*boVYQ&{$WTyL2B3H;(eKc?iq5G?iFX`v+@<|Fic9{%C7wXou zWZyW>y6VAAg58aF5Rt4^L-7uxw;vs92Sz5j-XsPS)zgeN#x9bH!yBR;@(Y% zc)6QfXpV%9@X8mtlrrPS42{j;jgArOg%RX$g`~{0kt#Kg>*jd4zeB5}O(~Y@m|2a! z|C+XoO-u~|L@Wy$U2}4*gTz*89J7<9V}_L)4VwJN{8RG5qVIt>UBGfURFE}Cgz?mZ zTgnGqnYEC$;S$4&rD_n~FgYibp6U)bOHO_^D`XOwm(%U!w=gRk4jgA6EFqZPj@i0- ztta`cp6mRdvVRmLZW8altz4a!t(J$LT4d*qp}H`dnqR1Zw^R7)fdAUvl;mcO$qZ?Y zICZq<_0JS(%57qEx~SFTgfYjMSEMef=@Tj+c&(=n2p^s;SkUaT2fUs?)LnUm(D4}f za_qoNW!__F^0d#@%c-#uC5k{-CR5ma!ToX~{c1%NUwgsQn#nAf&DF|Jdlzi-()ly% zM{OvF>=D9Qj0!GpC~3_uWaR(h?7idJe*gAw9a=4lYEiRR)mGISjc9GPYLAc@wTs%D z4zr4?RTQ=Ns!d31m)f&dtO#Onk;MI`pYJuk*Y$hczx&Q#{=g&eypx>g@p>M|aTX8k zVZ{x8n^du zr4v{s*CT9s$NuERwJIvRsrKVBCyx!9K9k{A!=?8AbLlQNp9e_y5l55h!b_uE za3{BjcC|bo0n)0lNBm7U;^KE6q{mkq4Zzm~lcK3CGb?hL1jB(%2JjMPM5RJ`G!)zo zUB1k-9Wp3;68(5_CUE+jD=gJH*YNiA_1ejH%B*z#jnebmZ?kAg>723{7~UWE01`oY zH+Csh{X<0;{D}HT+5M4_z!0`Q%G0-@S=lMdk7(hDuN%&EtDK*6y0IM1YT-B2szy`~ zB>Dm$3Rsxx2E1x9omcWwQ)*P@8fk%;XGstJ?7pPu!#V5*n`{tjwdje7DDvx$YzVm2 zPjNWp$k(W_aYEw*whTyHZklk?_?q$klf7O{Js~w)d1RyCw1dd z80^zPeXjK%MRc^ij^~X}zz6!W7DotC>trE>!b}?6OOHBc!5k7Fm+xG(qZ@GSjr!nF zv1!QsM)K;}ME>@S&o^p;XXA$sceN}DH>vNR{O78c9ShYS2Qf|=T&5X)$v263Cz4YI=XzDw#4pc6wwzJMWKeS~mQ(C3B!3mL+e_CewgN zIu0>>Hm)LTd=waV1EV{Kzw6sL#Dg&oSWGX&Z4T;|4@7aP2 z6(mPl&MRJj6lCR}kT`cJ*tjix|0;YFm*aU$HvPHkLKTxTV@+DXExg62VrK0x+&e&keDt7bOu4gw6GCbebJbXzt zl~(^@qcLrBHft-ZUG~w|^6Mj4XWuz9YhDpKetL0B&zqlQzBN`BEm~U3wGRn)VY~Cw z<61hr8r5J)C@yH zq;J`1O&_;b4I)$u-^z_L-V-i@kknO`_a|}jd;Wai7@rXO6q;Q{ogn*_ASo-gBqC`C zSE;CYYDYcM{oZrDoch+xwfWll52+0ttq#V)rbcd6IEvARZh>T@Sn zc0(+pe>Gd-U-0#{!n$ZpFR-O&TpX*ev5fg^=+m^^tkV{dQ3c~ z%Q;ahpI@N;VhnIn)s3`UX==M4>Y>qd+ipBu*Vk{k0Y`-trzw#+k;mqWY{>)! z$hMpnl{66rTBq{#e+t~ua3D#thW9xzRML!dQ2o`VfB`8sZDV= z3Mlfcg9eHmdr*&fQqYgU0^tjJ#DbmSe9465J43)h+~$cnmfXEM%f1G*(dA_V>9Zfg z`y%)+Bf5=H@LJ8eqQYV`KuBjdRSGZh@H>@IEj^+(|LK!3OH6*cPA4g_d7NQ@QckKx zjX*n0eK(vF`&%|VT9Ff11_DLL`0&U`Kc!T)ad}{@AAIF6&;u{l0Vm=ezn$%EnBl8& zkf>y?06k8?Xp;oHo^17RygMZN1VFw)!yl2SPxIBo%Q^K310S$l?Hz2tqSUVp5obR> zG%!@(Q!iZE&4_7YnSrUN2*>0oB9#gYXbmB+C>SJTdZ|NjZC|44zywQ14 z=8K8GM@;KedIeB+fCyhMa}Yk=J2y@i~Bls+hguV%+D@>8f&y7AD2OJ zco>aO<0hEjNVPTyy1D5Os|DPwzNLpXr_XBD_q+jz=Anb{vELjGu#J8SCtxuU=igcg zz4cuyDe86i2H zG|gBayVl)OmX5w4Pp{qGp7GLsp=|2HOlWS6Q2Xdx0w%-e+DoR6p)pKHY-+$O3EIAH z@XrZ7uQWWq_{Z4=NB!_q+Vu#Ub1^4nyG&$KGmA(BK5_t}n>p=xRZhWoIFCHnh=OJR zLZ^Nk$muM=$MytOoLWO@@-I56+tw{emFz*vq6heVDNDMeapJ;0bT%ksa(=ikTo)Ej zUNeUN#Pa+&!cMTK>e_9!$XO>c3ju+y^x2>LYiiUfpD!3Wg}Lm+*w54rX%7b1Q)ueF z|5ig`ULq)dONy?p)#2SJjewkP-=;zo=3>e+gHvp#R`!GR_5ElX&?fZN-tht1m=m9$ z?OvWm&znM{9QYcw^KDx>`7c$n3~u>`vj_8imClVt1G3MC!?z6~j5X;2mp7Crc(5fx zDddJaLr;P1;nmV#g@NF4azHtAEn6Xv!TTImGzV(|3r}F_X+C|KGY949K%mz4|AM_X zT1=<(hLZ^b3AdJau*zm< zM^o#$puB+nZ1nO-f|Ou2?3-T6>7B-%LE06cu|Ixc4n_gc>)zFWb`ScE9W^ch^OiNv zE|hRYRFv|w%_qRV1pn2q%J=o_{?P-HsT+RP6hyRj*Nu7jHD(?(XM5dKugF9L{Ir(* z4GM7W{&;ID%719%x!p#Kdg0GPgFoB96Dj=%M-}q~0ZQ~OCrdN%%S1#5Z_a@4{|iv9 zX*m1Oz&L@@q|O82n0zyvejU`Vo9{U#aI*@5CqmPQ{UL!T-(ItPt6`?vNbgv&S5O;Z zkg6|{1}^6BgSBjGQ}}eNrz5*e9ea!U1aYu)yZ%&<-VAu*f7~UTbnbImuGm5c5YQ0+ zy1ytJ*!$c#+xrxM=3DbZHavd2bf>CdgO$E?Kft3F!jLPo@aWjju&%U(+}QOI6ptlJ z4E7qCS-L}|fc#K^FC-kG_*s#xc&DIWZuyTLcA^q=x_wq%Ww5IptT$XzNWN#;!$)*;(w8FH$Z73TB)g%n&@?}2y^ZZ*&BE|}9wm#I|dPppI~Gl*y==Hyx04*F(i zAA~tSN!mNHL^r z#HCSD0 z4`4S2y2t|3?%8>rEWAEUT;2~~gZ?>ZbBQnB70_EX9>$0U#LC9dHW=YKO0Y1Fc0 zqW}kcG{j#VK7x35cEiLxe*o`WKxkh@+-iodae>+0OEnr^WGEe{44k9NnP@AH=?O-S zDjtrAYc$2|u4*5iMiDSBA{A_x`{rXMA_p74%W6v~TPe#b>lqc~Duzpo++OWYwYC+| zY6N9pHUoHNOtal$COp-pxjDKmE- zM-#-ZGGcB&){zi4_6xTlh87@zRMpf5&7;5tzP?Et+}tvpa?nZ}(Y5P3jc^FLVCdJV zh>}0IjVzwucdU6%jQ34ntu5W_$Q~nCzw=>~69)Tcy&qmbBuHOdJmvMr!+JkfU+vTo z!5`wsmu$WvBX8MM;F4~N3>>j zCi^S5ivDO_^9jJPDLkYN@{M7O?*N^&^fdsdX#xy7nT#5Zp3p42+|i36cP%CPlULMC zMO8-~C_T-abFUF6J_qPIQe2#l-Z0G7y1KYYDyQ$pbb z?m<~pO5E%{Nlwj%f8@TA=9y-?hdE)XPPV!?*hr?hro7?$YA-jfisf4HMBmS6OQ}Aa zIzAHSm9y%cHnI84X~M$Vj9zmgn_*R3zNIqR*}iM65K<(7i1_9V$aWodQx~?lmRC1) z0)q?vDqWh1YiI$$gva@!W8SNjsayS&zffLz4hniqq9<`Ue^&oDoV1hQ(uEbVr z{N0Y6zg>>=VTXA`YS2LtH6f34`%v$th@MTpd7m3iyY;JQxD@8QQYjHSr8gGEH;;1w zq%EFmMRXu~wqWaeHeFMqO1rz}Q{&I$;p2#V!3bF%wf0R~&VZNiTigDjemOmHhDQz{ zoPPRc9|Lu}TQTIGGI3lZEOCtG8WqB6dskVs41+a?<>LR`MK z27%Y`GVr-&XR)g6CY2RKOx9mOxL5@U$D5HS?xSJ+U-N%g`(9r|J^HQO_X0{G!w4=1 zFQmgt5n{_-$6GF3Pi!|3$%{=dl{R%ndcAen6$fK>) zL`9aMz0Tg{?Hw=AZh?}bu-UK!gL>@Ww&QFZj;Tee-E~^m1{&eAnWPyTkDH@4n!}&x ziv7GW(PdDg4?Uoc)-aNj;4M%LFdgipJKj_W1^Y2J`#lw@#WtV@ilKLJ;>}c;6ar+t zB+}J7%lN8M8Ub|++vBBnBUbEcWu#wZ_D8(7sBO4S_yZ%e`$ZGN8YkugD$Tmombg^#G&V=nI zqXP$BTF-9Y^w=RaDZ5cBZHf#2t(8+=uwqBZ+*O%smxq;Xt4}}hC5M`0Y<>!P7=@yP z&DD-W6~~QWY#n|p^%xGLmkvQWd7KMsT3qd~gM}fx`7tk`_x!wK!Vd1x@)e;Nf#c{R$JugEjXv*LxYnNVbgOTpO7GLdVCR2e-AK>+|u9Y^=r6=aLojUnPdYzv!FG z-1tS{1zSH^NS*vVg=PDc4~6-Q>2q+4Y8p1b*{)~5me{=ZTV&3_q@;In1?*zPhln<> zLXvgEGh5si*3FxBM~gb^w{z-#`5CgQZ+c1-TJsk~=%;ceD$6CFchn5(mi(JU7uF#) zl$zI|40^W=qt?#VN$T0HD_Hhu0Y!=?5rh?3{X71F#TX`3%DY->Yo1k^WRWUB-;?mNwl?+1 zqp6u*WTo_jbQ8x5cA_NQv&Sr{S`LP?rGR4+X$0FQQt6VQ3K-{_(D}@MSTP*N-23KH znoU<>bQ4^u_2lFGb2y2+2uZfuP`)-k7!{MlV(&5YKU<1PDp*V62o{FqeBYOZq7y=JWs)?8?O7vylw#Fz64yfS zz>)qpMImU@YHa_v)-7N4gWxC^&!Lkm57~N1WfN-QOx0?Rhp&wlQkKzsRGNkcE#fU$ z(ho(8%SU-Ib?IBz@&kA}*hgda(I;P;A{9rgS9!;tEs5zEf<(RsXw4tC;%i4T;*TE0 z{YozBFVL2SF)ca4E#{lQD1?V18_g#;)lGNhs(r(#rXC*2y_LF*WQ@XlKl6)F3kB`q za~{wKh<9Wvj%En5-dfp-p|(%ou*d+j4PEto*>5|jO-pn@arXUZ=;_4%{N@21#W0%U z(P-dMy!B#p@Foh?@{={`oBRjU{z$oYO*Xj|rr}q@8sBvdL zWC*lJ=j>?XtFZL@JEu{^{FQ-bk7nl|gFUFE_IrR;}^s zc3%9il)dgi(gr5={b)}OA-HF0Bskvy;7)BS182UU=no~l#3-!nTzN{?6w!UPcWZ{} zzae(>p~e}XH&&+fcd$iEIw59tYK3owf#JZ_*M5ps{2wiWkWzTa`Y!zSqJOSm?)wTyorO@l%T6ClwJi<1t6#i=>j zgV~)TpD0<&NN3Y!aZAU zNDT|-7Dx&Kb;CPBt$awy_awJPU!B6aCs`wF*;=~yJu^)Aj;Jx+vRP_-wO5N{7O!43 z2dAJO4VT~b^ICWEM9+JTb}xtv1aJWQlXMWd^yfqqhqazrTj^L(+EDoAb?L{)W%++N z`jGPc1<}f0fTMTDI_G1vSXG3IlF^;<%i7UVK}3roj%PCjzj?26^6q$QNqy+h0o5H^@Ld z)*`}E9LoN`w?hcrxp#=l)X)5CTYQHEsT-z()jQu!&VcRa4-W_Y2GjKEDoc~r27U+O zZ{W~qemD)*6KA<08OK(h%6HGL$ke%2;`PcNv0+U3>+NlN{yxVto{x>o`=N_+MjGO< z$l|tWtOoa#omH3~@E@J^1=m9CNSvKwY zy@F03CAO~L@+Zv6n>B-xPl6n(A{&R7qUp>@hv#f)dc2a>E53HjatGRxx>hfTDj4%z zE1^9B+2;8_+h<^Y2cv+3ybz|vrNW6jnUQ|=I`uEc`(n#-&M4?LFP4!#wNcP zf|z%#tCpS|(!SS|#}tl<6Lw zef(HdbY#Ya5$yX#z&Aslt z>VjPePLn6IAptaL6EadnS1%B{h@)Ps-M3hs>o574bH{2NsH)Z@6aBm?j!BXqL!mpYeGroRd z;uIx*NaOwlbmk4eN_y;E$0!CHe+ch0I~~mKd+u>K?NRt}c9tr6jE^Z$l8#Iqzd&@| z2uecR%*-faQirtg-)cTVv8;De`XVGN{br_)A1bVDb#kGAkno$ewd#N77+k=&DgxK0P0#urql7SNy3r-;_sBTydz!fd-{IkscH_Ea>qU;TKq54 zyO1Fkd#@!8ud#m|NH<3hyQT0{ak*;HMz9;naHb$6RnzYE=o#9kIgQjj9Yz{8sGtsv zhGAxw_ggF^nCtXFZL8tQ?zy*>8%e^ys>iQS)a z>R@tChl^}h_)_?f_bpp=)IU_( z^J218$Bce)52E{?2D^f=lTV;&2L#KODMxNmnTJ0a0zoNc^n7aYnQ1>e$Rsr*9o)xP zVxtbtT!%tPQU3J|TnDb_docQH?HJT2qUmIMb1(scL#bSZeK@>qnpU(%T&Kh{aMP<^ zhGfe-G3R15_4`u(VH+>X{Q;vKY^OxeNz12w(-EgvE1_Z&RJyJ{CV{QAP3M!gDS@sYEE_7w|t;fPkf@-U-x3&)+kDw#_)AvV7 zm?}_115%lOcFDjKz7MBjlEnU>LIVaZ6`g)-i5Fw?Q&QB`w^|h zO?a1T3$I}oO8ne|FWr(=d^mg?j!yE1F)nAj<{$U286s{%135#vp~U(tk+HnIMtJiT z+1mmxt-2KZ!njPA&r6!aVGjf1y;(Szl!_XQ_g7XOqmRt(uF`EUE$r4){<7l^#1DTk^PW7oGCnTZMXh;$|TaI9aT#DfKUJ94k>uwXU$EmUni03{U?#n2lb8rj8qPV zO1g13krLiUf6K6 zP}|yc-|p!qNbmjm*5@Lw{sddPKG8VOBC|JeX8Z3{v%8^XwCHbsje>}d=WJ&n0wTq2 zZ##JpCC_jW6WZH@B^K`fG82saZ#LX<740{4gicJ^tTVZuZeVyuasRCQtItdueY)!lsaLWjSuq&w?nII8o|ejCf#_|=4L1`v7tGrMn21Ov@e(Z`8MQa zPc(jp{m?I5lBEKn?h0G4y|1QW&{QkhshnGpXWsKBUbc;)$$AknAv#u<}^PQF$ z^nUS+?A|W2+xGiC0k|W2NuyGkk$3ht+?{>093b30)TBReUn%e`y%iC;UX zI(u@}pY-@;9LY^HTIzK?rAT0XT*r<-R{2sQzpNZhTq_vj>DjqOe>)84o0S&4_t2PD znai2)vNh{R_TQ8CYH&XlSHYpd0(1MXm1koRmFXzYwD`^;>(ozDPOD-OSKc+qFcfCG ze%-ZDhP7K!Z7HD!cfUu4esrf?jEovwZMXO%`W|^J>K$bOZ&JJ6lXx))snh$|?z<4l zJfU)0WuiCJXD-|KfmWt{GTVR5`kGTimMb`sVU*X;Ot*aZ0dIMavt3ZgqlEbTrOfZ{ z<)s@4?2C81I5+w3^jrG>&@}a=)4luSXdNzf`b02LTPB>BJ0*~~_j4yKQ(Q_Nnj=C* zo07ofZ#T7skmK9u52~@WIGjzNBJP<;EteduE@qrrDT#4CUzMZy*6lHlf0m(k)FWK) z;Ig|5c^=BhiD+P35xSL%@1zz~qD5Na%-wM{t)Oh>Yi1i(Z~@uE3~ct%`m#&|gDmaE zY`*4Kp?28;iMp4 z)7LOdY4bAiy1mRU#CG&={sVt?oYi}UjQom|OY0UdZq_Y`)F+8#UnVLW0`_UFcAoyr zfPs^Er(E#acsIY#3FKTW5EB#Ez0_as#JdnhW>w{Ap_b=l2(Jx_>Qv$qrQaVDs|RObSr%S;qj zwW7FYD2&~1sj_RTcLmv(oOH}r?iHuls=t0Z3#naY0B`%j76aC!W;km$@v7j*(`#{e zBPslJcMC3Ec&stT_nPga)Ma@VO?%Qz17uRSowh_DETon%GLr_hO-k9^-rYSB*pk7_ z*VHzOy)cU#<~ry!Gmbxq&U5)LXniQEN`?Z=1d%XbvgR*`Gjf#hZ>FqL-bOPpxkp_I zB2L|fss6D-V2?VLWz)ka^91DGq)&o@OaYi1m%SuR8Gy6Z>F9y4-A?*c7U%}zl%UcK zWlKXIv4oV-{wrguHw$UVK|kC)j4tfY4tmrh(HA?yrq^Wv8(#TeZSB`r*>{C4nfF^- zjtq7?kDhP{bVr6FIGbS^Lpz&msdVvS}9jmFj3}I zyqB;uyo9l+-)yGrQz4UsblkF zndgflt7QZL_6MGh+AtHnF&&(|=8yL9S6C-+hf<`)>*<{)%<%G~bP2G=O?-f)#{%yr zX8LI7#2aaGh&%BPIK&}7PcrbbXtM(R@+E4242Jw{o{DX>O_MrF)HgCBGisRLz%O!1 zDXrU9C4C68+3OM+g)HaEyrpcAq=zgkmG(+I{`O&?t#g*~Y;S3ej4<^*J#yRjB%8Y& z@qJ@#<(lLMQ&gM}s$3{?*=VkmcJjZ=0s?cTF@0M#pWwX2h~xn_+{M z#Rf}{*14YKB8Z6Wuu8Jev`2L>{Pl__hzp)vDNcn;>|kq<&}fOx2HkQ!+@o5fYQh9< z0{>0GR5**|1o-{|a4B!_JxfbD6AT|)LMVoU)Q6YNS^PAQJwf<KND=UEUv2pgukb`1GO71BQp7KBy=S4?XmLf#u-x2u-|Y8h##^>FggLi{ zNnFkmw_JZ6NP3${?QFGBT#ff7Ig{o@FE13LAmg@2!-_4S(-z*j!eWs>9o72W0Chiq zya6KD{A4}Of~TtNYmV7N2R#pe;^5m!r|X{ybv`q7{s95cb!r|nZyz%D9agm6&h~1T zl2Y3q65iOR_nJ8XwU(omKIKmV8a)#dr{{7Efglaq6fPE^)%CY}4Y62}B*yR}HpGRVdx za}Ne`Y;(B;?E4ih45>$nQJZyfcLGMJdk|XL)mSw<2TRV{c;j5dZ_*>D8^z4DxiPsi zNw#JeL_NM|_Ljc*6q}{A8y7!u7`9|Tu=Cc)C$)A8mtt_BZm{7H(SDvd_AK#;UjFb5 zC#TelP&#H@!3;{(Anf;>s;Y(# zdMg=nTYzm^R>!GPf|-$Dy~m;;Avg95@8BPvfx);YX={=>G2?V9*30bkj{)_mR-Oz# zo#s`ZmpHWuA#X14qTK1d6x2iO|K_F<442O{Yd$2EK0M2u$+ef&1y(07yg z9}a!XVB!ZJ@vlvP=kaPEcj#m{vu-mypmk(fuuTiBj&aLL5!C(#^;23oI(+SB4C69A zB^*TC+rme`(!c~KAtAI+*Tc`ZQW&xp;}sNID-m8ys~d~zoyVwD|fD0V~pyZ?*t|@v7F+@gw@bqcT@d+0Zp0S zmA>)RFg(MXb>Qr?f7}fSecMpvbL7S7mh{?Xq#(Wa=+1CKD2tLBF4dcVembRv?}Z18 z-ib9jkn}3mHPbX$#%K4E2lb`_$9x0xt9<=QRV*I|#wTQVl}bWln_SEHGJn`hTzWsj#d{1jIUjO?oziwQ|FWwI=~+b8cwb>r=C~fY#j)d z`dTk0hr$}w&L114bZLcG-Vbo?+P-KJ#N(!Gc~K*QStfOdi=7nPqo*%eZ`M2TTijnU z45DtU{SbWlc1`^0(w!u0y z7B7@hFy|N>W`H2~po*4awerdg^K%G8#dn?AN>f^{WEY4b`QQHoW*S(5oY& zNd}4RHFXaVo%+O84H8u(S4WR|Z1-*6p>#v}(etYu_KOU>G=mPY$)>ZE{{Ae$XuNOr zW1__7Y-Lk6w))Lw-cy(jBOA6-#cLLla<}WSoM}a*ls%FzYl=vJ_KCatRL6gc>hO{T zGO7NLam%sDG(hoD^Ac~kpJ0>#$VMb%IOw{O87$Ig=x6cs{kHp!GPmV-�A50 z9|ut1*}0QX0f7?7`EFyxb1a&tdi90WYNz(wdN3ShkNxOwuRt>PyXA@fdW$uBuS&ID z?Q(cSupm<-Fik2+vvd=~=&Rc1C8Fil;vZ-KY)70g}w>H~( z)~gEi?VPRfxR6cY6vjS|HO`&7s8iFql4{=~QlIj;1Y!vAOFkEyB9sU2%rq{XGkHjh>Ti5*M+Fpr@X@k;EUn)&9jO-j>)kPQOg>Yxn-CWn zQpd-#*o4@-u`5wQPFX$ber$g}F!SZL>iVU`t|(X9p~`l3x-5ylS4PRE#P~h)5wD}~ zE$!1WoM%MTDoTeJy1WzMXd=5mXl5R3iOv)^gR>sz#+vj|F>Gdz)pfP%=;vV9_##rr zU@w8^JkEcpT8uNL#yRYlAKaw{_7^vR*bf+f%gn`s^I;)zA1jiAtdyT#al( zNlE^65#40R(`Mge?bkjL*`C)lK+2?k;h0A@{_b(QRwMHn&8W5qcVyvJDyu7$?Tg(2-TN@bB9Y>kpYi;Q)6qE$2mT+F>_=}Cs_`c=1geFB~L+^&N>jHMy z74SAwB{gx?glu?+Uk9AXCXPRz8|z^P@TG*gC#V_0Q%nMC^oe`E&-OPhfGk(VvuQx4 z_{c|vQup1@!7`087@CPXChuu(xWp0rws?XmePT@Id2PkBLc*52c$6{r#t++C${`wb zi^7@2JsLU>MBh&A6PcG#h*O4tZ+iUwS#LV*TjZ%Qr>D3XAxWiPcwGw+wf1u}29G|p zEtS46BMC2KZn%9w#I}J3Zpse=`u|dlQa=B!5IW5q!M~TKXO%9x)JU~uRL2ThFg5FF z7itQ?)mu+6-5`LJJFFN86`Vamsv0ITmpXvn|z-=rnE_t#FhN}{=%#O{_VQJ!i7ZxN!|pYzOs*d^lyg&+DLw=Ykh zn1tPsI-;5bs~k%1vCe_-PhDLuRtWT2cJiK#*4k^2Dk*#c{M`W?-(ok)dDhpoZwnlb zS55%)PEUIvi+kU^SHM+#UAuc$?p6C=lD|o}cVRxq*QZZ;$;$yDVM6IX>3m+SRYra0 zQ$L5N-^2ZmOmk|jsf)1wR8}P zE5B_>gi%VLSXEi>jCrd1pBk8jWqP%%3(|P3iWskd?zg;{=>PknAw|=}(*CbY6HP$> zXEA$}z({+Qh-L^zy+a#);LI_`O0CLne14`55s^EoFZw*NXr|7(CMgAW2NIf|TgAvL z5!yLQtBlErtfwQ9^gCnunm*06PSU?$ek`n*nJ0E{1pF;mt3+OYf!_m*r&LR@^g*QB zMZPcnGGKX}Bm%R^_iO*`NOf4nEhQ=GpzLQ@UPYQYW);PjRzb7U_qQr*zOSd~@>s>+ z4y{KwwpE%QLutX>n9#Y$VzIgVE~XNV;j(%!S!1xWd`!wI4c&7Euy$>Eg~q>4X=UC2 zKxo#R{~*zRz>R$?Gy%xt-sCr4F~pzzt(1BMZbKsY)h#|2KINiDR6(-jSaYruM7bNr z@{I2fWEuU)`>RVmk@5lb2D`EKV3GPNaVq&m2oq#CB{}_$pxLujHS7hx{lx2y#y3A% z@TO!};8JYuaC}Az%Tp>zI+*~+DI}F!l`sp(y8>~l2XEKLjHT0-l{<9NRE!pnhf9k; z61@zf{nb5RjWxRiyq$=y(w^xw`16KS18P1Dijyw%4(f%Auy z6b$NgcCVs%6&~^uKA}Wfdi`W;!=<}^fjY^=WOKzMioBf16d0?81vOS)f%JYIJESHm z3TB+Vt_pWoOC#;eFz7V1*^VT6$)u55SM7V@lM2odVodfzAt>f0%c3c%l`>bW5jsbB za&;^&ID6*8>)D9j=N*!VQ|vXk!%G*>$2|uB6bw=LH*=Dl%oL|}P0uh$-RhwE5I&q= zZ6p05%EpjIdE+>9O+G0&` zsO%ayKk&@I8#^jioD0b||H3+cO$bKZy|`H5N9ZR|0$RFihI!@XIqRoD81p-4tM*CdX;tg2?V$1#4?-hR9m zTm;fFx|oc(1tGlN550T4-lsstjkz=pC{0bg@}%KYmp1tAF1AUeQEtQ#PINaM=^JEN zd>z$cH(ZH=d{D_(VP_jM1YDf?RpBXTwW+)BUK1v+Trb(A@&m!y@yk`!^>n!_MQ$A3 znK>48LWf}wN2`|&SEq7Ie>=UyR@KyC9^EFgIm$+Ec@K!5wqh~~PG4PU15)pCajldq zu;_rnJ*@uaZ-?qrE1Tl&p>dSQjIj2xsXc~^U-;wI_fa4vbH z@vAMkQ*UxA5*kuKMb)E4*~z5-^z1ENWG#5rH9&#s+8?ls8p%P}(Itln+xhV+u3p1Q zHmgDxr4Pba_w5`vWBG}HR6F%G9u`QZJTTl+h!Qyxjpg`3-s}MR1I!5MOAZEluhI5i zzImAVFCu-?c`uAv4-mJzZ}ll)BE0o_HW9iuE6(GJ(}i{-?$Xn@+K@kFsO=1WnRxh7 z=FMEt3|RMP=n!JyWi{Il3+fWp=yNS7TN`K08)-hI6q9 zI-nM%{YSBtrZ%);&@?DclgMt=fr2>+*3Z1h7v6K{mvb?(-sA@tzSK$S*%Oo)P^a?? z&!&||*~e5Zkucr`tQidW{Tol|kDBli*@vBeNVC2UEFM%}>TYx^H;?b-q>gLLWQ_Lu zQ1wb zVN?*WXsaBQ5w-JWivbf6p`q@5a@lFejS)CrbI_O)t!-p3Or3K??00N3nA6=5EQSYN z4r*iyLp>M-$K$%|cQE()b800TgTASGA*D7qUFaJ5hnpVxNk$f(ap8bvzEJ-{+E`3F z{BAe>QDMCeU8%kP{J7*PNwc7{>YEu_v(}c^0oSotfKxbT5h-VmhyRh>bflcAV)2^i zT$w-l81Q>zv=}nDU-7(xupA8x5vzE*l18&0V*59)3JM+ zm{z)A;Y;PzKNDn{kAFiFSN~~NL#C7S4CFHk-Y+a#r{XPnsx0+^<>~^@KUVSIDFGB2 zo4emY&|JBc=_gwxk&hlFu}3b;0I(ds8Oy5jUozoeT+Tyh9pIX>!`^V!^XgizSxDWj z!nvL&|2=!1liYZ7a67%v7V38Q$Gz1`dY%e8^SMjn6y>9%7Y(40vLY$A!F~1GV2dZa z(Za^5mjsA6E|0{G&HNk$-*i(uAhsWGycY~V{*7yXN!i|+CeQM_!Rm~NUf;%DbG+~V zvPshXw)ubLt3OoU&z&m&-Y1+g|2P9EDUk0|$O+~!BZ~p56uSu_;GWbXQ2&}9R(%xMJ$h;l|bM$5!Cmf=>@=vAP@br-^ejgX6(~& zeA4N5#|Retz~qK`#SYN_e7=jhO|S~6QaXL9Qr8@i9RQ5ZYfg93%j;2K1*wjWa`f`s z4zOU&nZ5Kn(3A9k)Rm(K=$4VPY{eq3aHUI{d;C2^Z~^QUP8o2sYn2>af}wJif;xds z1G}Nbwr<`AnR@j&ZExffE$H@NLdrK`6MxT=yYidM-7?KKjz|k@2iR z0;}K&vA=0X#N$L-okcwKjE=rPr=ycSuzCKnJR3aSJv%rjS=3ay+AdIgL<(#v|57}k zGyt+;e_N$SZ@8Rp+{5pqXOtw#nD;6l+Oh%8Zmi{tz&k;)Sji+g(JsmCdtI&ExEkLkuGIdi+2msUMwvJ+LXr zU0QsBn^opnyJu}brzs6tb~64(&9qJ`@|iJ(C#;KM;rO6SxjJrqd3XH|!C8sVFI_wT zKT^)En_0JqW4;;*PUI<%T&$r*kZj9ms@#%oq${mzD-S1p=CFHmn0>U0jTgc>tEpZB z8WosB0x{eD;$=_%;zmXGh*!ij*!A@F-KE|%@#i55VD6|h;%nvNq6M(xxt5TXW-i;k z@+fe=FDR8T{Lq!K@Nl(LrE#N&E#QCDV##=EOo3cN<8u%4?_VN%MV>0)lC=EUg;maf zfK_l1$_TU#kRz;v&O0psKO)Og4S@t3Utgo^-pK6-Cm8fvA!?Io{wMyO8>?iQkI2f$ z%F0y--j>4)bf1iZ1mfcFJ2C{ZTc`dST6>xqKtwc2&Ue`GTgrFWiF<9R=*#Iux85=V zW)pgLaM1g*K;Qn}(&NS`2Ra=$8@64<*2Oe)c(<7N<(0}!YuT=R_vgc#}w5ByfcfwL*&)Dh_ zdwO=+xiwgMV2jU#%DUtdW4*;{xM1h!)d&kN_}o_%Hn0`nq4GbS|NaT;+M3a=n%7Y> zC^?RxBtnXdm6Yc zKT7(Vm-zmHZW3~&qea6geo(LhTMJ;*96RE5T*H@n<}beX%a(%SX3`m*qO;;Mp_yHF z>3N$EVBvgwtn#Y-Owqpo!1_wQEUY8d4^V-<04lJTQ{9MsNYvT!l(sgb+GweN{{ZjS zS>$4|<-6Lxh887j!3Bji&lRDm!OEn8QE)XP6?s+K0g`w$BSW%!8iyw4%1Wvz5bb3w z7D2LZmteL2s<3M53@|qCWy!Qbc?6xNl>H9H=On27l$w?Nr$LMmS*{*=EbF5yQt9F6 zCFT$6r^^OAf}92fo~aF#tE^|<(4Mhb-2%~B_%rPI)Ya*_CU5+>*XJ`?clrsD&Hx*A zGq9*R2A&Y`B!Fv+9laSloW3#5EZibm|1@kQF|fjzhaeOIKK!>@iK05>`^Vo`a^PW0 zC%d*y;Q{x42ZDYjwW8Mr%VINlF#wmx2LMJ<4_nI}p62{?73{W|`?vYi{UrA{=_?mB zla*OZH|hk!u!bKtY>c}1GuitSRo3fX)xoq^>f_6)_?TRO%kFA!O54Zw7rZ5+7#>${ zYa`Gr_jJC7t1iI&Uq)`!L(T+m8tum<`jbx1B#IJ)uWa3=rV&Be3@+p5g(2Y2%PsZo zg<9777qu;S!e7fq8QDf=hK(Dee*F`?U(fo!*VQF|pV+;vduZ1*i=GCY`TlnTPU(CB zPB#^Z%ya1{fq>7^)7v8Gzv~@G4<;f0@$|Oo+_z)(#wp*$kcDvx=U9Oe9woVV zFO)Xv=1rU(e;(z=FeyfjH|QmgF@%a(>JWV^b$1!p;clAWo_DeX?ZD+z6buU4D0a4f zm86BIOG`cO>2OvgGK}{ZPSJ~E3+R+^m#X$6AKV(vw=QxUup=J(y4+Dz^)|0=O#b;C zfLrEfotIj;kCZN_joyfQ7b;?XfqQWu;|4seW*UgBcIo8^ zsYmdln`jt!@qn%7e-q_VneL?8K%A0I5=mh$y@+O+25-ij^d8bWReJA$j&PGyIu$rR zM09bL8`6ZBM#qqH(Ub$|V(c=xfs}M`A=Al*9?jW#s0d>dN1qPWA+b#@b3E*2?u-_b zL=f*eH^yN6h-Q7I>q?6$jk@r+DOPlNhhIzd4FqKzKjp1Df$j~wfGD`&%WwU%{;C4$ z|IPho}m;mPSpG(3%POgEnPZZq!u2DFe8&-Jn%|PiEb`wa%T@Bhx57n=;)d&wE z@^^LbH8WRhnj)dK1xTS$vgcX*w^q4@)o$CkwgOU1rQ1HPT{9^afGH2kOI)n~u;>2r zM|F)dWJ$;29!elVDX!~Sz?!F-l$6lu)|0kud!PrCK7^E+Jcr2HRG-V+|B&)0_|w-{ zANPCL&buxzE@^;J3nF%NS<$RJt_Y zqxbZTFwG-iGaeVgwjUz~OCBA{AD4m-I3Fo#v03@2Of@RIJi$g*jb_%I>>=Dj_kF@H zc=IofT2B$k*IaCH@5cp29DE1;Zys3g^CmrOPm5|+96-&ALY~|E%`yzst#On!mrkEK zP0L0e$Hzx+9WQa}fP!^kc*9^jATDHaf`Z!QT;&X0TZp87>A?f)NB`BhZrLFIBxeZts*ZMMNv6!fIChq z{`U*Jul0XC*(Sy~XG;*F9o=p~!4->Q!}rHYCVbh>^5Sf&Y)09GCQ=T`H<)xxDLnR6 za8lE#JiWfQukHx%OB;Bz6G0X`H9FnDvWZzXr;{sue7XP%jqaFBee&tl8&}!!>oiMr zM}My$AEJ;gt!eaOf0ZL!Tx+uOG%RqFM-42Hyl8tw=5G)yK=9KXdGR|1&yr6;xbfge zg>kXVe&sB05KQbi&naKf>T=+m)?yoQJmuS^HOM{xa0+_k*Q zY-5%-t}UYjA-PuaB>4Urtxev!!cj>5Ue;h`owwCrhI^MxmAX{(WhS;@_X&-$jERU- z%IaRO($N?c`wSk=#}*mHwwU%7ga{kqZF<|z!7IARVdX`J3(LHQZS=LOgWmd0R3|UJ zbYM)weafwnD;$8W3GOf5fXX^WXc>{%0Vl^T%+rh+BDk~1+_MYLb-!_#?3}2Z+;+pC z_2=dc0?RO`Fx>5^2tuxm#re={5jPI_WXmW&PjhTl1v9qc+%%3t`(1z9eu#hPg3>J& zN45PAl8>6b+6W>Ml>lTs|AwGuz5pai6KTDL58%SF`7MikTsb4U0^2{q^*--5mhV`c z$>GWcOu4$zo#z&ljZQT~WXzdb&vY9Xb7~+1l}4GReS%jSb9>NJ&yTOn<<&{Pxg{q( zCZv4f`B7BeR~J`Sxs|G4?`=OG+kl04)-q=s$byU>YzTqm?{I*i%i_Hye>@IFWz)vB z68-3d71ULHMCc#)60ei%7nR>YyrY-&x6p;Dcet0=#A=KMPMhEID0c9m`UTK&zV2n{ zkm9*NFx^cjO}$ccI{uldDHq*0Y6QWl!AcH>(-3zBh=1!{uCs|>TGDLynS&hs6J^M4 z`ojBfmMU4%j(bIoJ+OYA+-da=di00oMXF7&i)a579G1NzK} zDcgWFl)am;w?<$ST*nz^#b;Eo$W-fsbCrhc279N5j# zMJ+!TWaQ+tM9s3*u%rI)wn|uN?#NTjZvoB?@&?ZiO%T5-vJ}JCAN91a*EIPo`}P&0 z^!pzgp9vHkkO1MPI3#+kA#s=AuV1t zws9LKCal|Zs;f)4>KJ`$5dBw(^CNi);jg`<+>r0PYMRVQg+SdO0pxvnzg;$yu;T-3bK2YI#CQ;e1%?1i~ESXj! zY4a4vZ+g4Lwh7kBMJ6_EE8IBiBmw=nQ_Jro`IZnec{@qhCP7W!HjJyY)nzqwG8g1p5?(^oJYC{W^Qk#sJ^;zQLP@ z@2jZE_UG&N=Nmxus7{^R3d>1=YqHB4S)GbfN~U4ni0(FL?SjtbeU~SUzHBMknq&#F zjcpS>6vTqFIJo7GlRfci(3;$CPv)i7(2;Pc2E6U*OKR--t>fIRRr44ZhNDQgV{RSM zpJ~Rr#{yiv!U)H?|p($`fqB4mqY$!U({R8IJ_2r%10~vfJmBYP(w0`vUw{=R`?AxoQda zp(*nj&heN1V^Gw1y%$qWLR3a{kkg4z)e@a+BL#>~0fak__i|NxHu?h6`$~=6!b&n7 z{Z*npxa|=RJ{?_b?sLr8u=iio*md_X79ByN#u$a+Bi*x?r<>U8M#z$|*-hKaZ&%b| z{DqQfOLxV@kpogv(pzH=^}eEK-70E=aGSFQRWnmo1AfD@s4XaQXenxwuZx9S0Sw}w z|9RZHUgF;c>vp>E=IpdJNaoui6$C5~0&7kW?VyoGz!Bj9v?6g{FG zZz=><^z!LgeO1-A0d-}AhWL9#)Hk_{K(;J6sM)CYBwV9@+o$t@JPsrSC+*+F+ZTDb zn|g5(jSMQ{=;nIkf5dm3FcQ~_&1w;~WSm}+@XQdU2>oGY7^K^yHv61<;k}&x+H$PU zWKUu=hAm$L)7%`MRk!SkOEN;{#Ov<%U40lw+gQ7H?^s*=pwnbEU67 zQF8Qg{j<85X%3LirO)co!NC|$u=$n5{-XMAyul6N3i^|2Ky39FAHOmafBG*oanw2N z(twiSq8EI|u|6L{orv^vu&@YL&P3UJ8@eaPk91n}a1~j#Z1`e>*M!`B3k9#xt{T~n_QWthu z0)tVI%7WDR{Kh%@v0(n$QUKh|9B*wLJb0dji-AXSa1Q_B*-~NY1@`kxV>d*6b@QA9 z)eGEuKy}_N2ohluyyC1oROqz?X9Zh!WL$Y?Z+!uj$S9*+KP;;&3V0!A@tsVcKdxt= zF$Q38D~nG3(|5r=)7?=A#x%>@G=r(ONk!8c)mZaa>f<@46y=8BE@~*n&xfp=^RF{T zVZp0Dq+w-0*Wy3xza^J@XsH|7-pdp;C#ApKt$K;pFdvcPB)S~E5IfIiFH<^m?rM9U z&$H2G#5>T`d!qPiXu|R6)a>H><6Vs7%`K(~2EZIiq`&G$%zd157u_S8W%Ogk7`*n# zuyp=smt#Zs_$^e*P_0_Ml@6`yc(zWtz+Mv8a^Qa5?s$v|R;ZEQ%vbUKOCQ(T z=aoAbZ%h_SkKmSp@Bq|ld27a_)EFI6xlrCGniq`6aX;jYd9KEaQTI>4UAG%(RG6Hx z2IGM@Os_f-KV!3|3_l6TJnfs#)p$9{FaB?ywk3lSN)g@k=sihhy4znx_B?q}O0f3j`V)0c;w|jkwZG1)U2QtHQ_()iRyVkK-!hn^Eo-5 z?&rp&0xgW!y2AoPam9&)X+5SPt79oe3+`NdHfm!* zfYQBeX`@RTq-P|^WX)b>l9@%3{}PV^ihr;;o8}FkZK%G#@Ag>olLJ&da|UH!{f&c>P6PwT~CK<2Yn{P$OW zG$xdt!cRcfQ@vvmp@J&6$CMt&de{6)g1?C8XQmqJgqi8I5d3bh$cd~Pt|eAai71)V z2|ZHRZ+f9NvdaUH6Ysh6;P$!xt6t$NK7;4YfAASRg6r);O{)N4WOi7MfE>hyc;Q4mHsB-yvoH0%8JbKp9VZmF<3|` z=%(KiY2MI(r}NkBEzGmaj~^yd-`u^@ddh~bQoE$$dqgk}Luc zl!ckkFDzy!9d8E2bWwv1AYD`-jWa7QSP)1vlgIpM3`HfU{l#W)Xw?-_8Qll|R+&3g zsz#%UXzQ^gSvW3*^0}oG{dBQi#Tog-P(~o>>sf-?r{WqL1kATB&j;8{N7)L`-={Ct zLQ}pVqbpJ>aC~R|cM(Zz+q)=tN93AoD?nWl)B2zHSc%cGvGw*aA{Qu<97#Y9Urkq@?>X2t%yz(i%%Q|lfwiO?xsuvS}_xj zK)@gc?TY%r6~}kCY5evT1NTOY1-!jEZN~G}rJ?}!$>9JTZ~rrdkCjB*a^203719S* zz#7oydq^qJpJ>8wkXHH|vzVtXYY9`>zK)gUa_!-}o9X;*l3lgyw?Tys7H&3BvIpYP zxkTT`W6c%j0L!fs>w8e+g4s280jpV(As(sr1;=rWGeC#`pw`NV#YBWNOP@Dp76!|UG3 z^BlP!qy(uYTqUKH^NrZWy{`PlY0>_Xfny0zGgoOYBCvelt$jL0j%>2x_hmf5Y@{&T ziPTu*4rRYh>y|Kz4h+-%+D)4t`HWaQS<7~!t8 zwE55PuY2=N-eW#DvA1VR2iJA8F%NAZz$j1n(JgV?FcNzMiX`$Qkc zpG~ORNVTs3DGjtjPPohfdroKZ@^Kl_8}jzYm8Ypy?(=V`y%JFW63o8^ux>rh3$8?Qyf`}3ziq+% z(apnDNpE&y1F9vE*Zk=B`rrt6Ez2`?$^3%psAs#H^PM$Gck2nND4QUzp8%;u*x>vPa0;4oZ(u11dV=KRulCP0hMJ{Ow>LhxGkqlQ7S>w#~mVwxg2`ps5;1_P}68n7iw_WQFxdbP_kmy_4qo!`)H3ASZ z=*Z9RGyGAcL)yvUuS1(%RAB%uTMz%~te?}mT{wo+%9kmUUWNRI!j()W5V`-_(|P|% zSW;sX5H=iWC2@8Lxr>e)PCRkQm_H`WwwALj1yD{5B!S8xg<5Cz z^9yTu9zl*id9=YUe}AB0nRweo%zosUSz@*o|Ke&J%RVE`Pt37BX5`Dl?NLImQ?DYvlK%hlda-JbGeI6#k2olnuatZvx3% zp{%)gKgeD-v!LLB3p+;W)zU|jLF{|aboXrEnGmxWf%Eh#IfwdAd*J(XGyF_jbd3;3 z-AR}aR1M~j7{(L5*XePcFKV9=t1Kaas2$5t* zFPhoepgC^#7-BD3_dp6F-)6)?Hl>ziKCo;e$phe|88AigFNQCyYztE@G%b$g*G?@D zvGNC&r>jwsuWe`cuxZ$SjjsLnu?>pqSPToLy9F2^5pO)aY>guz&=$nkxMSzc5bQee zZ`f23evhqo*k*vS;TPQ|*DhY^7I}a9cpZe-gr!<>Xn;!IqWXmuAJM)CSFQM@01x4A ziQ%V7|Cdak5;sIbS&nzFuse(Znybj(V9UOYSL4VjdOeMO?cQb6R)XpxT-Qg>444ml z%zEB4@jRTlQ9fM~-fe<{9}M$=;0+43jdc%ACY}cm^>Cztv@rB@k_z9X1nBX}_eZOY zOu4Dy;yR*(OdnOJw=~;r$4)C>So9AAqY59+0c2cIWkI9b;4zG6vB7{kaG-!1V z&&|Xs7#`2pALye`=fK`Ccs&n%+YW*i@c$7GYPjawpfYGsQSli^0Z7|%FSb7p%K*5% zVUdPBwC!UJyl~yjZ&bf7GxSKD8J3I02KjmpKPNodBm%R3ml@P))HDzQd}JHvKGb}x zwbo-cTDzI%EY2pwIcnU?I63;L#s3bXG$8PMI7iFpZu?`$t2O5V8a+poPwj)~ z!<+eLoA%ithh^Wa52sYZ7UO@;|6((XB%&6fpf;lT5*!=yBirsOP-UImvb@dA8t^q?z%3=fE6MUIrlW%zry@4@#hj19M~(T4&x}%)dAKC%I^wCP1SZ;l+X%v*92mH>F?ckNuwliWKWK8wOgY>|P+A~? z!M9R+PSdOo6gbO9QDo)FMoaub*Qq8?fYJ|5J=Ukr!aOye-}>+NIL5DXpQtB$gdr<*_fZ;yL2NENZ)2pcST&sBCtMTy^H zx3#{~T2Qpe7&7($7P^J&~K+($JpAG zaP!R)bh-7O=1fG03o7QW1s|PLt(&{YrxV2S5n;GW2Ys5}4Av?d~+YG(HYXxPG{RQlHaq59vzq9aPbw}v*1Yh7JS_QGC zMq#cmG@&kb;Wpg+o-|(uScY^QvvM9VK&W?ndE0x|$BJE-KM0(>=)k^1XLLD?Q!)iO zV*$Ay>#JQPKK+c=@wE*-v>s7riibl6#;Jkt_BVx#Kxv=-U8gPuw>I(gyQ{Y{zxid3 zCqnL;T(&{4sKYRq-AnVj@w`;KTnYsJ_as*?kgJ<9RNDzs1HXbA1g)&IscqWx9_ zFRjTts}r|`^Zn<34tDmf``q{y?yU$?v!D$kghT~8nLAc`hM9P&uyoJB+^wzU(KBOM zPT+8Db3ZnuC-5V4>60cmS`f|ovl&uXv6o5$oT{sy3_wb+!(yziVKK=ARsTi58qu`5 zFMb>4gY7^P)`+dD#n?T{a$l-vKhR49EUjw@h?P5}yC9rEd;F~*tNhhmN6VvEdeA#>%p;WV*Sv-8t!b$YsTD~!cQidb6Vm+p`swTW4c(3X_$pzf z$L>kFFNOmtx;Z1%3yL-Zt@HaFFT=vON!JoK!7}AdN79H{pckG^K9*TPK6m!<_t8HK z62Y%SzRmiBpn@YfdiVYr!2JV6sn5N)g_`(Qb;6Vzzow(3q4n~)sGYF? zB;6_5;n~vSc-_2Z=l?XgmMDVh}NNe{s16q8ZgI_@HOqnB0wD zoodm0zSqt@CO^Wb$!A8Jt}CQfj=QQI_NE92!vTEVk`hIhC?S~4dx%ji7efF^{vuOU z))9QfkKp%+7M8^mI`M7<`Od3o$^mn~UNqw|3PH4+Fy(oiTdVVuNs+$)sb#(0 z&M*(l;S#73Hv(_i;U^47i-OG*9psNX7jqC+gab?*_=caHeT?h*l_-)tn*;=@Plhl^ z`p^D!h<}!qfraNh_-esr2)i&WN4{EW7=z#GO@!w1JkDjuXb?ts6dgiyqf!c(IqX*$V;-)9;#ed7 z0h82Ra;V-%3%|+UtT4zLkN+F)5b^L3L8{31+iAn z6Zr{+1B^lfU#QudN`SkfsOWdIJ5z`N2S70X@L*o!c!8v|DwlhuUF*~>XMFZm$j-$h z#F&crj%~pj(l|YS2Yh}^Z(nyAc?Ii~eEVub)xF2#LBVyD5XnJx5Aa{p&|vhoeQj*L7^$ZZQSdEA~LiTxxYbWXud zfahfn1$*|-GMHIu3`c?+4k&KLa&sdu5Wgiy{RG)sQISZ1Q9+4@-gM^A7(u&&8DD&< zSqJ9tiqcMptha=S&`;kDMq)G{hdSX21AGUUkF%!(?!@8@;aDKa{`YkTI%&pAPDxip53Rm{8;o_=$U&Fy|4yYGLf;k5gRY`(h{_3OnfWzs*_R}1X9w} zZGyV8&hMnxH$Rk9*m;=HskYRidzUKzC8Vr==>FL4ie*QI{aY3F=<^rQ=UL@Ng=n{G z>x-Od_rU9~%ydpDSXfw&l3_x0GqtutcpB3^>JYw;jt6YNS(m-7%AAO7afTlsnHuVX zekf-J`94{wF&$|=ll-*&+Rv!N;EY;;OB`MEbu88pw8tg6CV4;bI*h3Mse_;7^gMhA zUs~@-nscl=jc7MI(K%h=loH4`weM25ZJJ*;^2>G(bglC^9v%LvK7a7cnlg#bD?V?U zKZS`~h@oAf4HnMN5+&diKcHo)ddl!&V-plMb&$m1k8vW>oc_lXu#OrA?1AI=%E5~o zl-KsNruF_e>-fNibC9YJ^j&Rd0;w(nzZwk7Ls85Y=Jk7Ex- z39`@3M{QY8E!^-888Zfh6r#L0;Kd-+R#N-ILbe-#RYvCxT`a7QkJxad^KjpYU+OP6 zuFXjSeU2dTF1m$Nylhk#+-tUrL|2c5DS>n2F|XN&Gk%94tyhEellK*G0X*4Fp=Iip zZo3SADOaWoVp(lDL*?PpfzvFZ(oCGi4MTbeA^k(8E-;O~f-LPq+7;ZCqi4sZNu7qe zU36xNOID=V)yievGN^{68m;2n?3DqZpHxjOdXCBlF{US5m3U<@b9b3SjXvd-6)Dv2 zOS)O<3XwgfW&}FygGXuj-4f-Qc?%f!=9?TRki~=K!RM<9y}tH6(V|KhFFpwIFWh*7 zyX=zO+10f^lxY+nb*a4f0*PD&GK?4Mz9!|n2)R{n9=&(0z&wyFiOXt`y9 zvlcEY{V3lzax$1usb}lZsfMKVE=v>Hf|F7C28V@VxZ=>Sk6zDp0KzV#PDS)@epTqi z6eEMr%sxCP@GQ)SEU`%j@is$QhEQeVP6Q_v#^63+YSjzHYgsg>p0#`jULUl~`-a^4 zHuBhM4^aF|rBw!s0SEIxchJitI*PTL#rNGq@l`IC+AwxQ+xo)nmGwwuzT5*rz-*|c z!=!1Yk9^B0D{u5kc#O_qtegCXQkINsoSL(bHLk?J;VsU(s&;vG^RPA_;p#|tAe?06!R_W-<}-OxCEw6xESGeKAddtafFj2|D6N-S z(;4MilZ?I_upNlm;@EA8PG-i4AwieGY(lmt8m+T)j07JOB!%4g&5XwSu~*q%W`9i| zWX31AF+fvnxf%hAt@WkUJbhzix{mX-6J6x3l=pK+zm9hlxmZ!!m&Q#g7Z;e5$vjf(B4-qNmP-;x$MaNsB_VC& z;2ib&Co{WR!K79Rj>-@slvf0D?Lbt$JflUT4|+W4-bsyLB5CP+YGtapYyq{-4lka` zPgE)y>RhNW$ZRZ&`;&x8H)$0jKG`{GJUDEq2XPS*DgXAToSUFyz#&$Mq2phJ|97aT zT-A8^VjuZjw%{%#l?Qqe&!>#7{}yN9Y}ERZb0l}7v(4PSnVUuevo~!^U!6{T65?pk zGCpay0N|_K?;k&YbrP=!NV|!lB}9=-##ve=65dnzendW?<2>?SONsMN0Yxjk$DOZd z3!jj_bSq{p?wZD+2)RJ~*qFpD;3iDXsT{H=x^@P_!*MyQqf?C$MEZX~Tgm~~Bc8tn zacT5#vHwWDWpMHL`+(U7;Z7+j*$lrT%NF6Na%vY;J#^+z;b&@Jkox7r+B*8nrl&cVM{orht9~o5*mH+Pg)=))#5V%b~`GGy}aPT_jMJ z2(gd4_6~lojk6qYYx%y8Io6gT_f~eN4$_P5hx5YL+>=D*F)xFI{7mOdX-x9?Rfs`u z@4|w3VsgW-<}yZrA)31_iNn#Z{HbD%sC zr*;i537aowpgZ=|AmvkFHvR1RAAJQ0(2w!ElW7~#H3$N~tOUBLJ-uijk?RZp{WWMq zwCV6~a^UqVLFhx0S0a+C88PU3w9%VMI>qsuW$ZG-$a_8fs2Pask>V{ARpD(pB+gp* zb@5#*t1k@r`>q%PcURD(5VjuzU%w`{};!#>ycpnusK6F4*owm;s@64s@b2%P^8ez zcqyG0a@OwuzWn{z=G7cyI`+8`uhF68+W0~wB6FWMGH+RsL&;U-*Z${qnCm%WD^K(JIzw3(pfKG-WRudbSD$Ws|qua~EInX6^p0IX)OaSdU^V%7|Eg zo+y|VeY~t~dKle7x_uQ(=YVt}+g<62)8kB3rf;V)N^ZBV)ytb^oqYPnY zjyrE;JD?Jr{O+x~4``k*eA8-fec)q+T-dBdc9myr>qzH`$XYRzIsez?x;)3;@;>93J^kxN&gAoz#3Rv{ z2J5fU18vYx^xhp{Fg#+4?)xrYd5g11>pg5Ocy0V3IGS^omKbz-Wooagb36KXqnLQg zK`bK`&H;kQFz#mAl@0!udI|ROno*8NmQ>tJo!I;yHoe`w7QhTQs*ri(6{R|$kXe5A zOn^VCS~EM31x5Zo7ZN?DdNcNA>Smd*h5Ql>tovoPOH1}yXs#_CV0j?1#jadro>^m0 zu^TAhBb?l8%2Ce-()YJVS^L{wPon#1-Nd!)L)Mn=z?G0j%X#2$tRDWtDgHLrRS&r4 zR}b?GqsY*P5q#9Pm|fn_5H>3E1B7eFNFrQz)LKMDL!gMl;4Kh56^=8Yqw>`C-}^ZZ zWNcF7_d~y(aje=U^7n2Q4>q4-`Xsv#4yTt!4VozMvdEteBfmspkq!?f_QqyKufI7{ zx*py0+vv*rUr~6eV)OJ9k!?Nqo-Kqu&{TfMX*AksqkMGm@R&AVF(2p!^CSqxHGI#& z^AvKHsPqdBG1(j&LpOo<9e^hAq{@>bfA)Lc9EJf#qYVx$-4L`Bks zhUdYugoTkV^qZT7e5!;=2_0P&WE6%y#v3gxQ^yl!UdSZLZ?HV8hakg-0vb&8^;f!? zff@GStN;T?1sEdewY}Q<+h`UUYfP80_wTr77bFHdePrwJ)aoZl&ErkMGZ%7ksOF$z zbFBf0CCVz=)vQ40x5tOwDIstunGy1HADg%KYfv%Gg@b)c;w#d-HAdtcB1W>e;wN-G z|FT^clk<;bO>VwxjJi`~dy(cO?=vx>jR;k;cz(>F&QG!2pV$&O4CTHat_RisAd2izT+CDl}8@p?bHh}D9G`8y!Q4h_k zbrNGY3>&9Iz!(Ugs}D5_C-pPm|6KmML^JE$EAr{154!}^`Qo`NDJBpFRkk5 z!Sfw~guEwiNsxTcvv?%%K(*IheZLs{RfWuLUlqL zj_v+NlEXCxVtehmt_Xy0=ZUHCvJ_46&E9=1DV+B##Av7Vs1ob(zrSKPuFjlI91D~H zOM#X4ie&=i{S}JrFXNSxIHXvqZBTCOFR1aYXNnH3D#5z>f5py^lz9PN-F|o+QPr`R zAP^nhqIWnS(G`@q3K%O0ppKgcA)=llDhaVNIwacs?TyOTVFx|n_hcK@4v$TGJp+fG zoSN^KL3l@EaTStF-3#(qnk|Qa-j=0&Tsh({lV+dx`)=g%815>RTdR&hBe6GELCjCC05CeZxyTC@G@}NENaIXUKcIGbPgaRZ!G>tJ?j;)W71HO zg^jKas;7~csKWHe>M@Xe*60^*BxMZ6px;- z0#G{|zx~zdSur(#4dwuMSo05S;Krl>Yz<7QgMJT;3TmK<^`oNo|4vwYH4Ka(lUhIY z*$nsa9Irg6yl(If^^{rORg4PyKaimBk*l})oHw!pnjk*qS;XTn_nk#n>DGWU-Om0+F&ZhfGxG;Lo$Y*4#uLETYx zVpqH|fxOuq(C-E=6JB)N?ll|yI;;lU&6dmmsmkW6kIPS}8vw}4(a_%RkxDJ5JaN2& zd>w+Z1jpFb8v(4f-~r{~;-*HCaMtbU2GnHyL3Br#ge|Zir|V}Wr>&}Jyk7Tps4Q$^ zP)aGU8Ey%;qF`Y@0Q`J=aOc3WO@#>+hK$U;=9xi|=Vm>b&p7J1KzE)N813G4)del= z>rcXN!!xn7KSc0;O`87o@m25NG+$H5Xp4D&iJ*u&wS1vEpy-M3GO90Y0Ybfi>-!Fx z2a%<_6D;@F`8Nz-41ib(TIp$pfH>Q>t{K~5_IN8boB8W>-FZ+nS{DmQVfAVCAlWRr zw8R&uE?rhq+jsU~9k^9}@d$P^0NjAh3fI&JO8W>jOC%(4U%gXa8F3Ipi(wz>1GV)> z;1*&SMw-VGxeN)RY`^=b2WWnc&C!9}^Vo$2V-Rj78aqdHf9%Z@eAt#X!%wfRG zei!t^MGO}|dg9`ZuSSpIAc~$O(|g^mBEeOb43Y|^FO@Lg3(8y@{MHfNY$`LJVkn9Z zn(R}06-@7UpDU@zC_~LmzCd!blt7>p5nBFOx4;{WRqcA(n600)e(YMqR}{rLbiKP9 zrG&L@rMsJ&^q#5TCyV|HceS}4l=D@7Uw?|@7Hw3WL#^jY`orx(Qe!Q(6GQUYBhC}L zzXK!se{aiCXqqQ|=|grQEnRY#UmSOWrV|pkLidibR%kd>RAJAl8ol4rGXLJN7byDh zoL7dKi!wC#HDB;yvUmGCxeGfz?}Dy*7)UG8FxCiSdJ+X$YfBJSH?p(KN_!dZ&!?}u zz0Xvese(R4FdvG4Gtm90LXB_zt2Qs@fzwHPuE&dZ%PqPG6zi58(Jau%hu72jJ3e|k z17G0KnEx6D-jb11tovJMSe?DY1o^4U>-wJh9wxA1H4Cxp@vLeB0017|(9!ag|{@NBjs zmGsLOS!hj0VJu^Zt@7%(T>r@*G5+rXTyq?|TGnCfiQJOgss!}8;rKJ|-j($j`X!&V zC3f+by~XPgRg7H360F?s&(>MD@+6|}Ar;#P`?U*4ieG1h9IOJ{`n{qb?ZcsIbS9m8 zq#$d7gM!w4^YG<(ds|~tlO-J{Ly_Z?>RfVm9`xq@ahPswO70Cx;zLW0Q&&>L(ouCn z0kyU$n&pJfB|`^lT&r4B0xyaC*|#PxSE8XRaN#|ynQ1@q(}|yewJePqlUZBaH}2v} zhh>_cNx!8Pm-Ks0E{|Ys06CNnGiFyn0uWy9JRMeSJ!RY%~OqIv*#qaG*;Bk$bT3g;0n6K8uDGUVTLZ=3D7>OaZWZ zWbgX%0c%mkcVNHM$Gw8%(LcO0$M}Bjzz6)(q#S6R0JiY|+NZXNJ?zArFWy^=HwQL7 zA_go!-udc0WGzHjQUMpC=d3m3X0?8|{7=QHBkb3~7rr)kF`P`imbPsyNdp?9Z#ttt zDB$8})JNn+tB2^Lt_~2&cX#y;e(94-c%8qm6|$-EOq4PY>iZ||;1R(73TS|W0vgb7 z|K0zMtY~mo;$~^ZSX)7G2eNtB>-`R>LMnv%Jk*IgA4!FXaiV^>bL(i7u2uMmuX+3D zGeo9?k#-jF%U4$bKH52+}byc+evUlabZV$ukZwYlB*anoRgR9Dv z*>F^vOM%T1?;uqEGHJJ9`tn%Xo7QCc>z?S8hAf$}5K+*X@uuPOdepAt#^PinXHE7w zNYPrlZM@A#syA7{UYEo*?WMtMV+TYT_o!-UqeI*j{reZVzQS_%mz8YD0sX|}Q2eq6 z%14+!&wAVUqZjDgV)ezHtuymh*Ttj8q=bTYs<|ib*T?(s9_U7#c$=jWG=SsUj8OT{ zGTBABXi`BEDw+zk{lO)Z9`Wi)%e^BoO4@5@4u!Ma7g_Mm!Lg-oT2YuEC$^hp0FAZc+fn= zVOd<0AV!4PmptH8j$^-YP}pW7fNF&v&DoSdLdRmiYt<9VrmpEs{m{ZYIS`oYlxu2A zi9dxy#@D3>59fJKg4KtveBH||yH2DCSc1ZLJ z`DA`i5#<78|Du!Dq{OCVMy!G3FgIo4SUS2@hCDexU%Fju&!N)BW!bdHH1K>u& z2fQl1q)F>4U}RdAm&ZEPzGhAIqL|l!U*MeILXWnkY{Z6IGG92a%stP39+(*ps}vVg z@FH{4eA_v0`OA-qYb*yHAMihBj!c=7Z}70i`c%YL`hVK!OnDn(gxJ7pb}hO1@wtVe zMG<;~4Q%j%Xwyx;y<;D@3JHbd$+JlPJw+aETqIm(<3*1yEYd6TZAEZppn4w{$ zklOB48`wx?_oj&2cZNQ%(Zxf;m!H!L>@-}@*3v!~Aj<`Q535@*OrhF83cGhv#xb0} zZ?XNi$FOxD4Fb`h1Eii<-9P{2QF)#(0>1fywKi6=7XgvI`0Fsi0Zxem(oM;!G}uHLV~_WTF}i8MB0n zc?k;E{*XH-hB%kMbE-6fB)eJ+Fa*(Dq&v8)Vp_~y?#p$2)&V&j#Yzb~x`xs8P+ zsiz7Dt%oSy)YXAUDjGh^UE+z9oU7+8_x(^d$lVH8QhIVI1P`i-e7HWh;e8g)d~tJi z_dxNnrR> z{kXRgNXo!^|6+siq6E4pN|PUarfFn9eW;=wK0s>by0>F{bl0EECF7gmHf3bxSU@euMo#chi;CZS;>RL5X&z!4~cikYhB45v+Q{3@G?OZUD z6qSPQjZk4Co8LI?pBrXB`aAXRQxGbzb=>~p6>vt4w>)C>a|$KX*D>-(Ur2uNpKJ?neW~~#Et9Wyi{}Pj?>vF| z{stG8;C*=kFQ^|!{)96-n8N;sQC-g>2@l0->UMs3PEO8|E%d~8J-GS%|E32Igd6;T z1>ql;w;WM4BMw$OPH>KTjzx2{jS#e;U4d^L1Cg7sp~zi7X)8p=^ep6%jrqy-hX4o7 zcl>Z{JGkG-X__y9HQ#mJaisot(a-a8_j7|~FI?+GCvb$j3wl0lg8&M8O0j9#cmF=* zbX@rVI5Gj+@xG5kkw5c!v*Ym#~+<-p&^W3X$0`S@2jnL=Y>-If*DB~=^@(ldw zU&Hdfa*fiNH@-wXgY0JEg$WPbY1SWL3oEUI&9z-JnJZN~<^cFJfNO6Kn5lZ(<0uKZ zT16>)00vJ5O={H%6~H)~O~kLTg)LbRH}U3DEb|qUU=@;+_!Z16#%&MRGU3S#S>&N5 zVZ0zw6N?Ffh;r>@@}Ft1(vowgLS?q%rC=!a6GGTyXJV+%UK>^lZN|Q{b0iJx-%$qG zW1>B${|$t`=952(hGS=Cl>e5?>1yLHMB6J%VEN>Ag-M?x;yue$^R+CDf&kFBT-<{B zbuHcbatub4W!Nh})^diF5`w<3Tvk#a2v(Uw|DQ=|Yj3$E4jbixG@*cN)Rwt$OjmeQ zy}eGWygL6+fQ)s<+R0zJuL1ktVnNm$-aJox5d*w4){#N+(D_x9k7^dC0=vzJ;+>Bz zUh^?$=lm7jDVCFzbh#GV7j{eq-ZcT~X#h{0*v3#ejvDO=g+1OnEx7D5Ip~0RW}v{Ioi*Nm4*}6LY=uO~~ z@@<((d))5s1119q*fv}Cw}_m_@$7n2$M5oqmAT^I_WZr~RsZ7c`+r~G`*!hpi#@QV zzve+Ocxv-T|AvF2ILF*3POHurhZ)RJ&A;fsef}MXC1);w+yoN!boFyt=akR{03;*z AQvd(} literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/images/auto-enrollment-task-scheduler.png b/windows/client-management/mdm/images/auto-enrollment-task-scheduler.png new file mode 100644 index 0000000000000000000000000000000000000000..91f85e0a3d9b96ce4f27d6a476224378e1ea80e4 GIT binary patch literal 114125 zcmaHTby!>7vo0E(;O_43ZpDk00xd2rP+W?8fZ$RnQXC2`#f!TnxI-y!!HawF%XiMN z-#PdGasSA(pS^doWY(;i_nn!QXdNvT983yK1Ox;eHB}`&1O#Lt0s^8bI^g-q3sha? z=L@2To{9oOkdkk0AHy#KGxX^z-h@UxeDG?B!iq(|l z^?l3^a!@U(`sX88tvd*7QPXS&NAPN?-RIT;6pm8>b^ELa`@2T_X^~=~5q?3%krBuF zG=6x!9?t9X61>;^ws zAE5cC!T)Oa+_czsJeQ4&YjZm7zx#Q9Ja%JG>#_z5{kJz0A`_|q48v6{I~EoLMW*bq z$f84MZM+Kn+ZFE4V(&XyzR_?6d;8L+nVFgHEqD2{83u82)aGXKfx*F0{UJ1wznx^e zNJ#r#;MI4(dvje;QDM~L$xg!kHtzP;&rNNX$FwCX4+rP6E;!jIn|lxXR|c*f)FwZD zs*SjeIs(KgD6{ySmz>C4A?ReVsRCufmKTN=c2#6?3H`%lI0|5NXgPq8qk;fH%tEtbXGQd*R_5q>wvjP2Gvm{0=?a~{ zSPGtf*>uxKznk_Yk>0w`>K-e&@5fXu|2ifAegx@hA9&IA$}Jub39SR_lG_Y~xU}Gl zCi-C1YB=uTp?!v5gnm1z^6g)XIcWAVnG@Zhh0naAEo38`zm!eN%6x+I=G`LnkL^YN zRfgurW~S3FB{>rlDkeQ~6Ej(fZ_IRS*RlOf1ZQ!N;V6je@rXk@oWDZfLi_uRnwpF} zJ!0_u9_(biNQgG(RahJuJ7VuzBJr>R&{=adi8vDUyT&0UNkNeXUdN@owG5#yKJ-L4gQ2ma{lsACtTpqd)D?cD?%i4cyVt$2>_S6iIei z4(G2*oY#A(!9pv35D^lBlxuO`ym@nic7K9J03Tqp?Q`RUrhULkN~Q`Qvo-p(<(${we>#^P|eT&CI(G0O!z6tq7C|EN02!uP@ zePb+J78$8s&4Cp-<+@$SB+X-4xU_Ba_P4UQDQ8_Z|LC%_c3KJ4%8MbiKl z{V2qqiLW@3Lo6;tEhFWHbQHZ1`?)3ypLF1~V0IZn<>Y&Kh!8V!QCwV!fCmJUmn-0O z+>a)n4lZD((n>_NOL`Y66hz{V8a<{5TVD04`|O!?S_5SsCp)XB3qnkYkoDM9Er?#; zVtW`+DZN${{4uKyAyrwl5O2T>e&}|{Xs96JA$axI+KpWfFh`^1XsIZ4p{B^kmTbQ_ zqH-3?W+K`YP$K`RIzSZ#y_ZbNmc@-p&9eBs4cT&!*)gS}w-c0r*zpxKN1*iA9L_DT zg;q7AFvkPpe79ENhlxij5`*A;6EKXqYD1RutIuW*@bnsd#u${uOE0bmmWi1)d!lz9 z5weC=<@J*;I#s7TcG(`!tdCuHcC{V{htK9xgHg_gNfCtXi%y1vpRi~H?>)Xc8-;)n zfe9{VVVN4<1%ro?!?m<2q{oWJgCv?OsZp{c_q>l+eUv`=ES-DIR>Qx|RcC5rQ zRiX*KFKmk{_)PBK6}K`(-_bM>eTG=o7EZRHrjQWH(;IeW2%_^oY%#}?Wh$QTod4@W zW@(>I+SJsPg-9a<%TV~)nY)iP4Y~rJnwnbEUSCbq;kGVWprXr?SQ~GG$d5Hc@5ts} zu3T?uMo)sq@{i#e zj!`4xpH!JW)eeV3^H&Mdv3Lpu0jpku&g9;NNAStclfjKQu6LiK1eh3D3Tx&xZvS<2 z`|%nCz~<&=m_H4YjA*JrG(1eK*+i?alE|%QlJCQ7bT~3wm3N>F%bJsDM$zRm1CLWk>&d zZ<9omPd)=!k*pIWG&!$LsS()14CcfA)MnivojGhwup z`%PZ%gMz0O1sUGT5eu&)Tew5Dq6WphFR!;GzL#?my7UVzAp1<#k0V=Ap z=!EMzxX-}j@aGKU1XW?8^fTXHDmu!&nAZiFrysX->!FB}ii*mZ3>H0NkU5?}v4T(? zJ<1xf3gV_tk}&t{iJ)#^Vq!b=B~qpdGsUfZCoO$6wtF*C*f@@hDsH{Hn|omr-buI0 z4&O_L?9ROEgy^ zlI*=I^b`+zFi|m=O-(MRNu9Ep6CWu%r}{2O5k^^AAOsAQ?Q~uH zAK)Zy$V9VX>5~1P(mxS2ycK3p_Cj4fMyx$rn)cu3T{~_}h)=uz_U790P#23P)0_Jj z&#eDH;5IB4?O$~4q3im;e#wK$L-Ti)sK#D&_agswlaOY%CZGQq7b)uhh0XteNLrv5 zL|Z9>#Z^&Z=OhfV^5`PP?%Jq^>|xLmVfHwE?4pbl>s$y|zzfit%XUVI80d&qI%&0R zlvrn#t;C@ZN0MnW<%*xHLPrFaJ3r0h<9CHiBWU90uqZGEI(^9{sFJzS^gk zri;7o{~3NIGLME-cvu7+etNud%9_`gk|-NP`*_NDQ1QL%N8@T=sxa$Xa;kM-Y;gaV z7P-y1vN$EVjWpot`IDA{TWl3*&!0qfplQL;^)7P=y(_>D@$qzliRx0lr@zyk$u-rb z=PU0@&$fDKP{b*1Ze;qmL-5uKL)%RjhFHKTj8K`O#%gDW*7{Eyl96^F2a3wHLBLfC zP-jitKLBav0S;4n>hp52`HR+fBq8sj(dg%*iuSW6u5VV?ft^pX_pm+xr1aEqd7xC3 z8}f9%JRzo`qhj*|0T`8s#GIeRxm0N@%-6`Rj$-A!6pcV&IyVrf7V|B=9PXCt zYW9f-Mkh1TGFR5S}C;&t{sg7xEq_BgGCH=;_AyQf>Zpe_A|_*dGhaWGr2Y?@u6$gbIsp2A|Fyu zC@L&Lebf;ox!<&f??92}3c}(r(4xcRZj>FLVBTc1?%2w!C(`%!+s+xth8C8QQfzaJ zA!Mc;eKMDP*#1{Vb1)(x1|sQDgJuu!5p9HSQQw*&AmayYBc+F`!G%@HZFpe@%(7D|WJ?QZU(a5f|Ie`9A&h24lH5kMXxwX2eb+LNY zi&~tC$Nb#hey6fxeeF#htAi8{l#6shsti!@QPtS~que3Lmc+!d%94GsD z)7a!_eYw_rJ_z#>2EL8V#i=6q6qGUsg@AjeK zpv9PU*lO?>kl8VfyqX$5%l#%Ry!TsYUy*4aj5M#JH_|*#fo=^vP91Kt-rE=42@3oq z$#*wkNwpx1@n_tuC%lMfU{FW)_Y(TeZfC(RoM36eAgd4Io#2D*($?^qmRiq7^9^sR zH#Wv=N(D$eGh6VcgI&6om{lyibsuATbkt=sY688Ptz4cM8$MS-4tuBh-uW~0n2-J4 z)0MXW*hv&QC$h-S%9UtoRJ0m6WVJAT376L%DcbH0!38}A0N?IMe@#hI##5Ey$vJSg zppQj9?vMKp0!B5_(Tnx<2evAXu9o`!$wK>X)?@A$id|R^_WXaAyw?+g)MIQmiEasE z%Beiv)8nws8&Tt5va22~P_rNSB17z?+--&bP#~kDd>&Az4ntG!M;y|`9-NRfU5z|} z_ifP+Q-(NJ(bj`IpnYeLyUC?sDR)hV6!~rUo+G}EiN|;F%}c|R#pW44HqeCUUM&9W z*6K?o#y{=zO;s)e+2AybD;{!y_ozZD4{VT`Fnrdsr^!4Z5=YY8VrMJ|*6?nNl57u1 zHvqF1-B=5Kjuec`_PcEBD^#H?u#eeVp{$?(;rIDwthJWRje=lMDLik=QvJ<`ARU(iEVq0tdG-aTCB8PKQC> z3Vu^hRF#h)UmDtN2dXH*O%u7T)398=Y{{LOD_o)jH*(u{beDW^neDl<>E_$o%x z<0*drF^DV`|K)8AvjUS0rugP3yNk{{(hRAOBHJUGAbZ{fCH-6UC4yS2Jnn_4AHQhV zOX>M1a*e`yAC@QUJvizt$9b_Z$%8r@A;{D8K2l~a&Jt5Jd6L1A(XZHKJa(*Zhl}zV zdl{=Y^gX}oiH>Yb2xS~r*MGL`KO%$n*~x$V>xw%fo-L%st4}tz*EA>>TFU;jk35cfkHEIhW^6r-UR`D7S}sh+ zqkZ73L(I0D9q*IX+10M(3vc(fP9FUFC!;GG`!O-sv6{@l z)`<`mbSY65(i-ebycnOjR!N`Z+Dusb7lO@-{*=W}K4$fOxSUN+N(v!058(f~r>kw~snVAxP7hr%6~HSN z7k}C+JViq^H4y+@AI6Klv|+{1nnA@xCZErdWNcIcemDMO@%lSnUNSg4PHW(h2DKZD zEv3cM)tLe&Serb}Os)2&Jt>(E1bH99)B>alyhPkA9q=*OO-f1z@hneUGHJY}ObH*M z@idK&OnDX0gB4?Kux+sT;1#6O&8`@GM#%ocdYE<^PG znv1cGOXdSkomGGYJ$(+wPa!ejF{DO;-Q8szB!vfZll7y5OkdhYss9J-j)~>~W$$%< z0Y2&6AtO>JsWR=Zv`gaB%23UFSZ4613w-H9YX2m8V=MhsE;$b^uFb4<{4*M%OgQi| zYRN=RNz(Pvp<@7UGBMigwtnBDW5h!=axW^A`vW?j_5?6x^#5xVR%QGycIiKW%DhtG zdN>E1!Xe{+k8iwl_X&9W&^!HlLfwL@cm!mUT?~gJs`eEu)#wcO@ za+d62rTBZd@r`R*De%2UUTEKc5XTLmrx$rgAX%!%DvU+l z%u?vWNhP=bwkNhKJvUTzkO^i~Nys*q^4yz3^}jv>LH42!woEE^a3s!Tqo0V+UPJTT zxU2rg#66rQ_b_3lNaRomCvk<@Kb(o_nW)@4F ze>1nT={LlV{h2OsE@v&a#7WG}^(epa$x|+kzm1OPKMZ7N5v>-~T5GTI6{m8+pQc00 zgom{5t<&bLVSn~UNVcB#$Ik|&KfIA-ch!`A_|Q97f%RY7mv74;@;$Z-x^y7&yQh@> zbO0eO32%}D%u@5)fY!fq`*d|J6~GCFoNW!e?N>A^u-tu^#m+G&5J{_#DHD9yu@F45 z@y;(TRm)Zsv4TboBtP}i;!Rkcn)*OPV9atzDQ378Z@s?ww*rk+XD39HQHF_eiK{1L z0ft7Z@#?V$oBvse0M2HsQ#`u;X%#?)0dwL(vxHB(*(r|{rJ9AdmpS&q$N6#TYbv6c zSaYFN(+1f!un9}&u4{&m>J$=1%Vt?VwQCbI7YzpoN43K&kJSAMB$@F^!~Qd2)%^ya z5ED9)0DG@wIi?mN;eq6f5q0H<>FeT+%H*2$2mA~lBe~fLNg1iFU3CjsL2{3!{lDaH ztTBtz4Nf~Ohv|K94$8A=me!v z-;mp<%Bl+qrMwH~_l%ouZn%Pb-~TI`ohF;pwM(>`_9oP-5$UkkD*KH7RW!oF!gFoD zf+CJ{A!%u8Ww*J}Nq9t}RjZ21aGHRr6PEzpdm1f$>af{KgsKW$XJhUFua?SuR`=iY zmXBf!Bd+sr*QNSdXlkc^_sNXHw(W`>2zrN#=?jA0OHl-Fe>rSL#p+uBk|WG*6f9& zvJ`MW8WkHWdHkzTTjmC3T6!q>swB@ z!g4B}MoQ7dKZvn2V2s!=I<6z}{>o*iBgo>(wGhwj2Bu`>UVrcW;(M|>KZtl$XtBRX z88ILS;ADViRfKbb8b;=Ke68!U^KZ(n1Iy&BjyaJxWVHXw$?sc2RR&Alqm&*(yy~i{ zupHJASVL@J+NA9ptcC2Afy^fjW8*9`A9?xECTcNPxuv<(;>bvV+vV4T1INkbFTxHJ zOG^R0jCfAMk~)EFuc($D@kx$?Nh?Y|*u8$MR7|Ej`!Z6`nj#^>xsL`rypJqm;p`z< za6AEzAYbQ4a>kd4@YE3xX9{a16L}mabwY(7Y<3?dPM0(y$C6Q&zlJR((W@3Jg%KNb z!`%;c4>&Fg%7?VVMzPZCm8jk%tMc&GM+s%&VfPSGCqiqXt$`X^!(ouB@ZYIX28~3M zr=^;v%2I#%VL*Bl+v(aBpnA^^S!O{GQBjLD6>TPI@0Z>0{tZLQtdqM@Zumo_^1a_n z>Y#=;%%^#y*cbj~OipVX8c0r0PhqLWS~(I0 zH8uEUhE*M3ZRy4$i*68po_QqYrbMqqdTxphCMEt>SYVT%qG$gS``aS_;*}I(JGs+# zNeUywjsiz=4A47|txEpI>x!n=2D6i_i@V#|4usRKKN8`uQ!M zmzaeH#l?s5RL)EGfQA@06+UMU<^t7?*fz-ij^6(i zEYcFW@$R!~9DmQkd&T$aQXlreKy?}Z8eQ*1tQfRL-jI)A%9Fta2~|DGBC`@jRd$eO zX}FLmt%8?KK#sdb;$9q!DW;a{MpDM7xYsI_gHh70HRH-;dU|?EDJhHze49HvMaGTJ zFjw>}p57Jj=Li+_byQ(dQST(W2vRo+bc^BDC!GlrT;2U%E<+J$2Q{0qP8j6pm@$?9OmwNuLQ$GE3qtpG{2`IlQ+idhpF0 zIG(~VoqxQ?Cc}A4AfIj@01hj3wfMm$NBfwM&93GbN1iYD@g*`zrC3P5l$IwWK2>tc z7!IMez5OZc#%isD?P+b`zLv3>7KMB5t6hJI7UfD%qU2xiAljVoBldPWa}((o2c5O^>qomFVlIPGgt zCiXHq@aKa}o_2um+rYr~CPz+>TBpT^C}6r49i1FAFq#qI`~u;Ho*>mrFB`v)yR(ec zYMGM*1Nq$2n5S+OVvb`2nL7+hv-BX{stC=3@Gz);cL4)BqO6rBKq=ERO2ocEP`!5t z1y+b1^-a52FDTRd2sNfPQD8))kPAIs8wsq^b<**{XGui!OFQZexBB;@Gxp_s%Vami zjHt=d*HI#W@Lpu8Gj`ehQi4^22lM6K)R-~ESq}x}UKH|(sMCsP{hPPn2!qjge^(wS zVuYp2XVej>7Q2ff5r|3C*NLMFa6Ozz2BP1z>D)Zg;PoC*>$?mn%FsO$AIZ{p6=FJ~3rP_UwbZxp^RGQwha1JH>(kV!w~0ijDV< zo8E(wp_N$ z>^iXs*6%e&V|1jDHgkLDch0RC1D~S}se>OdE93}J|9LnHQ$i}Zr>+1A{-e-2%k>Va?MinT6&3+HBEnomp zj7FTIu1a0gnMkWPv0rEta0z6FC!n%xve0D6^F&#}3NMh~{I2izTML2(|TED#ak<5HXS*tV$7yVAWNF^mmX%jP?Iv# zkktT)b7^uTxU>l)%MM(91NbiR&F4Uq z&v@f2+&S`FUJ!-0^kr(3^!1VljQ`s-dxB~;aXJ8-EX3Hkc`Ix>iU%c&BQ@6oYASu^ zrm;h1_YO0B0B|KZiN^#o&;CtBLoPNe2^?cm4eCp-Zt=Ik{7E2GNY6{LadDhno}TYE zI2dIcR=BJRq-~{Q^2~+P2}Pq{(Y46ph4phUM0w<_TkcQMdu}8D9CyG>ng$e zlwYP^@GekB)UaPq)z@kJf9lfSo6b5rPk2;=#s1;BruaMmRY#sdhQulMQ;6=o>a}S1 zhO0bBN^}txMRB&sy#3;hg+hq*YL_zYg6w?XRjn;;2IBaN&}cX$UmgTy*D}OxrQ~HU zdaGs0x3Rbn>^i=V&CsEA#Tym^Jl=%E zFdj@vy~3);AxViGEfcqB>5Z;%NN=2&Nt`?lI;NeITmH;8i1}w`g_)4Cl%4a(g6;!3 zYGeK%1vvHb22FvF1DUoe9LZ5dym~H_xilXXVusXC(F>b<BeI+;N6n?`j z*9MqiL+G3Z#q=!0a{S*%3xZ54lcLA9vW?NJOI75Q8xeK(F2$y>rDmwVS623|wEMdq zw_iu*=`v)x{ekp?$fUr!1XAxqB- z!ZtgKOTromJ$W<;CySosdD6phdeD(52l0?Y-xetvjECBJCe0ObQG8~R_)E*LoN=io!gHnlV@@A`Sjg~l1A`5dDn`RTnQc3AgpS@9=(}7Z zByP$FxMsJHGl+_c!eC|HFV+PRQ@>+@$Auv8a2O_<4=6Io)Pxa4nW9_&m9)ZKIr)2s zT2kq}S5li>TLt;~azc((-gD@vl-y$1)K8pX93%a=h&wm7f~ExSXM(I8+4PRg>|QwL z#F__iHMF!hmAM7u_t7&5YD~%Y? z)|CsE@j96M=L>BAD{r~eibV)K2(@RSsXSvM`46VV1)n=@wJ`!6i5bDu#Ph>{A-HRY zLv=FPOd7%n+#v#ri_aT%x?xG_Aj4X*|H_7H%p0ddD{)fsHh&ZD3srpk0aNCS7-7_L zj1C{3c+dZ|q+wSlA?3d#r=LbG+vx-M9HLSsd`^s-1S+taW7FdgQ~nKC+|ofGla=fm zCxj%BbK5FpqrvA~GaNDC!CE|_kK3?NkJpx48fCh*ym;T?H-ToiLwUQ8%zW;!Gdeuh6ffpmOfQjEYHiQ@InIJIj zl9NfD(o~pU*K=?u0uNi6>R+ac+jA9!o+Ih4eC@ov?kbU=#HnLq64p=Cf>tj)vqJ*h z+uMWhuRbD1Yer}F4T$@=bBzU1oieW`BcTvs5B)FjQZ@?1i6hB&Vigw=M&U)gulU8`f+3X;cCgAve7c%HTl4l3lT- z!2Z!>M#I=w@|X(fxW=6N1d@k1tA6kKts+azt-@Ex82i8;f$N?UyyE6Yy4F>qPirZI zO~<*$mJ|Dvzkf%P3%>7CU?_a`P0O`)S*r6tBj^BRJjnW8*iDiMW@^H)@r(7MpC|mu z#|QiJ@{$w}7<`9@-Delqx&M10nG>>q-fivjRZjXsgW>TU4Vg{6jymT;IO+R_g-4{0 z(>23O>rlpDsO^!`s>ucs(rYH9=wS$1qh4=d^c)3oHBe zBaN$EYac&7qpglWoA>Ww36e)4Gap`PYR1{+nUcb~O_~v1kCYtMSsp&UlCw!msWH=c zCE|z%$EjpC)!<`@L=0}96b^r1Rjd>Umlnf8i}_vNA1Xnqph=fxe!ARm05-j4bOosS-p-9YRP5$T*ImuNItIp#1Kv;|h!A1{}u6wF^9Q|S}E-WU2 zxSSj1?6$x#665Cp`D{$m8fXzer007Ck^zyEG`fQ(>BU}}l3VLlwzgFEINb7%_qhOd z7c}oEBaYO)9*}PF@$0f`Cr$IpM*s8X&ej0c?`hIKX8~p9^JD@iCMH7W=H|*+X)++3 zdm>yj#&m>37Qd3+j+~Ic+B6RnpMc}U+;_$5Y{Z6$G2O|J@<-}F?ta|g*ZH7n3Dnv^ zS)qPldryxn-P%7HA=Gt15rt+JKmr7Qvbej5VAH#Vv;!|xJU8R`%!n%Byes#LghACC z+}O6=(FagYw?wP)myP*`ns_qiluIqfr;xlLAfrGQ-_xo_C_fNZ8OpAsJl163X*(RdLl@2fP2qT{ zEo@9I{h=cOcm>XPmwE`Vs)eR{_{Q3f&t*q^lf#Zm6DK>#+eT#POcLc33dig|GxG#x zTLgg!Kn;5-AKTpAsA2y+6qz%?tcrAhwyJ-v8`MkByIskc&Or0$&!3Zd+q~#IvFu~a za+zugcj=x#yk*zQ8}lW}|0KnBvW8@zZnWblgw^X-d6cD0rZMijEmQ+mLOQY+<_M}~ zXcZb*!VgCA?5y)18Saw zF14^icQlgw9gmS)cY2w?yO(XkPK+EC2gUx*LNq3kyekjbc|m6~GFeiDt;2`tsE2c% zUbrlQXZSMA8@?KE*hRF=z#F+%BYAaHs4sEEw1O(;bdb;paX+fmc=h$eFE$eS?XMW9 zT<$(ZK;|uaLYI?G8l9=rcuZq@V@YE@w&xx>L!uwPU#V~D!9%Z zch~WftY zkl#4`F7JL$X1u6xc}^6JWQl6)R~T~8{RKO-z;v5=(>-dZD=l#Ts&*KCh#XxM0tVVu zmk=Q~(!={gdR2umrvi80-AK1;GeTz+I9lU{{k&=V5~+^&t?9d$X4w?|2OI(?V1jQn=V z_WM{10yjMBhoj~75?*76H#jjTEMgDnq;yR(7rpXhh5nhIcseQ=5Z;ERwSwtq^A%M~ zh|K5cy$}1tN@=izw%zf!?S3}{XIZ`zyrm*!(WBea);%6Uq<6F&d#Dm}i+ye=i3`D7NmHKi$1}_R-r4cb~ z3S~!R#p4#(pu0w70vW#uR38p*ZFGJRql>+1lJP;-v(r~c!M=f?(yl;(?&_ykv}Rpk zNiKAsJwJt@rp1l|v~JT1`Zhjot=2hzI>7r601prp@ASzx zkRkdY`dHaENUB0JkPighpQN~2P!bXxu4ZPSKjG4?0h5eH)OJl&>0beKylsFDjw@j} z4x|?I072)+OKa5#(lC9@QcXZ+D>?DUdRL{(-l!2VBNGF3L{!+VOoFV`46rgM&-$o^ zA)_7XD<)9uU^#3wOVnzn2bHbv#rkj7{w@Sslrs&E;yPCe9a?U=sfnoDlJ|AZU(r9L zOtO}e-_3IM!|JnYZia=$(&Ai*4D(h*vql1P(kEB}06WaHU25YJ+Fh~fLN`%Jp}07VYiBbR57 zywS~!xnsPDA@22{4cAIis!O)Hb{t9(=dU7v$VSS`!9AjuW3v*qlw73l9>qpO4X?6A zq7U(mg)AYFmvdhEC>1cAL_T^$XCBop;=zl=lWVWGHwWKQb@wQp~Sik*wmjb{w zOB$h!F~lGXxGlo_mWxKHv3bJAtFWLqbU~TYQESzHJuiW#xu~_S0}UDrMW>7plZ)&xg9`MU*lRyec%gDW>hJ3S?yrDN3sgyN9| z15trSUuup7`=Ie9!aDBRhMhi>v z{$}l6hLBf5fF??#yzfh4TU8OWM3g%_`dP0wP(bDe&e(Q7z6y%~n?cQ2{DFk&&hqu# zun_b&iB^M~TWntcU3nW=Li6Ai% z^D(?5d1IBuC^zu6OU6-?{{Ec}+ny&ZpbA&ta_agq?lreRKGhB2@g~-7fQfacRklAb zPcp9Gt21#@k9ENj7apdkTF(OA`;2E^XL~KL9yVtGQLZF0QkOVv`8`OKEwqmeSrLA@ ziFfbW(fb@9(`g?>&xz@D2=j2V`|v@*#ANA-M`&#>inL!_al6V4Qr76jg40gCXnaRs zaLd^Cc*ZYPchlL#t`2-X5h~J3i72n|P71T;3xc{xK)7tDCkoIxh_X@1fsVPGHnlY0 zV7L_de zR&k!u_si!j-ZlsK%uvbf1dIC^en>1UPX(!892~J_-j_HjWRmgZ~KO{qrM*zwS3->NC9H&Y%T44fM2~Hl@bIf0nVPS zcds`^gQFv|)Ymay#PH8!5d1s`z3i|4I3vYn#7FtckSb(Gqwv@3$kA6M*87j9aQ6i! zE~7@|{us;}uN$P1Oc8vKMnlkO2|6m(ckyaejqS1i`^@2*b06dz+N)g1%>ueTehR*v zsTziszCPpwRYE~dS&i+DbLyMeYWF?d)St;wEe}SW0W>5$*`Pg#gzlr#o|Vrdqi*H* z?xcYY`HqJY2NF|sY2N5Fa}vJHLrX|hI4aeC-I^nr(pdXI{VseW#SWCYc)BZ1Mf7#@ zZ(2lE=85$hozSos{yJObUBB5mbq)&s{y4nYOZc22{f;EFUo$gwA9l;&=jTPP z4cAs4l}H5$Qh#WCV0U|LU&OGCDFSusfVevJmv;*~x+YO!pt94OJlWo>x4^cmhm4ch zPAgampQlidP>g0R3PFS{-xD64Isf(}ds$WszUiYjb`WgdoE=S)@ri8lxx z8RDdrxcY_7?AbK`!1m_bXD=1LT8Ed6ZQlDse3e9j;44lCQ1?ZPJ}50;vSwNVYwW@lHOhu@GfQ^N~7r7ry=+H8lQ0tCHg5r7&OC4Tvba zDqTkvv?Li6lHMUpvKL8G?sJ@%5zK(R5qyOZ`86Jz7BCXK%cCo=AGxqjO{p5as5%y~P@kV9*!TG3{r#!rr0^TGOnuDmHneju z=Jl;c^M04$N5Q4vg1GJxn13vYJF=U}aWDy|eoiH4eCQ2*z=2)xIDPBzx%k}gHXTA1 zE+t`;*hG50987!5a=sV&56OS+8fvehDHw2B*!|uqV)iYfwy}6%8pNdxPxeq`*q0`w zBVn!Oj{{vef)LrsMt_p`39{z$1VW<%Vnrv8F$-^30tK^#_daL@n>uv_o!~29h5&!Q z3sDXy-B2nhNUdfaGe1U!v>wel3!$4+j${U-d08+?#`U>^^ohkYo)svTU4$^HaI!)h#8`FQqw@?B4wbG-656vjYC zBjd4KqJ}t5RXixO!tj+wVRC+f-_X~XSs*c%&d@ph7@%vAM~IM) zMX!39DRq6j_S(TxT}`E~og^ZD)@M)rA5Nd(+HFfS;20Co>0X`&(5E#GkA&UWvAu~= zUZ6I`<(5;K#@${FyO3w*WuyzTk-I*&Lw$y zHe59$8>>J;{kn2MonH^bk}XN(4|CgztGUg!Dp-OAt#S1e+TaQX-0mt!3AmeZVTVet zgRv{{l@kWd#Kwfa^OpBAkm}hFB2Sk7%1ZFMu51MFI&ShyMkOgIWQ^kjMIY*TMIR`38H1G|N-QR79c>xy~GLHca+tlSC zb{T5ZTbu3y3gjJ(auYsc+Q1IR_b^O_Pe79dIRq>m3{J)~S_ho3=WR|BEXN*Iz^VURN`7q%Ifj*1D9`~kSzk>H5vpPdX9&hoaEb(o( z^`(rylDCEA=Xe#m7b#Iv{sYy&^EY5QA3`UE4b`D&#t0+L50{>+p_h2J zLzSk5hQABVtqlRVWlmWS)~Kbr9{P@Rx?XvMBVBeL(k88zebV#qI$d z#buK4%9h>38%VGyh#zu1TH8vwrk=A$wM=zh0xMrFclSxpqe5NXy<0UcND-?!zNzgc zPhI2Fq2&*e`P85?-xD`&eSJzAHu}E#+*Lna-Y1&ElZ+WdsbJFxNJbed%iafKm@)p4 zz?U0N;W;iw3x>Sa?{nI57jaP`;z71NvL&s8=0vefE6e>*xlLM&2K_OPE^T=+;Q!m-Qyhf= z4kdvFB!P&%)^J3Ut&Fx;@XGxNG0UMq91lWmxm@EjbBJwMwO9^KT|?75T2O*t`j=&T%UKc9eCbAYbN~y z_u0&5M_t-zAV4H5)o7u+BfZZ7D$)iSP*Z`N0h{O#R)Uje^pr_b4+bV#!r#oMT2NSs ztJVVN&`7yiRqy_YJe|RW;cPB9Sjp$=px7)d#8U~gYB1Z}k*0^S~|H=sPutvSKG}qzWN_ca(ti$9&$Cg+1rk5BZiI zN`^{ebbYgKZ_@GhC>BJHbL@KsMd?lVpHSHwt;@xSBK0aPJ>Do#7YZXJ~LX@0Ygm!^g1{a>8=WUv$_&J zC9@W^tN>GZ)lhr61&NBC@1~e^-wLK|#Qf4pfiSz$=7eK0mmLc{xl}p=6nXx$na*xO zqR8BwU-f|exBHFDgY$XEdOLdM=NFK}W?SE?YIK=RrP6DLe`xm-8_XSKH*MgkmMDr!A&uI3`Y&{2F^+qe?6@|S3jQ%R;4*!eI7Um*T zXF<0e^ZV`8Ni|{ozN`E0mCr$w&f#CePj~vC-ahq{(EprWoakxsYl#oAWcZQcfIy`f z>nlWnQ4kXp$g$UZ33WE(=m3~eE6CBks#0m#0i#sL?5ukx2Q9+9b0a-<0@$~Y7D*WAf`P}o1+xx!m z!@SN3cO8Lm#@~yHdFMF@`Ck0$>kc#bWIgK7g?9P=GRDN;0(0+svF_%iMFBzKhyyc;u@OXf{6roaxzE6=R0?-cr^A()sMnEn-K#}2r9F2vE z!hh*JXF)}TryBqVexm2av=bsrnl_FHIo42awPKhJX&zgC9=P^_5%5Y4-CeL8C0Oc( zNfCVDMah6Dj{Ds4=qO$?3KptG#Oa4iA~W85sDPb-`d^Q}7DWEgzFd14BVc zQx+2idmroKfy7|S3BWFJW4Zu$6LEB-w(rsK>k6$AiMbd-bGsWw1$IhdjuY`mN&3{w zX8tgTQo%^eNv}!hh&sP0VaH`qMuZ5-k+_&CaP{xEj^O$brCrAC#~nHM*w-VC*I3rP zKK{GKe=E+m68Mt5^{1G@23-~gOX=wi-WNP5a5kPOUKxm9xd+?v=d_MRf5-7{^!o5| z*u5iCF0JNoH^Sn97=Wh{%zV1=94J@jCB}p{lw*wlt1l;0ow{{<_z5&$r~8v-!559- z5Izfe?BMOuAcb}BYI`VL4QH-cH`vX1+mv@f40&1gJrGrEwxU~W)b&Sx0wm`y zLNPPoOEn?nao0n0(9|hSgfy|^3@=BoHM^|P)iK;f+>yb##o}u>6wVRhrBKyrXRpEp z0e33i>+aGF0x}$Ll?#?gE@;MMwZyDEBx78-vu)r-3*puP_3xZNOYP4ld_{B&>BH!=&Aas%7QH z@w)71j|30Bf)^-K*6INI4@V^a2btg;kT%={6-0G$EORKFNaMw&rE^(OkpGw6~W`0PPJ-DzrITVUurxhT|Sr(%4OHQ@*SU;ORdQ}An2>;2btRI_s>Ux zR)K{*rvDfuMKBQuQC&m~)Q?R14cww1;=cp+(>T@kHpc2`@;v9|OMcj~v<}gmCybm` z3Byq7`x{PtXYD1mO{K}Jt*vd)v{7E|k-uh%gogr?6agjqpC|MaK$;C{Urrm&`OW+B zcsrk@{|DU-pX%iwHI!=0hh1XQT-J2`t2@$(ZM-lGx?C=@OrRA`g* za@LX*GIC3LCt@Q1zJG)x7Bt#EDRL=d5AHF{sVOE`Dlbs0BJA34fxK(7 z43b7e{TT5!M-=woF}Qo9N`bVBV&mpR)llURyzBUgFJI9(Q-COsd4AM?cNhWz`iOX)e$PUiIs2QdBIuMy~;3+H?Vw zD0W=Yn2;L4RP+&w=8v$dj>;a{$796Ph^|sbE0(|q`4a$zw#H{i%_5Q5LNeGL8`O?a zHaA(z@ThDsenn5-n0ua9_$40&m%Fc4ov#tl8AzsCZvganCL_W!$=qOeyF;_}6LQ+b zPcNMvSGOG-!aBzgBx4DPLYkwtzuU5j(f$CKHk}0|OD6k}$BsUa{3^2pTCBAyZ4<~G z#jQFcDn<-%%I8-tJI;0h%MhT@>Y4p&TMb^qWbRQ6adxpLoyi3;LlNx1ufa90 zIu8R9#I?(hEqie0;nSFrqP}i~jmFEV@%Pd}aoowNDJ50a=;~_P;o;$at0u$eT|R?n zlO(BrRFw6gwg?>p>w-#!0R2Pi8>Z9j%z zmcN`t?7`W>rzYPuOE-s?fQ`w=%hfwzBg$`($2qN_vq%WnYOqq_EB1HK3pslRh{Lk& z5CrO~#BV!ck+J$fHqD3Cyt~W1z92o@1Rrzc`oaqjFzudG8kU)LCPygvEnl&i-v zhvPHDD}5G}+rBR>c2xXPKqYxQ{Y6fwt0rLdUDI*dDMTF5h6K~}8?Uw&r{Vw@tz5Avzt_81i0t5s+ z9bo{MJ;QABzcq-O_1C98Cd(ltRE;*hKGQ^Zx*usA+c{w1VrgVZgN!5_p2s`ZlX?1L z-+fugVP(mjPgg#SbLC_U2*Xe#==bFbvB^(cySWMl4eY zPx<_M2ZHWhw<*5hc+ohQ9wdwHpCjRcrAD<2S5&HDED4m4nl$w-5hw_?$pdcO@9%$d zAOH3U4%*r>>JN_2*O#tB36)6nbAmZf`Dtk^Q0C0D%DmzJwq7jARRkqAYR8|=OJRUn z{`0k=zCc`cgr3Uv=ci^Xu6}yWDHm{r41-5IbTCEPzPdgMt!@7Y;F;%>j`W`kO})ov zUDi0<9}uCeXo{D-AMiH9F#9;iquq2xC6lvrbG>U`DL9)K!sS(kZ%V3ujK`p(uv##y z9Xc2k#-*zP#St`gr55#VR!upCycY0o#rFc_pgdD@8H*=jF?;viPPa%RMIalUuZ_x%C! z_4s3iY5Lb)k>rzJiV_~VUuv5Rb88$LK(_irkf)>3s>ex|>#xii`S zBSK|!!8MK-q%Px4nKSVJAm}Kz2H%t8lvp6vobWIji(`fIz4-7tYS>$B z1r@X2Z(S&ZU;vF26_prUuQtfUld?9yikI<&DB6fXES>V^sPH>b-~HfW8^P+a7^~Sf;K9b$v>JKrC4G?_miG9s{;DGXJsiQOp+cUr;J zTdlgtW-!A{v8#AZrH(x<8}A*?H56_uSkeiVJ2L!b(27x>e3y~(>}x^xa`$vNMYt7` z?*^xELrW5c%XfNL$93l@G+3dfrL_oe=f|VMTA2ycF#H>wkuGLxGujNL*^)NNi08b9 zH=Mb_!f1L=>)m0AMgDC|?8cGD9G@}lu!3Q9eRZDBZOU$@@cFAr9lc{w>(&;={j~r*C89KQy6GT(lPw>c@Bfq@@P3)4RC|GpzfX%tSXOL_a2T7WQ zqU0#l)VZ8jVc=bby(j{@bIMz=TEKbu?O%bWUu=3#`4%tKlKV;+oL?T^7{^S1HJ%(I z@s|{--1^6WstvuVuzx0KWmwdnUNm$b0vg1s(dsf)I-4;zI{`;hKY2ilIo;p6!tPu) z1R0GR5xx1Cqp82fe}^m5ncN{J@p>J2{=*skMp{$lU9Xubr_qY~d%t2)u}x?vM~aNg zc1Z-+9R6=@#tw~L9em!XDy+>B2FuaAl z)-21PvI2b-9me}h<%EJXexTqs8pwy6NV5+OLPz*+xvu|kla`mA6NTt0_*N@IOxg*@ z#x{W?uj*)_#{Ks&_nM)E+^?@xx|c>?X!qw!;F?HKNE8Gk&5W}>3KWaYKoC0M?nj!2 zVsel;`03zay5bQ}k0*HKASj{;v@s02{>hva6GF{;clNBP+1wn?NV28WLdNva10Q9@ zUK^~`TT5|SUkuU;+3~9dh#eI*3$9M&BmvD(X(2e%OM2PgJqVAxo>zGyp_7ha;1Aak z>8m2?e1Bl1@GzhyWob7xVRa;-{Z`Um9Q44vTa7ijU76rtRG7N$v8gqxha-E~NP#o! z-+J2WH}A?+%E15U`@Yp0uyR=Q2=B>Mdwdr?mcTEfk&PRwVr1YYD=oE=3+w$g){) zL|@DkK@z^tl${ly7L=Ny6?xU-a^d&8-Eb=Ew-8I-qwAcIL;^N!V4D9%oR*>Rakbb{ zaN=I#x9lMsy&pM+0=3CC5<~PuUS(v4E4bjmbd=P0!sDe;;NJ=%2ef;^z%YZdJWUjR zO9xbX;YQTajG7t~ihsPk5B{?Z&(xHElyhhW;I!XcWt_E>VtGG-&7wAg6LS{Di~9nL z6`N{-Ghw&Bf^j5x!`TNi&P6w?-c(R{Tzy_R8h4$94Rc2DC&}ResPBPL?!K3+g~SRO z2gd#j1?tJPx_oB6or6~}pr^{1^rstY$u777xX*tF+gt=N>}i5qB{a&*;4T-N5E)EY zWO-$Zm~x7WonXSQ>yHB_HntBcpHzcss(#Sk2X87ZPGG4C7L23qlEt^dA)B=9jlJ%l z+@NwyhsxWAn+^^O*tnI(#&G^)>XEiEtwj?*G1Q;#Y0XHmZxBSjb09qP9@F&8(CNC& z8iO;(et)i-rruWco8B`0RU;vr0E*+q<->vVk0w!b@Kcg?LDMP7FT%Z0q%tz{4v#2} z@mVZYei^Bdc}hh-3vqggvh&wR4^}oR6TiD!m83itnhDU;>@xyWuhorEvtBKzCt_~M zeB&IGDE+4E;x}Iv+l4NO;>z@_B;SS2GG-L>H3nJo<;C_LZ z(QTlT!iQomCy`%#bM!VRYNgkYD$lYLU$bc8G;&Z6R%dN>6B4IjPTXkhH2L!bRS=Qa zM~z&&8Jca$BD`ezwWD%KM6rPQ6tey2$2D6gpc*BNwJ)nrtqpR#iaEosGF3vFYAq_k zXG^hbekq>soUw4^E}xzpPDx*f<|Gj)|1FWO7_@SmpO1$ns|m%w3?Vn=W&=5i8~750q=KtK)eVvL%rb%om6iP zX6oRe+%LKRRzzgg-EwW-!r3cI4UWQEtZ6Zx@hI5bT61vj{E?q!o zJ(p8E6;Gdp44Q_w9~r%7I5n|_%aD!$)5h*cwObN|8uEprS;4&=I|0i+)|3L)4OOy{ zyQ*pTD)feb+T+2%V9*O>Nk#_Ltd(|E!$87XjeQE>a=;Npd{v>}qVeK*yvW4m&wfQf zWVC_ev{^U~p&%$?c|pc`-+GP1(~mB2)5K;&5&}ZK?yip94`#PU^Cg;rBA4DuejXmP zNQyfOzRwl?_PYTof;4#2@LpRk@$)xoX`383;3WdJ+a-RarBxwl~=!bn;<4Q z7)*6FQpq?vI%2X~{7OVQLc%Z(oQMyO1Seo_bS_xS>s_{%yc0rBiW2$*Rlaqn@L}#{ zzRgRFpmeoDQkKGo9CK)oG1*4nPxNi@Fu5!|S?zn#EM)j_wFx)yX@4-ohW&uEjxk|H zZZVuBCafAt#xYB0a4ys?EGstVKaeydVQqA(wL93TN;@Z{!_g&tRPeLAv<(dFXEI zcRxYylkv@ImJ&g{GJiSJ-k)DL-qH786n>*!0-b1z)ouP$^aq%G& z#l#i7hs5wA;-e<73fKeymNGGY6+!4zZU1nDv!duAeTf7=z3DW?dNULXhL&No{Q$95 z9L6ml(0hb5DgiGfMHEkpnm~xxY!*Wxu2p4_>`Oh@2Yp)_cQohOM1Ja2h5qZH;}g%I zBY#a}Xt5$?#eM@>{6-J?Z<=ml+`@$tKR|(`+xi^?yy+625 z`Ow^Y*xFR~5|8B0@GRWM_6gNodZd-+ zD0lPSmzDb-uf0rw>=3$NjY=@|h7J1G8IAsiFgU97i#VB0cv*RmBTCW@3$z9(5Bf1y z8^CwgeDdi37Fl~fFOsz84HuT6e|xGPz{&BA<@1SY|2OA+C;c71a85mR>i45#e$4rJ z7`#z;1NKW?EBD0H55Cm8PY)=5%f_|;f9Me&raW%X$1`vCM9S_8VsQM+e5Hq1>I|N_ zLj0>#^2@d&6gy?0I^_rY<|ZManHbYxDSp;iJ4goz)%LW|?*Rm1)VXeo^A zN>!jbPM9RcolO^zd`$wPuIOQi(1F+tS}=nddC-$&5U-SdjQ!9_1QNo+UZlnQqXZW4 zapGqM?po?0Veo#|GX7u1_CJ5?FmZUOWBMgZ3{sj9RFW1HGc;S=I&&>}e;^Y8 z_;*C84@vQmiA?fF0mGu?cF=w zf92bb9sqX*A_@n@sZyUnOKTZJbLX&$7VRChq1!aW(?Mg4az07n;jrpmk$A!~&VPpg zkBL0%p8mr#*MQDyB?TRad~QMlM@GIX5hcZ5Cx6+nA~rc{x&_)4mH8B2<@TD02R>jE zx+ucjY!No%O9-mq2D7kdvjt_ZwP?XiLQmC0Ez_${g_d>@4@$!ID^?RcVWuyP`w)M z;Yu)8`@HD6%dq_#0hb|)9lyBglPQ33D^}Il7qR|URxm-&6S*(vVq}~6H)d+tUcY_r zRmjrX?dy#r9YK05(SmykZuv8De^|`__KxI>{>A4e*q61>gDm}=`&9AtKz=WAi&{2A zhP&TqXhMdRfrNlA^rPg-b~v%~ezYIOd-u6P*0KN+kZhTGQn0kfS~Cw6`F`f?ogc_$90c*JxV`<^=> zQq=vjU;CW!wyNVns1bTW_wQ~ak(~EsG;TpfEi8kf7w$c0?kHl*IX`xIziX01j(3}< z1)ct>@`#42`#-z)=ghjtY}V^*e7r?ftI2yN#k=jEGAttUYR8&pA0k{}6h|1&D3WX| z^aKlP8(<)~9ZZN-&dxK+|KO)+JuKEa*B|yb5m}YBbx^KQq%>OOnP{h9pK2u6+JL6l zbLNCoTNkYBH}D@De7mz;%1E@lBA~Hn^rDoS4T2@C&#uPDN4;`>RS;Ks_`?=u&~5s4 zI=eHK^(^}y3+h@SLUu5zhD>XowM*{fEOLBUKibkk0!Rk9>Hl1qpKC{An(O4bzefE5 zitify^q8@qcW3{r$rTKNjHe0pp9Zd78vtc@!pIIZVTLc{%Y}=E@iES1rxzv>Cgh%c zB2RC;5<3?hnfC{pF1!((`Ev?8LHYV@b>t3gld!MA>!rqqce|zveM^hue-A;r3)*i#@@p(`V2^2 z()DQ;)MuT;_g<+V?YOh4bsCdeOJBgBkX0~vM+2#w@M}v=X$sQry;6#w;MAhaN^-e{;W3U#xTF#JcV~Erq7o zt25BI$mSkXC-bPg*HOZ!^{X{uaO=8zVe7+VIBvE`qQjpa8WyRHRb|$j*+YG(2BWAf z#wVi&HGA+-XG%91e*3bvwuTyD7J15?cGYXpoGOD^I$Y>rjV)RyMhi(c-Czv)!1S$WWlwNl5pY z^yyX>`N(=SXTkRroeeM5s)P>c!FdG73T*3z@q=%o70cBP&NP2JR_-B~Q0L!Z=4$f0 zc$nlv#VNh{sPb!iV7Fi+D0c38h-Yi1PgE@HKd|J_sd>)J39n@(6<{2_I54Ef zk@K=B#`(HjGrPr@+>Mf-JD5kpO4FSvXhbr|gz2&&tGVzd!Xrx;@ppi4Ckd@h)aD3{ zkuG5KrdI@K(th%DC9oE=USP;Y4Cqf>e42sVp+P>{INRQq9NwdBa)cI1W_>-Xx|b zNYhG4NAj%ow1`wcilw(Ij(~b+6LPg-O}PeI8=$6fQkZ)IoC^7qR8cC?&?X=BI3Ep=mA?{X)-1Dyp;5Xzt z9?{N;Hg>0w!1Avb?EiMz88^bqCYWhRE{MMwdUIelUD12DxD z2s@8d`gD&H5WV}N$!0gjaj>#g*h@;UUUITb>wP&85SjQj=Sgtci%{2%NTy%hq2zkFR z?-czex0smP8}xoHzBV*)L-Rl%@l3=^vbk8elZcNpJ`eJUDW=HZ<+IlHaU6`Zqd{4=9KmfgBm_2>n(&@_ zKHVkywhZ@1VxHQ%jO%alc9cG2Wfl)Je95;(gRH4ysuF6ExmM(Z~4_|+N)ckEtUNK-xeE5LkkF*P$ zRDp#;T~i0fQb=p;JLaj=Uc$Izg=$P%MNO~RnD5e8>n||De$mE4fF@bu=S9W}ZFx3kytl+&z-1qy3USNfFq|_kW?0 zF(nQjU&Y+7f4Jmg!CZXaF)hg9Wkygd$wwn|DLJJdAH1RGPns@H zEO3bjG{d{&Z|L>OI&FnKQB;r?YY7{Tr5Tv`QpU@^Z(i05lZgeYQ@gz(-!p_#Tge`~ zjZHjde4Vi}n?(6e_S;l1QDgrZy%{YPZ#a@Jw%)))S@lppojR0=NsHX3Oks|!LjHp) z2%AMC_zt`2knL22mhXnG90APn7%@5re!&zzs}f1)AN)biaZInL07sNFc4$Qi5?CU| z&0;g2vTo+?|7pSy7Prt=hSX6w9Lu2?HnT~>J$iFDY;~TAX1=XgcsUVXY}jbQse~Wj zWg#6li<*YJsp-AJMGaO`pcD%`nMFz#BJ_?dcW^mr_KMc=Is4TLG4K=q1(-gQ9%*GR zg}9L~qznBSxalTcc%{8shHon?xp(OOyYL0-mZfVDQw6JJHHjnLhf9swKnqvm6n%jf zk_WeH?0{P0Gp5dp955`YZ>r?Ec%p}9Lh1s8kO`np+527XPS_9z#ZgWv_*SPL@~;=> z#HX1yTU=a^^j1q-{N|>?o6U0QHB;y$yu_7E^>~-jC-UMM#Me;0atwA}a~Lp za)~hNkf1Ipu#!CoV>ps7=H+!zyjufTFl`pQSj-X-G|POoxfhs*!D{3dA8pL+riE!( zK07}b*~s1vFa^p53 zomZh=s`FMY9g9nyaK|n(M_iCieZx+EB&yOWACA^Cm9O5l9^;ll z1gZe-q{O>n^0=FD6j+yuG_$K7i#ugCZ1^331c0{CB9}Hj%PNsLjYs&g0A!WWg=)a( z$f435ra?IL=5l@HUa(3=1b*C)>{78)3%J~=WTWd{^bZe56m+4uH14SiUYUgmUce@Z zMZN+%^MOG zP(>`P%4g$AGa6`ICtg|8qp%LEV^MK-p4B1I$}r^0FeO!d6iT_KB2xqISiQRJ4{V{s z%Tp29cB0IcAqOAR8*UYl;|h0!L0<}KDU*6Xim9H^O;D1ROUXZJG$!MPpE>8-q?<++ z)gk|6BUvYP8uUy^M3%)ZSC-M0-c!ZCl6px<%Q}?8eFiG(HMjogYv#=p&1y%+(IOML zeFCa`iZ0DR#Zg;=&a3eX+2dM7%vVo!rEvhC?ad>MLz&kk0_Un$|5RUg$1y+3tFZqp zleG&$YHJSIaE4zNZdF^qZQEe9T~17G|kDyPZ^EZz9XQO}-*b zuT;62adJ{JI2-cv-LhwkuHZz*kjs1i^o9ZdfWH|V=7ZR!gH&u8O9mzk)veknZ4;?% znJIU)oauz~v{%=}!nWe%r+X~~&;w3jP$aA2%zbF|Vl`(@RN;}Sn2p?J)`n|y^gyQ6 zm}oEJv@|^{$Eb`1L_bMC&BjoSU0x-b%?RxB&2Q9)sNvIJR-)wL`8e^jvv>4 zhfSCauH)DTD%Xgw(O-R`t3gwXUQ0P~t=pnEt6uw$X$uz?pwsKH;ntv8(C@(~O#){~ z$90-!YCec)P=CjU&S`Wc}b zymvdcA2=9ZrDCD~Ds`-r?%EZXKSHNyT>3MZDrmtXc<5YoB*MsKq!RH#`T+h9qDajC z*N_?PMP^W3`I58eIc^R#M=6Z~g~-Saps1M+GAoZdPbsA9J&7n)8qT^Jm%Rz&9u!Z! zY=Q_zIw8k;IA#GDeg$H`(2k5@%RlU2d6SG9QBZVfC%J$Lz>{}DA+C4A>R9FES~^r_ z0G>x%CB}nLC$y8Bfz}u82FF^sbtj7X?W^AaEz(WfQL%LJtQOo6T2Y*5hW2>hXh7YvINo>`XQR>3l%SUe7u8TUX;DGHRU!v;E*fCl>WOku6OrrtP4EMUw& zQkWwHwucG`T=}a}zSJueU&M)Wwv-TFvDcH-g^vrIcRA!Rxm1{&Z3RuP|13cX6JKIY z0o-PfmhPSuDEW2yWtWlUtzJH1(IGA4P_z|a24hv+jO@~ZphQogGu1`eXa!xshL)wS z7yvuY)Le)ETJS6K8o2NwS-t^y71yOuy>vLf)^l6xPm0{1yyIfd&7kqgh(X)tI))NQ zj2{0WSKo0t?CmXyIHru`o8-ElF6sr3btoweluoZ5N|Qh6MI%XktPb4X7B1rV@51pc zDe56*VP_5&SzsgJaBmhM>mJ16wLfPqtZ*2}L*yNvtPEHAQ$;Nc>wg9k8UDKz1@r6LB0xH0%?NN6%c#75 zD|j5hPB>1jTO6l(8O|u@yXB!}I7s@C4#TK79h-*%(oby9hA?h^N7Rt+5u zJ)FrG_Gr`s6`@Ghv%VXe&6s*|D`Od+mqf1|ZP+>CQnebxtcV0ezkGcfGu9WN-D-dy z+=0$t6>Ju&8|m7!T~TDOuTv7T4~3UClC7(wiIx(DmxQ4HzGtuTV!cUezk|Y3RWBn* zp@plkdn)csrub*nr5E9KD6FY`A)&$3SD+KW= zpy_UPDhc~Ew?wQ0x$jZs{~{00yDAsN3(b+099lx|kLvVp;BMtbiC;VVOBle-D{O17 zue=^pvc10S4|BzJ>&-(^z5M3XQg5{fMCBvdZn=8Z?O z3sVjulxLN3r0M7gh(5<(28X*U7HS=g8!RO}24}M?d5JD|N|(usfYzpJ5%ak(bWrKU z7FkT5SLO$sSpURt$*`oA`2@1DjO>0$9gfYsxQ4vov5R>SXi$YPzCZU4f#8`rj;u8l z8^)QQu@+se&l3z3W717U4^GIZpgw0ZTCmjn4 zVg2C{evoh=_lG}xR)M*Eo*G^ zT*hZz55ncvY#7f)sAPqxAqQVv+=)Os%lDW(Z~Mx~?yU1B->sl>07gepOn4<2w#t8- zUwnH}3JC5o$#hwtRXU};iXuW=`k$^ei(V3ft4Wo&U%t|nIi&@w=2_;r{;w7|lJ^XU z-@VAtS^nHv2xR48c$Pi>rc%N(C+5!ssV#%^XzCT*??%-A zW4~|5cyt%3$l(+m<4rI@v@cC4_=fzc_Af1ulLf37Md6OQZ7Sl=yjhcJTk%>vQ9DrR zc_}oGMdC{H3K_x`*C$G?Xk{3Jz@8Dp!L7$F}j-;yf8s7 zIozq*vI`&eSs-H7`Lrku4emh>q7U|T$$ujVJw(bYA94n9kt`AK>t*v-M{osSKHp(ygmzB?+7Jcz z(QU+MND|^1Cl#S}-cy0GVj1R%j{pbjobSCwV9)1SDKkUpp^OYSR33LIb@7F`Gvjf_qb2Kgfim6J~j63nwY&E<@;{2z#D> z5QS%De!fSk;t*#jwlSPe4V}}BQw%zTqPYhOmaom`KlU&LNWBLtrT{NChsx2mET4RqZbTS(f@ZD`R4S_G!w|fFXIbvP?dk1=a6!uV&l^M{QnN;ToKht$lp*4@L=i zmI!p5lTT-nhw)Nx3pcQX0#+LXOUVVyBsTwhetM}mg2aN{eCSgjW<3#K=!m)iPZx5e&8+CW zcPRjOc{cZirqS!9jUZb@oU#p;2|*reBuBuULDzj zFo2Ngs8|q})GAZYoD}?0@+6T3Kf8ngnacC{jFDG5FwhC3(ggZJMx8ighpgBS;4&i% z3KtFxuMT10_O3`@_LfpHln#p*N;W>s%d`iI4XwBvic#kNIq{I@pm&_xDw zIChsPEA!}BQa^tatYXjYrWP1T#cU27kmE9tNibhF&LA}Vg<#*tj$(^;tRWxVxPxbX zz#^+;;a32@RWqti!>07P_!s!dsA2?xeCyx^eV&0XHgEs{kx()?t?ty9!# zze>wT#`7y@4xNSz*M|IgJP#-MEW7Obhgo~}Z)kZm9XI~vWmWvNx zS1$FlTMfEGQax5-QaJdgGl(lAmk*;#mZ!=d<#rlzSmN-x@$&3mO0l4FGxX3zcn^zK zEG+X&E@6?9aLN?E@<9aCLOai)8D>k4dogvwUI?EvNmx`%j^_o8rhaxpt)T@)2v=(z z6au+YwyjWk#YYeCVz}V~^DwDmmfRq9*v0wXF8N1(7PRk0o((kFO_|e5&V8+QF4Ej% zY3rnV&5%Dv`S-cV zb=dlMJb^O1_PPcL$cj#nP=rpWg<o&d{2(4On{ zI^M`4?M{v?zJM=!b8fd1@zFWquDp$!W3kKb4hvdDrebC)(=UQ~#(wlFcMWJ2gJ z$Ey6fkDM5#Ck5q6;lRkTFJqsP2JTa#An_ISNnX7Xp?e(r^pZG2vLaY!M!P9$WLK8> zM0-S&^$L&Y=oR!JB_+vRjC(66u)(BAl&_A#lKbPW6BztPC*Yl&7SSvqc%CHsc&Hy~ zjg8|-k!8dQ6_`~KOH%>Yo;HXr=VKfd^oD1Jek_fpELprG{(q?Y%78eQt=j~5cXxMp zcNtuQYjAfDI=EYKg8LBM-3c-fAZT!R_s9LdbMAZZ=k&~US66rKz1OO$wF0QBf|%AF zZ5Nq87W#h9)$qW}_i{BjNN)Y+-P%4X4;-Q%reNnrkJ1#wz(kf)h?20krRC!NUD#&J zntBF-#GWRG*%$-eCCol8MNw}uf}8(0h4riH*iTE{dROjoIr%T+Jf`5|bCcnWDv;}t zz0!9fT*f<{&?97sGs?`@p!fb_>MD@^9hXv06A>_r)oC>1`nFewW$A`jn{6q%9*IXG zJueMX!xt3~d__LH^RZ|OULj5m3y(t6Mwo&LZTLgeNhh$XDLu@~(OQ2y=oEU^k~Zhe5R@Tw>NVrFq1WD0~LlWX*i9HQiKF z1#PwYG?lq^0sA+f<6jSEI*fZdPn)GORAS*z)=Ai$h+Syv<&+621#NLJpu|sR#9cDM zbUbB$h@~22zlBMCTR7@lU?626%+1t32nmn9@#`3sUz+ooZ~dcNBuQZ=#_)SVPjLN@ zMISEgTDc`bUgrs%enp@38#Dh*L{zpu2wc`zj`ukm<&P;jJ13b!6yd0IWu=RmBxX}* z5Uwn&Pb!)O`=)FmWZS& zSq;;oZobifmB#aRTR~3qVa&C<%H5>DmdC$-4jva@NuGt5C(Tdo&sIN@!T=4&Lgwob zn<_BKPaBSLQO!urCrfKfobnbA<7-;eNWzz6q&svLJX~nT@da(vJ06%Mi66h_c7QRS zr5fv~@kxo17Q3{c>XQ347)>d*<-~n92Cs}t#6DEd#ognS(>yyBAD+#z0H% zVYP8mGNj`TN%QE$70z3k-zmIg^71jGVv(RBJ(eKAoZO=`$!f_zhBDphQ8WmMX}2#f zTnI}u9$5}(^|cs8C%(b9mz&fynL1XGVgM1HQgoLsEEOXl<9S#SDp&dT(o9rqKd%V^ zltlM}Dbx}=o)i0|eLj4fkF0)4D|HgIq!hY%#Y0u`>ev4k_mLghu?Wvt@O92Xg6HXX z$Ba7vwEN6+qye}N-z|~|MsIUn8b5uoh=ImzZZ-kN3inR^Oh+=!MkPdTF+CDM>J4?`nQoa9Ll(pOH>$a;KrR zB3)ss8&`Up(ra9?yPT!bZz8k9h(QESDqf_A&& z-XJWP@&@s(_A@4DLUE6Q5x!C{$-^{~d-`kRtt3<2YVN2nMj; zr)gSsrOHIPFu13*Ub5`|F784(v8AC*s#PJobVJ>(k3rI|H*{AMIJDdef>XX_nOwCT z`0Uw|wG8lrrD=Pr5fT^rGchagiQkgKFr30qQaM=7`Xcy zDnPkE$kUgiX>Kx(vObh>xxXam$yl2NLZrIHRcHIs^w(#?yC!*d3jH`uTgX9oE?`|u z)2roI(JXnW1&~Ovkm)S~_*1ibce+N;&-+MhLcMPfLp!V8Md7#+Nw^A@#f0XRG1(mZQnc;h}EZS>a;Zl*~PEU-UkyYG-p@ zn6x%j6tN-!QxJl0Igj`7`Z-mz4fLu?_}1}DhB%(AcDeV7A3k@Q1dRP!r1G@~RHyE_ zA1Wn|G_<{Am@b!#JjtBwX zqHwUddpl$j+)@Lo%Q{=s%Et86wd0ov-BUG9{xllka2$(GT6}XTiGLX)R5mN~tDb_K z!1wVKp@Lz~8&63tlo~cOhLjl`C!?+xV3UTXgdT+YoK5&kn^1t%tOvhn05RY<9lwmk z%ljWe)KB!$jmSMIR-RvZ_KB7Z(+yo^uvD=$sWROFW&62@J%U|-eY_$#bNKhe@IH&X zPT9aCGBIT@H?EV3AxT0%i2hN9$Uh2X&l#=QB zyb#m3q zxe6AEa@8DTGolk@w+EM*dneY+Q}Q}RU9<5ao{n_o)e;p*zynn^DH)q!d~P26YO48M zDl*L0m_B6~jbsdJDzOCbczQ!gzvJ1?Iz(1l?1q%v#L zyl=xz*ucYzj6h5q;9E*p!wcp~YQDC))6D3Kbb2Gq}oS?DANe`o(7RIpO=6Xm-Wx#ad7`77hNfrNSz}VRF=h z`{+(Bdn;K3qwB!B!BiT)i7`9-^4>q$1S=2c}Wd=&O~e5m$n`cof$)s!=Sd7gck zr!^bgQ^zizf)(L6jnW4~yBaCWE8I?V@64Klh8?|w<9#-m%Hd7^PWDQ<)?ql$BX{~) z#~r}=cuNp+(J?Eo%Bx%7xEk@*mi7T(&#TqwstDQ9TvPMxO^;T%;O~c9VMw?K-Xh@> z!)Z~g-s4yXAWrQygq?j!*<&tt3vl+i%=Nk~`@G(tgpa@bJ)V?hL?Z&Iu((}HFdXs? zLFS1nMr@CbydN&i+K{c1IC+lV-Z@EPr~e$k5=wzm{TX%SPtkP$mm(RmBu8J8I)p-( z?|2-(bP>q;vHIs77&gy1raoU_*DTWD5R}Dwk|bRgQY-Lq>m&wBB{<-qtPp(g;qekl zl#I>LK;=o+suXb@ zG4j1kj>+3EZ!!jgy^)M=O_2q3*z>)MjRG@Fb0!EwK3eZ&#g|a+V!5R;I?^%#pEP1@ zM`+)n%3`)TWZ3Q9g~|{|Drg+;T0Gony9)7EHo%yGRQn#axOm{vkv$#TSjlBpHyhSW zvSn_$rrfZ$W}<{`$3ydi3`~!J6p;RlUfA+!rpA%DE5(q5CI!D#6xMe_=r|H7T72gb zHioJ7SxcoXay`P3+<#aD(7cREjC5$ZcZ#vqv@ITLwnT3?p8K%*5!7mN`+FmjDD)6Y>nr@c6J>5BkcY!WOi4M8*2KI@;Rk`0ROg>J$^pZv-^t%&jEhIhye zly|*v6WMl_1=#8qbS%_`H=RpVu7bP+<(00&{^|-Fw$$Xvu!d|S^G( zQe@Wc*odcjXX&mx{xT``X@aL|YnR)>JIGDY$Y>$=a_fUp?O|m(6RUo zg`fejaj>Z`(k#k|@Hbk{H@2xtjR+ZQw}0rK4CS&##h@dmPmSk8$akVv=io!>$=6h1 zRKWoh`iXP=&U8Q~p;9&M2|eS^(8yLHP{zO{R}(N$5^YRti7fWz9X1*9dOlFN5U4Ml zr-z@hXrD@^d*KTF4Dp_nGM;;-r}kB%P#s9fS?YePNZA+aW zz98IhB|7N5xHwWMLr7UF#X}2YQefQp*lS&Jx(P=gi`EVs25N<)Ns@7K0gX+V8 zWG`o1ho5imq5r%!e;Exsye?cgLQ%?0pITMvoo^=P@DdJr;8wHHlw$y3VB8$K_9?=U z3ns*jpm(Thti^_{V-{%M-z1-U?gTwCH@oYaI@S$#Q^0Pynwv7NMS4^z9e8bfQ_V`3 z!NrO1|D>&F-m{HWcIZv!Z6?25s7l;kO5l!J{K4%?HYH4pNqeld-vg~X^Qw+n+J-J4 z7ef(jBI_Z^c%qrGs%cCFz~zT+Z&w0qR9?f}N_Z+%yH7S$>6wyS)}=GDSJ#o?o4Rj% zu3T*LVDhx^si|*E$W@{Q`1mCf-NtEahQ>OKZ{yfvEgya*#ix|=jX=X6SFBlb zD9WZA(%IH52>OZRf+dr+pbXQAeT%?RE|)4bmNQ!CVPcgAUBVI=69)5z0CizL>9gvo zxC{q8)Oe6>ImB0vobEbT3A-5+vNd+@8Ve;o`cw6Ge&wBmucc)&F@j%1=!0y~5l&VY zLZ**efxU>lQR!;#kTp#9!~6FBP)KS|&T}7=6TG9HTs1c^^v3uChctAOv}-~wu8aIl z-_&GGaPi%m=HYBBPMX1S$yRKqd)aOwFkNGxVp2QUybJ{wGA-G_aSM`LW}LYy$h$@L z%hAM!98yq_;ndox0s%I6x)n^eLYf)PO{wMkUG;lGH%W(rB6Nrf~ zzaltRph1U5veO3;uzIGezA!=l*<@r-7E==^E2@4ys-moz)ipYbAOVwGrJ8^Vjcj2p zQ(;2B?I>76%M1wSn99(L(iMOeWEg#Tnk{>Ar-Vx{DjL%f(PkLHX@hAKz}-8qH|vp& z`uygWU+H4b{5ysw4kqA-7L`TrlEJBzX%jS|pfFsi`+ZS+rDKz6w!2ZylKE9{k=9lY z6|v{JW8b8JK>Y{YKLey zs(gUYjh<#VJpMIbJ9@YWuwnesZalcJD-aLlY%M_iUEsu2!a5q0cC2@4NLWyq-DI>m z-0aG+W9YtJ>bs=pG_=6OTQZ-Ir=UoOU<r$8+ZOW1?#C0iAs2^t^Xfrp2OQeDpyP zuITRDauFK?(1HOd*FqdqQ9G~krSU^!Ud_9f1<3WMA)zl0TN;OJrs>!0U}6xYUA>hoqDZmb#{J-&mjho#z_R?V11nIwUNLh`ysPo=^kTLMjTZmU}R|;G{*RBOPS&@n=mi>uOpK z$Y2nCuh65q(#G~W&r%PDij0#d7SGDZUEk19oXUpWn924Ig1C<<)~ z9FjDf5nEJq&#wxa*PzP)ac}d05p{eTRl%M}sS;YL7@@P*qUWu21wv1*B~`^+rljRb zi>rprWw{EX!#D8!p#))WXzwfSP|*9~55MU2WzgLf%Vha35MJ|KUbV_v-*{YK$S~1g zM2E*0O=hmFI5TsmyDZ zd-C3x8~z~BJy)h7a_7lV>E6<|Xh*M-mul)*z&=xDOPuC6s&V&^!^)+Fi)=;sQs?pK&J^qif%?4nxTe+hDuQzjA z53F=*Sxstu2+K^@6s`_?QxT3WV*d{h@B{~gpaC7-{&Qi-||` z3AZ!WD&KmTc_MFE&IW7)E7G;+f71O%D8%8)_?G$RbdcwdCMggDD(sJAZ&{DA0}ele z$@yr!>AvXbv~-V}hgIoWThkc@98((bSW@8o`Bp5NJl!0EbeSFo{PG_INT@n1m)=i- zlV8#jx|)cK8!M7-CLH*=zna5Z6a;DioW?}IJvZZ;`xTRKpt!c$7&m9OoyS)Dx}(W( zMzG^Mx=lOwP;&k<7y&E*HK#?;CR*8S;hxSt4VbyK^F^2O6)S&?GX zNM50?SVA(XvOX78TAXtsmnO9YoH)PD)o@GX6f}7QRU>ZX1NqJkNLG2ut!Xn*MdQu_ zS(YBu=bC<9Ueyc5r^QJDP;(*p4)LIg$x^@*!{k2K85&-q!F=)VMjs}%qO6;Xo>zg6 zxQ{t5kFXKd7ss>#mZPxH1y`xx(^X7#zPgvzbYtk84C0WDd-bh>A!J>fABn}i@yGx|(N_Trus|Am zSwhD~zy^PSzlLBji0Z+cWw4h&`Nee^4EN3SF+ zk-WM2*Bt1?TH>djLUyATf{Zxu5BCgw!BMt?YG>@^ykdocEePjsx>Yegq6i>Cmbi_; z;8?D%o;@&bVz%e}g2Vmdv9z}>cgqe4yq3RRpAP0CrXw9keDrWLD&81@5&cWvVTb^n zAo~QIZn1ErY+rnav?4U*b_US(}@97|$NqJx&}DIH-HR9bXJFD*BdXrZgVk zN4xKPIT~}DDVZi!mZVtMiyV#8r$bMQBG%cHW^Cv)oF=ypX-<<#M$ z=63c{iWIN=K&AmeY(szYr!K|A61KL<^3jr~AToPV15)ez;HTLxe~A6mdl!RXH+1WB zRMB$-kK$*%$6bHuvmOJ_?$d6NxAz?Cm2?uU%WA4M?&&^9My)b@tyd#(3nd3AhVLr; zw{WKW+9$K;Q{cPMisv6XKsxZxWs`5Ka-SvDko1V_Yx33d>3aVu@(N_|vk)oe zAA(@-lB>dJGU5qK!~0n(`r$LY2?Xlr51Fpmun2hDCIUhp`(BSlLtuM*`J}J^yXNQiZ};$vL@GoN|ePEH@*EG;(urk+%yuSyJ3 z|6r025Ds`I7ZO}e$jOgrSOZ&$r}c^UwfUjtI(+grfiOm_W3RX>zD3a;aYTtQ09S|` z^v3qUjB>KkvbM-~=^0oRX<;$r2|(m!OD2uZ-%i=Oe=b^sEqsLq1DKg(NY>YcQ6dPD z8J|sMFP)d$)c6xw9Zi-y3O8|x(n-1!p$?tK4CC@RJoUBx?Lf&eCo}#`sdgnB zpJ25e=Q-E6Snyi3wu0T5LCYn zw|_$Cyi8Xq3BQwo!BmoVjAzve`|!|P3mM3NdSVSrC~6QyEsEuMf1D|e_wIt1!&*B4 zM1++=2wmNz=W{mlfh8Wfy!Of$6^OWl277*rPvCh1%RRqlLz>DnhAyWxD>P6SIt zd`<=UH&h_5Fb8h-&U{u6gs|+5?>{9$0rqu~edu3b27KTC=4|p2P&EPFLJ!OIEP_vb zVURXg@99^7JQUFyQJ86V#GLyx=Lb&|QBcpyo#c^B%e9}}inFfwWZ@$DV-Xv~+ed7w ze5n6`{NM!O%Z0v+=2F9-uv2$17XkM0Y%}9kY^!-B%8>w}Hcx9gQwbW14Q|`oK}D>u zy&(NMaY2>dHxB`fHi5%c2Q zwFAqTV+6oyK@WC4BQY$Pg6%&DeBW$@zM>KjM6Jk3-U!_#8e%2GM-Sd~Io&^>_nkJzK_1f^V>P>@6kjX! zbnJ(k?Ycwv9~niQh$g0!J|ON1STUJkSw56>y?gk(U<$p zw~qI-?yl$afmhgW*g(?mnhrt#AeBJKK$Ls0)(y(X!!hIg>4CM)5j9C78D1l|F8Db_ zdyq4t+XMS&uZMc!({mfa4pPD9j^}!3l=px}=MJZL_Mj1r;W2mNA)jJ*sODMPKl$MP z@EUHK$t8!-Q|tYcverDX3l*;1eNsF>_^pW8jmxXiJkWk4YS62i1???raQ1cSY=rdf z+4@ZP^;Of$TPT=|MDb}fwZwK23Zt^O6W zVSPru`k#N4c_QBl;KBmDTi4c-UZ4W!%6^#*j7)TZ5|C%k0^6Sj{j+yQMNv8R79)m) zQ00GSbvz2LzHj!R-upeApPhNXke)5R=lY#*({&-XWP#dh^!Z87P(wK<@JBSN;PbcKX z3{>rYaQk`P8~CB9cP4EPMuA8au*d#|=|sf}LWVxWv?Y(N@9@`n2F*hc@y0fsi*^Km_OLi8{@bH^9F zd9`581>Pe4te3*^x`9IR(USk1o(%1!neWhz1Ry1(TcfS1t*zeb`jc#p3JC>Zw7b~g z*}Oo`QJzbot-vb%_kOB!m!kMu#YWN0~9fbZTH-j;0TzvL7UWF-_JFfjX* zGO@%ricBM8B?FZ438FK|M;kG=C0iuVZG(sQZb$?8T+17Cmo86nA8u0W*!-r5CUbi} zNjq3Dk}mIN`h)a^IZl4n`3nSPCz6UX!f9iICFV_sx&~ zcFnx68J4Z<377WM|4Y^9v6To)5}eWg5~DpahDPzvTNbh*K+8np4Hx~#K0P9vNYHgu zv+vsqjBfT=lh~duEjoHcVkVz!{fz9e1SSb&fD~6XP6wCN-iI|o?U}@EvPU_H04+Z& zB6Wuzgni{I98!}t;4JMnxL0#|P@fMQb4<7@|b2KqNu4-W5KM4^+E9HfNdyvamiNvBA^S=o;66pj+R!Pj=~2^e@hYTm@T z56o)=#~s4ym{$K|J8rJwLP>NW@uxjaSI9{Or&c$nM(e9}8cXBJMwFH!j`>(Jad|^) zIhTN1w<+x%xSp`(RMuRPxiVTowbM#aTU|H%zC}@^tLscV)p03!4O+jx0tB6vi6@2M zWHISCqx}=QDuZ?CDy>R&fh9D#+2i-=5J9xnWwO6!quyWY&xK&AqM%A*yS?*JEqY*1 zPLn-tvwm=Eq=nSz1G8r1+Lwfyi44=-2;`-vI*2qsI}@!|RpVAvZjZF3dPijKYQ2~v zKtYW=<*pC>f+MR;$4YRius+D1W!Gm+y_(7PtOD=9J!!rdHUzot%vbyfLrqN$CQOTm zA*>~_QRj?-<(N05B769)Kt;0TQaOmC7rp&i~*ayc~PkZAx?)5io_`Bw&g31D-8V=5JFUO%g8q8{sa9u$!bZw{g zcn3vX)5AQOrB&?A_tmNgSNuo%3MrpW4*w@GZDx-nV{=VzoQmj|$N*+Q>xp#c>*Vo+ z?{Ab;O)b;?s}H9fD_W&=f=T^WIJ$l3LQXR_Y+D?_>s^rVk=I9oB(U(JTr_2x6QfBZ3(ak%ufr*}&8 z)&DorhG6b~^l6VslTMuxn9%P-c0NH~%ozxIFXU~=^5j0C48tK9xSc$*TXLQU3D~>r zkv@#P$PA>-x;r1L4S_ges16Tz-RAmT2x^5N&T(^@XxbNRGskRB^-lEIlq)_qV?TM3 z$IGvgn0*?`Y_X0tNsKyPOvE??6}lD+!UdeCX4%B^j(Ukh{4Fx_vt2#`E^ zJFov)j117Bt&F~tOyh>ZoC1V(v?FleQuzuffZ7Xij$+v}1w06zqy<%5ytqH?OFlbb zB}^H{4iS3(sQpFXMXf+8j5qMKVDhWdS9e)KRd*$<)hIO4-olU?IQbKivu8PGK1yfn zCwvjQC9|Zd4`&VnssKZbs_LHfI&_Nj7(e{zySo6x7EAB1MZ-vUS!SNv)dbM&z^ot# ziI0_Gq$13)#`mc2|0dE9%>DoL;}ka)6;xYW8@MVbIy$;|vHmK=Sy)2h8<4Ec5P*Te za4N`{rzskRF~~we`2$ z=s{?oI~?Qn;cE48(= zkf!?2+%(a$vX^1hE`jJ-ok@6Xe8e9ltPz8;ldSMK zHYD3#wUWi|owyNz#;k&<3*4i+gG?CG9q@D3ZU@c6iym!55Vi{jNvvlcjqZ4bEGAaE z6_7Ccz-1vt=s!gBzxByS4kHt_S;81N-_xnkOt${}k>5jUzxb_DkrW%j;viT!HxxKG zn9u&j#A71r6k6OYch>zTQ6rfs0w*rOF9Z;nVhmLW*r-jVdu8H-aM1@AL|}p(q(Bpa)o5bGF(r?*Sz7x6jFYvE_`6b?4};z!NtO&>3n7vz z$dd5I=tRbXw2A@>wXK5Aar$6a)C~6hKgd;Wn8XW|U2O{g)Nf>bJb}sHf1|+9cc+r( z=9J*MxuoP|il`{cz8}4&E&X2``o4Pg%9ss&Z5gnov}&3yL&mAX{)))o5PtV(lt~oA zh&rTyr+k%<)HpzdI6vqSc_B@|5NutDx*#vZEeB^E3v)34vhc&Z__m%bsE>(hXM`N?yb#Sp7%a;H_|zf1Wu+uHQTQ~swE{wO@0f8>C?;W{0nXq85WhRA7Y zVP%SDd+vdtzTo;I}&7_LSiwZ$!QkB_;aIDjV4lA4i~qic*!JWxXk3ELWU3_Y+H$MKBQ38Z1eW>&Lt`#`|05OC^@ra*941*m7baTv)?nL`p zk*gqeiw|V1&5l&UAY-XhVu1V31aE$x87-2Ee5UN|*AxjCLsJ%_ksFWbD1`f`kARN* zknjF3CaJ=s-*k?`a!@xGKReXqy9R;dV4ZgyJ{L6ZS0EXkBVFm5FFwq0A{x0cWl^K= zDm$LXF&9##WHS>PzwYS2W<0WM|ekiFDK1+KXT0BU~SJGSH53ooTMSU^rTgc8A& z3Q3cV!U^H=5K}sERn;0yC!CU4;nwH4NanM|kLPFPbZ`oT)alC+Q3CyJ49oaR``;0Y z#=)9EEr66aotTpo>p;>JG$Gz!6gyYt=JT~FPhRAm4yIM<5OzEi>~Wyy@nB0;h}$_w8~wX~ON52MZzbXT>D+~XbMFxr zt8?U#Vmp7)yns|lDH?c9_gi)BkGEG}pJd)BWnC`W_jxeS9VIZM+P`EfOqsMZzD_%A zE8Xi26;czYqAU!k>tl(<^0?hb=!jYp+FxLNv&I`614Q;2EBE5J77Y)S6C#No*^L1r zsQBvF#P)BS^9iAb7w@=eqz1KW%)GE`1WOJa)gc|9+`G0Wu>cpEr=MLSe*!0!(^<#951F(I&)`J@Vd2Rn%T;I&8n6I|F z;EDM29UUKkAPw?ARzhWeEI8!tA{~}MpBD|ih>wnr0G<26$Xl_oNH=F|&*lB(-!hO4 zJyf}3>mf~J550P!NA6^;Up`4uAxUUnsSXw+%lZ$~QGJbe36>*9Nuny^^~Sn9M|%u)Iy6y&B8a6&)L11%G3&W^L@*Z%_R%BJ*+ks$W{LIVTzsldh?zc|kE{!xC7S&bQAV@ts9Ow%`P5TTFO`q|x%03jl zjf?UxPVI|w?cWOaqkW*~=y5sJHKEk;RcBGod@FQopxo~6a7(&Y5Jt10%2$`A=&hA9 z=y7BF5HgqQL!l)+5`KEcC)SLdBKjr{32V0WXWRLYmX4WqXPy*Vnz_nb!oWW$77l7; z0v=UgfTUID8?Dy$GMX@XN;9blNq$g@Guh>ZVs8nB4nskKg|o`H`IOBKF9x;pdDU_L zuf_=>bBBI$$13uOsDfLM^lRbyc+FJ*J8&*mw!MMOxfqwdY8PzTd4HFV?Iui9f6sbx zLy;ie3} z38$M>BliUj_4^a#+s+4$-;SU_%Dob5d{VVpDNNl=yFMF=Ptw^0H*6QG(H6a%ESgJR@!xMgMa|N^Jeb?NjgV6};<0YL2~6Uu3_vfg$7jbXUi{stx+n{u zHYw;Lf$s1uD%Ai^iiakW)T25XUt@!f-*{Ofn@u-VpwWnW@=JL6$4zIPi6idz z3@0-%kxat1v~_^r9gV^1?_q39@frGg~K3pe1b%9rc{`|AyY!8kY-N2r?ZE zv-w{FCBzuE>^96M0l3KEeAN$s(Jp+^x^&s^@-kK>?q`iF$XY>QH1XHE&N@xJ5LEcn zgjl;qKOruA+;ky~f}aIR>sq7_cEkRgAvzE*l<*mcbugp`#{!u!zOX{z&-nLS1DfG>;)dv%iG;R9ZUHD;*IPOCtarxJM7h~M+!5l>yZ z_v^Sz%e&!CHmD1AtH_phL>4reAonLGO*(aU`$0L2G5uMwkti05|GjaDKGt6q*r-Mr zs4PbE%g7lU^|~hLeJiU}6#iR%0Z1_eNlVVhiR|`5G=_ZW+ta6Ua2`w%hVJZUE8TsJ zj7RJ{$+L2cmE<}y1?T1UeDD1+>^5MiVnLk(kR&|xz7Y!$tR0V>eT&C+3t`}XNu|_o zLEt-vQvgzywpEl5w~*3%@0LT2lRn?vH}lWuqjM)H*SDSRmuDX=6pe~s+9S~X?VfC) zDpoQpMxVwKMUDjX6KuBDE5>%f^c0_QRy z!el;j6OV@r8HS@?aCzB8mP@^#>!8|+#yCeBaTS64`^~qCE_CKx`N#!d2+HEo1QcHn zT4KA5Kz#wd85>0!QK8i6I6qc+2-uudmW(<1w=OvOlTf3|(}%lfiY50=xnp6xfUW+5 zO|5!)dpydl8TwlxzL{Cw1cDNrr@MfMlj|C`JJJNjvRJ9uB(RjJUl)S)ysvfIiE%iY z6QQ2|q%)Y+O|pwhb&$j7Uz)`@OM`)A3GKd>IN96z$q&z87>$Xhbw9XUF+M!({5~m3 zvgEKo-D!Q$?fse5$a|N2auo#0*!==g!+*au8?z01%I05Mu!xY@l|GGNz3fMv-o8!P z6X)4sK|-h>82eDDb>wS0%=DFH@(j4)$qPzj!{g?1tw zI~iRovLzvod0zwqU-?bIk8kf*>{6taTn1cH@-{)Z)2e!0I=%G;9 zU&@B%6(53cf1(9kn=Dp!erKzytwdcNd8TSM|0wT-4msn}+TNRsJv_LM7w`uvR`i|;i2zShhBpe^2}>Ol$vIJOmKu3L%PSX1_u<2SCZUv> z2`Nm$cD62RBGH^K6^FPySlIf~e2w-iaM&m^3iCNJpDp%njTT0HJg*iZBApIc4kLn2}A0bWe_&$Knzd9ox*+Ohs<$zxh zoZ`zGPF_?8?cI4lpxSjuPC|mqh-|1n69|7bG2$9nl1~z?vrI-S`eyYCeAwgypG)3p z_?Cn|ut7s)+W@(sVv>@AL<|rH@{L&oGM;%9Y)XE)zXXSlC1e-f?MLyRPTu>Ekw-{;0mpLxK0k|?F-5T;Le#O*r&MOU{u>L2O-@9nV3 zDydU{CRZq1?|&(${N6evp;3#%1HZAh(YW6T|7PP4(i;kZcsZkM45<+y(tgA|1b+GSPhbreyO?lO7z!P-l?~7$Kblxb)|Ykcy7^qEl-ljEt%G=(x(s%E})K}}6LIDbbRJB{cvhdufAI762^V@t>H z%HK{zGHT&DY9rbyA@mO={6U~Ye*AHi*aMDx84VLN>_CqHM-f(Jl-2+qdi?mSWjTWp z>X(tPNHaJRUu{B194OH@MIT_@O;$3_w;zMvVO4}*x$*+ff-<{~AB;(T6ZM#aJYcT$ zb3lz)ChPheMX?#)BH{+k0lF9Cyi4Y{PXDb#rkwwSRPSFK1hp+VSh=2@%YSo}chQua zMriMfN!T*Y5381kHnK%nqvMtU*@cL{R)swDj* zdK`a_|7jcLC!QIrIY>hf9UNpE9D<_c8IH`fhCI<;QKM1nFg;c;Iv?WQ?tVTS2iG%9eMkFsU4`vwc@H&@KRz_YuE5d(fBGE+!c{}$h z_V-D?2~&}HTPH8>hOg|>><4Ezzj`}GAR(0Chfi2-HB6UoU$ge~ooVA{A>eMN==2PT zq!89-X+3zGiX5#(vt5sQfqwo#PQTMTS?0psIIWhMy>hCzP-MjT$(dwbH4>O1$?;_A z$}6yZ1nNuV{_`8$AXdxU#gqPy`Q!$hy9)v677X1U1rz_Pg4lZTO)@pqwOpeto9k8I5ljUa2=tfG3CF zgj0n3oWnAz=V`i`{F*2WP02+8)h>tJiTpv8mm!ivvi6;Nt;gDI%aAMA6q|HmwIJCB zKt$w;lIX0y`5CNjgd9biHR=n@>Y*$l7s4&VO3u}j-rk{{=z@rUiBr1#{?)Rzm+jbh z;4bX_6y9J?x)*o_?>S-^zEVq?KoosHiur%z-dy&_gNu!2+RV(vgMx)Es;NP)si~1Y zWxseD3XPEpnNCu5e*Qmfy@PjM;kzx|Hnwe>jcvP8W7~Eb+qN4uYP92I$97}e*-0AX z?%z45=iYCO?;qG}?6uza(VWkmx$@6<4?<4L5=O~=XvUyI@jA34)3LG)lhu9M5#+MH z6P_|MZ2yRR@sHcu!K-paNrlYd76!BxuvSX~VTkOvx}p7bCv76;$|Z52_{kT4%e~FB zAh8lLE6VAj`hGh#(Xv0{Yfac6zP>E%&?x=9;*CZNqksb7()hOf%c1Jy;AdG>dJ-7* zY@THzMb__SXsVs!|NC7ip1|LQ)jC@eA|`TqS-TQvSLS-%GCx)UyQ2;#I5d2pmT=3= zrof)4zAiz?Eh;p4{&UV`cnE{2RpN{%YPeau3cv$LF8aa9(_3&t)SuPcMF9WCv&3sl z=$wvTs*Mv-`~_FF!x=h1;GNU2#SDVJ-L5-omYwC-WSKVTucg;T7!6xBC9?M$G^v86 zw7(@UzMP!O=I#%mZG=8{tmrpr(o$=vP47eV&gWAGZ8fvt9A704YrydkKkHn>r>kyG zqOST+L$Io89|0dx48(CuT`w&z)uLemry3X${yuSLfkdGlnCI zC%Edu4k1sS3Hv*|-%%@;KNWh9OvBES9ef)>DTc-Sk3c|dY+TDocCOU~_ZxJe$~b=y(?Ph{pTQ@8W2 zK8(G8`Ph;rplm@HV4p3Z$H5aH*BEkGEV=GseRvbGZBMxa5Ike0-}tMCupUr#5W>a z=4TSN@;F{u&~;q6vqe%Bn8;0>O}%5{#ryP-VG^Y3!_@{UXm%~)MCkB&8&Hx~tQ=0g z>lQ)sJE4Q;q3N&Tc+JUkE^b^!gXh5tH4&;zA!A06{=L>V(z+3Nowa%@UW{VR4w*Xk zGZK*E7r%>}7a_~o5c~M3Xh5+;CvGN7wffQ*=6r7#N^aU6P&ObQs1Q$FrN8 z@h9`;{U!|}m6SU_=Vb-I|36qY*}vTX|A$p4`(tBcL#K>FHtWP85pZp{pVg)uau+yF zLlDGQR#uLTkMmRS^oB}UkXBAhMqc^%ea^`I`gzo!n!Nc+a^zSTE(@Z(@FCIq`0E`z zI`UGY6DdNEH0DfLxJV$_RV|ef7abi{nVBp&48l=^f{_{-1Zra9(($=XiUqQUO37jL zl#C>DUYprK^_XZtn3~~Y>2RQ6)b>#7!epk51`N2Bw3? zRwxO*%GDySk1GtroM2H=y@&Vy_ZD!0vt>Qnq$^Q8R+ir9GC71YHP?!74J8-*>NXzj z5SLnPvj675q>ormU<<4tnUD&*GVjQ<`28(^(e>BZW-RNUr=rhsH?Y_rPPRvV5~zfc>b;}EV?9lTK^V%E>I_&iZ{ zzCP<}t1m>S1Jg49PC_@0G8B>x9+Vy zbW1lZ_Uu49^D{I!JX3Q-TQmM^REc@Yc14w-yT~}cK!+ehbNVjT$)%Ls}^UyrM_GMVD^kih?ME%4di;Kn4h_PZvWFYJ`83ZmVqF`uN ztC(bPg=BS_cH67#dMlbxLw}<5wH-Z3vf3Tn*+}V@BL$&)2?`Y4I`aI0;O_~*i;*)M z>A1$%^L+aY*jXKC3lRCz1P`MyxzP_7DysB+u?J&J@;Ld9C`01GC50j@iJD!1S)CV& z$A_nta1}DL+>IMJ3Ohig&0V+V{9cdzjtsdOUt>5iP!;U6e3HT5#64ul2R*8@wMkK? z`YgKUh5p=EkG%U=dsb(jI_#wXNco0jd3WRL;~z%%SmP`=2;oT%5Tqm&a4^tWJ<_|| zu#V8Q2pcmcvrHE{V8-y?<19`P2$!l=5v%3~;-Uv9CK}vHn&^)t5+FV~CcK86Vr^CQ-Fs|H zB=dqJ7!&yZruuqN@X=>0|3oLC(rC|Y@OISy*b_lAG<;@bxsdp&b&YpaLk$qNC4cbNfT(*0f66K%#}7{5xp4PXApOaJ41!Fwo6YjeM% zdHqFo&(5qgabLf3chFT#l}d{l^P#<77;k|PS6VMpY^Q~EQHl-u63Qe|{h zV&e8aH{fJ^#CBpqNlv*7tvZpm@SEi88E6=ERi58hrGvu9&}zK0bT*5Km8$m1?6CxW zOX!`r<$DNf?L%>c)n^L_ZrLK4W%`EcKQR7{#f2%FCHE9pngZ|ASMAr@q2W;C#!P+5 zOBO|)HN*^>Ov6JhDrOH;QeqX@(R1Ej9^WBM<{M`jnBb(spbiK$jh=qHRO}|B5@7}( zm%80l2Q~Ynr2BVbE~frjbvN8iSs~boKZ!d(w;O=Ijb31flpdfE5Q70rGERJ$F-@S2 zMk2vUs{7%yn}*2xrI|kY-l|;Q6k6;l_<>INNSO#$zU$ceJt$5v*oE}Bk!(SxfLfx~uu(=Cv@q&}K?sUIPC{@QwuZES^Cz$~g9)?oT+Edgaxu~iP ziD;6DRpUZ3PYXJ2L#~P(yDK7Iw8sn`+khXF3#ExJgw^l*)4&<6VX9^M;*WFZk|dn0 z*ghP+C35J1)U~M9>_L8*$il2@&E4GDjj<*+H%}%7Yg@JxKjJ_l5O(5${^@79GE}l84Mu!1ME&^Twi9u_I3m445|Q zbzaXCD?`AA7$OzhH#lG0kM$OU692Mv-v{``&Y0bbk7cn%J!F0nI>->gaU)wB`rDc* z-`5xh9R_J|rT>L|>^M}CD9Dw$6MiYrejt4MBP`Yc%y^I z(d~drp4fW{mnJGj4z%$QujT4R-QQAJmOI>edZ=b|+LnpEEQm)Xieh?~HW4i%pA`@A z8xjcHDPnK_wnF!p^_md=J7loC3oRxgPMIiCn2+Ejj2*dXagDBnQt z*a*5DA91b=??0rx%|g=hKkr`sB>0Q);$UBsMibKg%^qu#a?l|MBDS|t84 zR~FL}0cluMQ+#$c_ThcFkXdS<6Z(<45n&Tti~`^NCZ_7ZduA*+e-($W81B$hUzpTOJ#vATESQ6N`{s~YWvUlu4)%Og3cCP~gtb@aWYjJ#vd{S|fMW}AL zUMnjy>gU6Mep`59M&WYVbD+yC450Ktrm)CKZu~)7&NK{4wdOXm)1h4$<3a4WvnzGd zf?9~2EV)Bejz|i8PO9Ez^E&+$`i(dI=b`cPvOuV87-p;x#xN<1fwFHgRnNaNYl|4% zEnS_bj+)6RDGgyL3&m|GvMS_r%=R3W&#E>bd_2-vo*AXo1Y2+x`wmn^NU~$kV_CJcPiIc%DEOFRFUp$1 zCRn6ng`sPk@z3xW!M;?zB2f(-=hEI97(F7Fuw1ZH>+U*-e`fy9!6{*p08LrKPx~1-q{Mnf~sXB;WU63>n=y zDK8iTIPbCgJvuEcEm4q@i~XJkThSV^XBBEzHyHOrTU&>M7k$8?Mh_W*&?8@+l;5aH zzF|JF8-=*rZHBF{h%J#QA_>gXHX|fwRr-;FHbj2<+ zQCN1Vq?pjDZP!;pS{`^Gm+(X@Tvo_`%tK*uXE zy-mc)>`Rw&#Dfe`H3DJ;h7!+CD8J^?H(l~vCm`H|tvd~nj;O_r5^U_(#Py|TG{P`u z%u#HY`)ivyzIA|vQDn;Y-L^WS?yf_FWxh8wbjS{XfqQ8yJ|3BFVo$b2g!IwA|3V#1 zC*jb$k#MX6pJpfOBDG3NU)$G55H6S9vNg|9-$l^;AE>%v>bLY+;e1Mc{ceJ!Q~VK) zKGwA^tLAppTCP5Fc}bswMmkfNt#Zo8173~YohX`oo}wI{@)!nT1la$u&HEaF7wT?q zO>X`BSK!B7+eTb4W24~cIrXu{fZx)0_ZH4#n`r?K%xO{a6EPQrk;#Y}2PkzHgeJ07 zZ7s-jt?F5eiys~4f^cyZjHdUd_xlOw!gr4axS89jK$GAw=xTG1f0r?&z6R`UOW9vw zPj!jQ^Zh?<9G8~J8I!nG1%xpf*K-q@z=9H5sY1w0gVOG>K;biY;5c86@_*6Yxh9z>%9@BeOcq@3 zXhr_xfRQLTC52f_FVZ+3^|QEUxxNxp|9$YxM+!FP8=N6x=Zv9-2A0RwW?XRa7weq= z3DCVT!e%wUex;t50)b-IltZKFs9-pO)|@L;LV}cW;)hBXP7yRIqk7bGDrKfUmv+Z# zVH$U#r#4OSf=gzNl1#PAgABr-&cE0~PaeE2c56Ww{O~F(79lmw&}D;2PQcKb0{`$f z200@Ti8C$sdDa7y#ngH<*9Z2H@k&%3$pw2c-s^^2)FyM)b%W;ztE;^+ToMa3FfGpoY!6={V z9*k%ZHq1q}>k*@@;UX2|CC&6OfhOc=co@jlgFdOwT~h7LEyVWeGXbuA~+HY4qMHkO#x!SLxL?TGeD=K!8=%wnofJB`Wep7~_E%MEEnO z&lDkDwls&`k3{ruR9=45-GeD$YqT(NcXv*U>HIkRwH7jFX5}cqfu*Me9ACHUHF4B zJu1vK0d#xP1WDv6Fl0iFEYL`VKmIdUrc!`%wZ*yzv+R(sGrg!V;RCTJ*Ff(*#Qh}+ zuLyOWJz1q-8dIAZy+qt}1muV2ymKdPOJyyhZ)<9w!jSdf=mgNYFiD@`$2-adGi~pA z`PT4xT;ug?Jc!A@KU| zkl^v%gCmP|^sbS!R=_54p+jQYWPs{f9G!6EhbW*qos zgImlU=j@d@CYS4N+HEce%9lYr&AUO6A;XiqK@y+gVCrHBqhL)L?5yQlOxG1W)D9OH$Ne>N*wWObSME7c&wb@%g9UkgG8VwR_yR*qC zD@ui`!kDVlBI;0(7bm0PnDo`M7!FTpG{Z(uOGI}=f6ezI&{d=qsai4_S~E1M`-
    XkmP=e=Tfh&n=?x^yd6UJbm4v^{$1cdeKL$&Kc{!BkUtnFBis|9M|s} z?^Ng>-V?KBrE*OH6%#>bnkXoob!Kk8{dI8vO-Z>7;tFtQaC`y9dhh(LK+Q@HTMr6h zD>O8u#O-wAwPW?v*@0IGP9G(^q6hxMyRG*ahqhboB$jXeHTe8niuQmWx8&Q5@3uydf^umhbv^lNNvYZs>#W3r~ z6C#`=VCyvrS)EEW@)Wcsis%gO)K^olNX?RulcU^4-$G^$IlwDg?A z%)}cM|9*Rv^dZ*f0LYNm%fRxyZ}<~DC=e21lZ%cB`J&f$p3>_%uW;;#Cc~1=k{+cU zeo@&O%_XwBj3x{D5L3wY!*l5T>!Fu#9Xd)b?N`vq_Eg2-w5Xvae;GYKCBJpUaP z^@+t-x*2BpUcDdyDaSPFsZvQB*O}K(Zhq*}zI}g;mXZ|Lv|xsd?`b^wj*U)>KhpJg zxwVxzFJHyXaz(|ko+t-FPPOTs;8#sMZ2$ZYhIpz{{_bboM1FUk&ajy4zTvQuyqSa+ z*m#&)8b(sDS7H{;i92*BU$lMhqOx%sQYQ%!@Y_W2qR*GwT#@adGyi==m+U|ga93JTck5R z;8_pTm;d)HYwl)@)z>W48TO=56XFgE!+ktJ2)sY;!NS4yc^}0^NL7n_XtI3d7ld!j ziR~64F^2+!j7C=kptU!kwe>_<8(mLl4rYqxe+FSdmmbB3sV%#a)fl%)NdKGQ3*q9@NM^1C5U5hs2M;lp*#qLYz351ZIG zqg2&F-z`SXNDZFoG{*hfO;U`RO6<>5MuQ;>Dw?TJV#qLl2*z_NxP{T{$*nv&tWL+Vnmm`kQ7# zXrYYrrM$Yj`m7g{44e~qumSe-XMbl-+-NSS|1-Srp_Kle_N9JfP&|hnEFYSfNV;Mu zDk_?cG-zMczmpgW(?kEU=GZgXk0OkS2lW_&y0X2?cAzZq#1SkGWc8kt0Ke;C9AsOX zUq7*zE_opM%<$B|ax;kkI ziBL0XP>hYX!ga_x7`2hA@`#LBD?Cs~Xx{O0fSdbH+ zXqnxWorr%U(om>GsO_}Mfyk@gZcxV*z?PAYPL}=s>0~SFo-mRa23(1gM@E3BLffs- z2#}ZVBV%J?rluvRD8VVy(^SNOP0&lka4a4L-A=(XvB|&ICdnAD_nt7}Zo92g;F*G* z{pJo0g)n7F9=eG8+8`jyj5PgnBU(l>>TXrTV6#tBiORK5JU^uAyibL0dcFLvM=F3B z)T`lqzTAK-=+ktk^uIqmtt^7<=H`}buv-Mirxg#XNj*8msUMis`lQOb8j+*mW>q8+ zd%N*b4l|leOvKolJQ#f9+F@+s3~m^B1Rr?^As+Z*@j2l=IyM4J{|zUO!Y^0@Rwk^e zh_mUr`_)=M4PDEOVB%kTC1Sf&Gp|N018`|WOlBO?i+*i{yO|QK|Kuu72*8w!nhS0i}HvdFhHk#j+7{sIC*^uK>kJf!)Df|vHwCtghUG3Sr0aToqIQ|tC}ben-^Hz zY*l0RgPRdrl`Q*P$Hk0o#X)BT|ivYP5erE;aIs=Az zV7lcs+mj(b=Nh-=XBqi|H5B>FZdF7;0vnrjG71;C7NYF?n3y>#V%`SmW_v(SyG{kmrjmNE zWZlO>i+Mf5VFga5l`6@ir-AawWyTMO7r1Ua7&FJd>0k2rg$Ej0F2oiF2ml`o2!auOk3f^#ztaTc0avW!qUAglg`@bKz z1rEe2UI~VIT0re3GzOsfi?XeQx)QPbZH-9ix=rQBSq8zU(<|8xtf^C6TwFRfrjc^C zn-z;H^54ywlI60LyrN>7RNyt(u1QXSulq|%{$^N`s zJpH%Y)985LvgkrpV8LWaFt9iLoF5eEY48Kmx-=Q*XE^kTso1P$Jr1V^*78!7D+@t#i@+QnpAN7OBxGY=9Ue zt#&KH^G=4*O}*Rk{7JaG%9ruqHwv__R4!+US9I^!I;m_e(zmBSTwT#O6l8fp%Dy7c%hDRbWI8+8_7eZo{N2&@Y^|3W z_1erIm6*a#U#AbEN^Osiz2z)_sLQ7ft5DyiU6PQ^p6=P~}r#9TsHy;}f-+JMS zIrl{01+>$5^JQ<@PTL}!HVS!~96sP31KLp6{z&e!FuaFN^=yPM!8d|lJ~pF@;P|hP z6OR(Fht2@>qj85djn|{a(0VUpdli5;CA*O>tb|u{f#ObiCuK;ukghG$iP|HlDZ^Q1>GMCuB1-L@0)M_-reDXXpEp>B{5U$#US{Y^BBPS@H+@O;ov)WHEGfp;72) z^!2$ZLZZN5{_5rM)OJSp?<-<~)R-V|g4N#p$dNtAVI!AG;4U_Bkgpkr!c5-%%|JBK}e1_JK6 z054qn4sH@%`w#AWnRuU>?QiWZd!!{Xf^emYPVpI?=B5*WxjLUnzM-lw!B_8#CM<_? zn3+lS8`+CWej|5*E+^*{1lt9)MWWD4m1u}USAT)Gc`RE?RX{G2lMMrQk4vOw;q2zW>sn4VRT1#`@$$CO$5d?WgchB=sVI8w$KuK)gmDjS91(#fpOHN~)k>RXeo-W2!fFSSu-1|3u(yLCXv8-Ir zZdIc03pY2tq1Ty^@tm_9@O+MDJ?lI^0!(WdA*MW{^i<*S8UcBF5M$%KE3^0>vMET5 zB?ZYdBMn6_{WO)-=NG^ijD;rRpieV<_3gCl1)akIQR6}j^OiM?g4b5!qXh>m90-E% zNI8MK6Ra!Qv<t`CCnEnt1RwaLu@y+%=1;vP+}7KIM2&le4jX;iJN;7eE(hZpX~f z=fuK^9~Z~$v5IP;3e_m|Qx;tP<=}Q<7^3(xCA9@9ME6eiJ((7C#8k|EGlx)bqJdO4 zirf)01_iyZbd2D+XyNy|DkhQ32|3&T_2Fd4kw|EX5wlsRh9hH7!8zA}D|Tw3snNK+ z*kfBk{zcinC%yBlrPwoX960D->+UZ^!_>hjRbz26;Ej7k?Az`C(j?&RxLcSoY3#FW z0NS+x<+l8#Je6^iJTJPuj!jTD-`5}jdoBE+qYoyr5hiX@7^M+6pW~2MTRJP~-F%wq z{@RaswAPJ#m`>JKxPHeTG&~!qXJtN|`!2)Xoi)dy4OjX^G<-y+sLyo*u%hWwi~%2Y zfSquddWJnQJsu7`9rmhVAQ06AF`R7~mdMuvlMZlRmjP^ibzcu0wtw8)LrC;_Fk}^2 zhN{zn=~9J(DwDG15GhX*$6kPG6=H*mQx=TWb?Cqfe7ag&o`tVSnd%!DA<{md=naEF zFT!5kq2-xfSq~iwhvwkmEZK0O*DAXQnm6{E{N5S9dv*kC!LytIer4s~zpZZ6mF4Hj z9w~#_bOAB6@3N0QB-@~2k_>9^e9uiUt0q1(%fC0^J)+Fjsu^|NFO7;p%rS`ins|JS zA~~ZWf0((m`E#x88cT`>D&(9mZQx4Q?Um7F>r6TT6mZwYWWV)?C2*My>`M#sY2<{AUS6p%MI;BY^nC~qNtU@ z2OIr-ZSSI~tFcOc05>hM+JNa(!qMR<`HT@O>Hnv(sZSDFZ*wi@NC=K239uRK#|Hnu z(kC?O`2Mh;7mXlbilgbDWJ&N2JQKWbFq@ssDV>gRfAof{P(QcpS)!BD6){bdYrdB@ zL_!pDq*0a_6z4%w!Kr+FL_-6ZB>VhBAzhWXA}vvsmqeEDBiAYGHj(OG;D(^CGgW~~ zT>!GqcNMG}5I~oS)Ow=LkK5?qPL_zS1(yRPeVcFLc5sCa`|0dWo4%M zC1fWf*ORaH{OD+m|ERjW)7QF3?W8(Tj>>Y?_lq@Yl9=~5dY_Rs+2A_7E`zI&MIt=R zR1e;V&F5BD_Nov$gRhY>c@OiO6hf|iQBK~jI&CoIr2kR9*jAu)+Op(lGHR{&AG%fX z=3ir2TwHv-UvmUq_oEc7!p(EJA~5E~nYj_#S@C)(1#^%D>jYYlpa;sW2}H_|mPk~; zb}M6fU^02ZDZkecdpf+5Ox<`gzpiWR(5triQ~jK#8%!j)8lZyMll}GRnJ<+a4L6@* z;6o=Bi%YgRm|uVSLZ~d%@VN*_aj=&bWnB|JznKWvby#D#erQ+}aPvVLPRvcLgrnK> z>gdTQ|OycsY+hNL;gQ6gieCRYH%c12sylL}w-GH6B8D6dxX-1lqlLDi`r)?pI z%$39RYDy|}|4u4*O8D*)6KKAAH>>J`r zp(k%gd;7FnGA^r*qYe3DN%7#;s!m*Uw>%NzuwSCqk%hM|UgXI6EQZ-#q60m z1VmPqRT3%vKlWq2j?FGpvSGsO@C?olRLm&Re^qRKgZVCoUVPU*C;_HWPbkJ&eFblF zS4eK;%aJl8MWOM@ni2lEDJ7kyj(}kT1;%1jKI^Sv!naf+gE1_iG2Eh$sz8V40QmN2}+?M^sm z&L`P1R=Quk5dy)oE-c_UjHlZ3&YF%;3FVaS;Q;R#*A1>VUjX?i-Sr-6aUA5FmDyoOLBHCy9nq)vu-`&&m)Qetu5UJ(pYARKodyhh%dyz&QSSbM zC8>Cw3|eqid$Ml8O3P_AF;v7^Ul8$Lm9O`Cr(WRkBHgN#KyC&GRprUEo!w4@CR-a> zZT~P%7}Vp2DW=X9sQq!PAMeH}5Paopnenz|*$8((d*~~5E2a)4h^|`Qp@i6+*9hml zT`E~sI$8-lo<_-oXv3)CU)niK5b7`AnjHG2Y+)qnOrzIyHDlM9WG_D1azR^VRbm^Y zc47~_G=Hin;$Se>T)=kd8+vug>>YZn42F#TiN7U$&yIb0mh7X-QzI8gRK@@%=C@{) z%$kbrL~|~GSNt2R=D}*{mRCh+wcbh)7UsUdr=tHxcck;546>KI>iduttQ9qK&IY*Y zmX*=SCI2fj3kmi@3gg}gJEOjrR8RCuc9;0|Qs2&s9Ws0`-id5A@&R4f{e+f|&Cx5> zk;BE(_wZHA#1|BhTKkB+h1t@(+6{Fjbcbu8pP1lJaJV~(Bi!q`raRIK)gk+tA@e-l)wP1N~j!B{> zLX8qab2O5B6)QVcQ)gbTW=XhCHFe_%gCL!zt^Zm`Fvnd?XR@JUA~GMc_+)<>$IMg0 zBH_^t&!u}}^VMLuzxy=@SD}$I*(qbHQXnfkd-CFYJy_Xf!NYiupTu-@ii?&uzvEujycw5{V5AZbsKKi?S4TEn?v3IBG1G#n9uod~^Am3Gv35@qSO z07~Yb1Fm(SaVEe{r}lFDBcEl_9*eCK0u=L}yA?p7tO@eoT2{bWr{WiH9$!yj86Kza z*zE2CxpObB9*;BZuG_`(V_&&;>K0_1CWMBUu%6$Agc(%Z4zIu!AxXg!1PJP;HZ7D& zSVpTtne-}Es-_EC{-~x`=m2%yea#+l@y9q)opxu(S`7YgPv~|u@^=E%DdkaV@wc%Qthl|RFl_BauU=}Ey zNsJb+WPbJJKEKoTVV%EtP8!Rc7dw)WT|!4$I=KBs(PQ%w#*Fk*+-Xym!eWmO3mLpc zS?)H~j~C*WGDE?$F2jx2BYEd4K1=J~7a5%(PK%cqA&erB_c(YYu>7!nrhGPId1`eR zg(#+VAjPQHf@q7=Y}CscqVoFZtCz0>+B%sI&ppfFl0Jmfw;l_>=K;0Qk4qMSw*ozW zdaXodC(ckj>&^!MN8AB6d+mljEfbkD+E?`coQ%DW8XtwXTX)=S+;|m9!9$jf_|q!# zbDi1vzMc-q)0*-6E_%p*7J~48nD4B@nYSWJWeE~)3W#D&&DsyLP|!j*(y_`ZB{u!k z`*jBKZR2u37Dzej=tBjmAV5A~$t9}Iz!U#p)((>6@$gMN3$QU!;EnkHBbKh1tJ~J1 zpYvfY7g#E07UVh_32BB(!?BKsCI`?6YSKT&W?N8fh4f?p`ohm!7CBXmRo#v5h5DFCC8Jk`gp5ytr*rPP{f|4ov332uHv0CkD+zFs-{ORNHDlP5XA! zg=1On`W@zLeH-AjC}>57H90BDhw<$k!;j7PvmDrH~2|QWc@(@(K*&%F|s?*6&OGvk<&&In?{KiDHLD2D=Iy%D12-*^1KY-M^ixD_RP z5N#|+yq0F#?mYJQ_HZ_b&&~N~&KH4e?ZhO4Z)ATKISX~p#Ex?7Kp-s!RmSp6vAsmA zYAMwyq@)#{^EV&7)9eT1=cUGalQ+#wikn2NTIwRBzD%q!`QYR0!2_%9 ziHlvCD^@lyZdBjJa+ebXd`s<5TT=pf_>4Y6E?n6@_zFFuOfsDT4Q8DN(V7Z!yy~VaP&bH#Zs$`{WDiq^pPG^$i1KG@$HZqZK9GhVdts zR}po`HT^)l{Mz${l7x7NhIPxqZ`e%5K=DHUe30`(Z-v0cvX%}62D{Te)e%KW7bewW zT)ik2`PYMqV1&>!&W?-=9& z)S~g_IEjh(cbwdK6Ti3fTQA>l{K-hzcF*?&ehojPQx~v1+x$q@=>^3?;${e4r$Y$g zr5Wh)We2EHL>-Eui8JKUy_nmG$)Jg=THp=4_=w6jAqQYulRiB|-rk(;Brcik#7yr# zm2pP0`KY$Iac$;lz(!1k+ZS{PXW812aZB{JyCb!zcBxe6R%|sx-yZulK|+1YZyS!B zs#a1guE4!De8Tr7G~mFR8qT=#kHF_0EO+efToM{cF7^Pdn`iz#cl9#WXFx~tu=}{w z^=tPNo@v0kV%$Q=VTUau8&2}9vh*;=oXX}yDhX-XT@l_4UdrGUljVlWYK3$yctSsD zhomGRS~dir>1H46upJ-&EQ(OAj+iRU@S(hWHo`?xQg_gchHAW>Eovw<8Y1v|ZDdNc zc1z4)9J;MbhMn_PZ3Nl+J)NjES)~+JYKLZgJRoZ>Y0orUel}QJ2m_3;Ryq(GUJ*S2 zIZbxPKY9y@ePr5$1Ru9cyo{ge7j6Ym6bZPLKkyk4bd6cQ2Y=L9i>c!-_K}W3M2Ry! zbjlu)!P2`UVGF%*q-&m{5*JIoTn;`S=N(w7cc^x5Lv+3<3NgY{#QwDfy(Xj6V$t(t zkJnp2S<;?zfNg$~PdcY_CMS6<=dTKqhE+wjvx4=+Q>*om;xIXc@Z zAP<<3>KB6m7Kdy76G$mSOS`;!qah+N|{4qeVTM8GUY84kxv6S)Yg1qxzEG;9kI@sl0_KLK3 z=hx;l&>v_7DMJCIjCiG>H6N$QsRopG9(MLD7_N3MvmM?{rxV^0WG&#_0y05VZ2HX? zJFv{BhNoeeJc|%Pr4IKm3mkm~em2_>=p%zbsM=09_Hawc{#l#PgmKHAZbF9>x{>A# z>87L5>?#@9{b#@X4q1yoLJ?Sh_n_H>BUuJ7@gB8dL?c)gn~bN$?>doE%NA+uw5n(l zFMQxyA$M&li1*B+ux1=i`Y)f~tvAE-h7(0?*E4>uup1;a(zLjy7`sb^a&H;MoU94Y z%;G9kYc;~)nP=g0YS3t_VN|ulD?~UQw$Vm6H4oiYx)PpRxKb|`w_!+Q$wtL$CjnE7 z(!#!@SfvN*Pkj%lXK8sBBtEWA2Y`KNdMu(rTZD3cAiqCob#!|xT2XQqaIK^?PQph0 z>(g3v^z6Z1ub3ET)m9teG`!kbbjzvf*GjODJZHM2mH6&=4ClXpwM>DL2C$$dgp7^Q zdkgMeXhaDIIr?WrL6VI4Q%R|E41K0NN>l~fttO(d$x6UJa`e?tVWUzXJTA<|d2gE8 zWn@ZZArh^1H_jnSI+a#unrv-c$BjsI^FW2}J2}MIG$PYYZ$%;|^yj>YYR7hT+EhZ3 zPoKIPWF~6G$=(FQ_1>Yvoo9eNWJaIP;{ueCiCb8uz?hyMXzk98ONlg_(A~Rxm^g~k>4=B# zw6E0x7eH@lHedTs3vaF%rFZ_IlRDBf=dpfi;A_`RIC@Id3aPlWyBi%BcW@wnMj8?I z5rb^fLro>t^`)8c;O_i`f4-*vBYq(YV7Cj2ICU1b-pOcYo)<>9_e?RT8tK?`EV59$MKnsc{44(UJ%#vsK07N5xUh`GG*45aKt)o=SINWmP5Rs!KhDR3s3C{jANb=V)w16fRiT1yX!O);IiHJI>Pd>-{~T4L=)HP zz9xfwts7r?-Iavc?>gXhEA~QNSw(5dpb(^3z0;otdk&?MCLN9 z)xHaz1Mi}LM_BB8z1^Ksf`qynyc#(WZ6J&E?6+!KeC{t;iGd+fHcl+nTvSV(?CiS{ zd{?yE_IG+c*XfeSmjMnymkT76Bt;Y=lcKhxp6gl&fUObQ@%1Rc573~v`muMNVhDpz z-(m!kc4a+E3EXWVxa^&8)HIruj!~Vl4w_&1vHBC&?0}k_oE*JK3L;pnX@-9BKLlWh zYbG;lEn3nC9wVFbGu?t8rDkK&euj5S$HAjO=rTebdk!BGXP7P!$c z!~v*B^yzz`z*i{O=&s@WyX;lCRxW63S>#Lt1eMu}(&uemndBo*uS%u{cWvWu)Z|og z;~WIvWgU3VEzsFJZ~Q2q&B{n~$M}TUzV!V>)@IbV^7xkZlZsS`n$S6`3sqXRfr;@T z=}24#LF@U};XL0HUHSsq%PsW*GayNV_;(5;>)Hryd8ciY>PS(iH1!Y#9X0N1i$&8h z^jM$nw+$9J=zB5)D5I@ zZ$`mf0^o2SVhYd1q4IF%4(N}ni(p_`wG zDSQ(0Bju@;hs<2Q{WJ(=3z;`|o9X)Dcb)V47$ggKwnsYR%WWyl?W>#)ND*#MUan4uMk>dc!-Ri9+wO+#mTu-a;-P%BChAb99} zK@FD|uMA<^z4vu`QS2Y>`MmP&vTy6%huZ;gLcQ*HQHGm=9WfE(Frbg3x9@vVU4(M^ zer5=I$#DcCEv-kwIzEHS8>65){1!zQO!^)v#cwT=I|45JH@9Z(Z|Vq34a;J796D<%P38zyE{;Q6B<*k+ zh90~Q&$q(P(yLsIYjcniN95e*4A}mLp@%J<5+A8lq+# z<2%%*0S}iRO=(O6bFTt-msp5pbK)m|yMp9~EXaBWwl2cuv7=+V-)0=QS}G+4D7l+ptu9aG*f`hgUH(Q@?TsK!_I!eSFdI;fQ*3usrNwTrhPyvbXsF!csRi|5SszNoUZRKBtrfjC-*&f8Fn`sIlhi zhRQ|=WVvcJl7#O52vegvNH2U3W37;|DNsYMaHV?Xx}eH6}DU(j9I3{WyvAra;7KEp>(^+k;Si!aX!k=f1 zX3~7yZr5&(V-y)30{9f==ElR)1;*w*qwj-n?;wGAW=wHy-!bCDY{Yk5b|Un2cr(t0tg49KYb6kxQVthr@oh`6U&o059{|2U zLBEDbR2Igadmb*hU;@UE9gW^G(wHPb8H&t7XJP!r3Ao_=^Ko9E7^t*y$Q{!kG15Fz zHDYq|kdqw?Y575Y5{B~YUeCV(6UU9lfVfZ?ld_Q8KLx&Nn;IncKO5(br?7_iL*Af% zh$4e0G$mW|W03qD2UOm2g&vW~F_Hnt24+xrBnfFfl#;QiL3na33`$C8+E`pNR)#nK zd?)@ja|6ttSVSnuh}I0i?RO5qinsrUzdiFZHd+#pD)Ykbjlslwu0^h66JB}julU

    DRDecP7RTqw+b1w~FyobGzA$x~2w2p*r&h=^!45(Zp^ zOQ(cj)+2Y}?)zUuL*I)rad;;5UX^q{j7n|`WKiov5gB8o?}?at-MQ%4{u%!Me-GmG z#smx{e?esDN`7LEP&gyee|#M3*S>u@0u&V~){1L%NTwCLC!bMd|K7ury(F?GB%yiJYk2JA)iAqr zG4%Wn%zE)jytTFwp^=e@j50#$Q6e}l24O+m6GsL&*Xg84s7Ry@Jm-A$3NFM`_uqk+ zwzQE*4*_|DW!FqR`q<-m`HMZ2rePS6sRW&tV}Q#-jnKqc-?|wTpCrWGGH8rkJ|s9j zyf`SOhkLh57vP`&dK}Mxyaw&^VHn;k2B`xx;H~={|9WFK_M3BY_fu0)`@ui)&_j>m zqxE)-x#LD;YMszTMkAccOTlr_-6||^Dn_Wk$M)E%xF}T)2MH#DKp^-nb4nM9Yu>*S zO7~ub^3u-sF4{tO*}zjL8NbzqlHyN|i;}frbpeJ-Y!Vht>7mSuh)Ydu?nVkrO%#Ox=)o@0{BQ8RRw&JzeUF(8Z8-m2_JYPE=R5Ag14Fq@fI(_SC_nG9V>)5Rwco zbk;S%;v)ZDt*C44KxocTW7n(? zFt=bRo|^r8WSE;#Sz3YmPAgx`P(-C8C&GpL{T75|ry$hbfr^SsG<4YL@(V|5UNXXX z2B`nq<1+7YkvRJ8bz0F}zaOrUY^uj{$`=`pGC7=W6(}<4k&_Tk7cYt6UHj4M^&luL z4k;-~P<57~l#9*%(+Ve<)G@s>5g$sD&ee{ZqE@;l z$&bc~_S$-My7Y*lI$B;<4U^3UxiSj9`qA}yu-TC6>4?eIbqif( zl=qAbB!tmLN9U(zFXchXJ6+FoJ#^T0h>4b?qO1}fRu>eCC}eQn{n=uUyht1mGjhY+ zT#NnX4X{z0>kUanUP=^+NjY5B1{CkDg_V0tG{Hzr$v~vL1|^mCFzZv%FC_xz+5(ie zs>paxK|Ga5vq?q5HW(d6HE>78A&SqLqYbqs9aN_&ZweclYAdKc?1WLa9*^EofUD*` zi>YCq*jd^{X;UFMDiNuv;ZXT|4FVi#kvO^Bin_oeaR%QaahxwxQzKeUN<^oJqDyM0 z;}ETEp?Dgpe#)UU#v>y;2J((NR8&@=RYm7JmBhKM9s3F^&_&`!qmM#LRx*Mq-Oc57 zu<633VM|)BL+yL<%0oB8ar+89GF%R;)0bMlKExt%0)gPy0Jmqyvq;=26%S2iE1+=i zLb#C{TC3T=&`&ogDZbQrrQU>%8;USw%5%ph9vrP@SUCMftgdpQq&W&V-gz&k4sXWu zWB-oYi$=m#z6ULBHl$wu6#jF0GTOF&j+ftFg=&`qiG!k0@o_b#&3gj_i$1~IFSlUY zCl6zwvI?Kw@(fz0-G@6SXQA}#NAX#{1FdE&LNl+!zwa9b>y8{9rgxvi z^cAfL&W?bkd;=;%Z@^Rkyb>AO3M_x~MSQfui;&rfl`MXsx}?+9(fQ~ChJfj#KVtrH1QxALp&_SZ#eN- zZE2{4^c0=>Pm?#L@lvk}K>&|l&<`Fa!)fz{ zeW>C2qvAormw%~lN&9{AO7T!Wd~;n6Pm7#Rhi^4y_CtTZv~gYo>EWR~93*XL4+s5F z*&LF09%kb!^CRcIyB~jg=*N%c{YWcJGY9iVaGeMo&*?j`o#LTgTE_@-?%o_^tX=ohS|a5*MEp3-ng zCGyd;cwl_tQ^uvT2q2x0!_z~4IUe6B=CY#wf%8CneR=14%Ez*wZgoKN!&tF@(<EJ7{c15qeHFV2A}`$F7x*X_9d#z|Iv?g&jK@5I%G=ZhYVhm}kC)d7b@n(`|R) z<_nUs`=eRd2L&9><=9%#fwb|LMM~k@_Uu^Iku!wk{&v5iOI{g z3vRn24;mX!9Q7UVrt8ebpB!#C<0ufmi}xQU9DW=+_Auj3f{oF@Mv6;{n_R$1lLQQp zhnM_xPYWOFPb;OxXM{>y5A)+M9}e4}_5;T6apTKB$H`%J4@XL8k7=QD^8Y-5yo==16o6v5>B{NG-R~esVyc0of9oJ)LwotMEH`!uTk8xwFE<^K7YhvOD~Om z7@dE34v$`%!Ry-6p{-c;`V;u?u2FdD?*p;;|NexcQTOBVdyRNH=}$;nI0yIi0ro9= z70>^x75A?AJ=Xp1epC*80FT`>9PZ8k#`uYAa8Ka^j4OT>Py8nzm(ThT=PK9Z_oE(# z@_{$;L~q*ndlTNAaU_7r`%#{EAO3OQC}7JI6wWIAu3$EXZ~7PR z`f~;Dn*U#nQc?zk!VpK<+5Ys^xNlD$9{=xuae?%@o>tUUwnGtS$9osui}pKT!BaQn zLfN<)4`1;VM$Mgr%-R3O>t6-oo>_lFU)df!J@EhFefmxOX+k2}OFzY<6PM!3;&-6? z?;Ut%eHQ*T;}P`J?#5q--h-(3X5(7t2e{+XjktHu3|tV@fq9QUj1{p{@#p)}@N%yQ z5&rcz_~Sqg_OE>lPu^dSyEZ(6y|>B@`o-+xU)h=)X&F#=I~rI_<@4Dhg}nwlDE z2+a?NEgc)2e}1)RpcMGYt?wzTZ@W+2N;?jDdiqn~^UALeW_ak&iKhLRfYTmWWtoSP zoJbGmnMxqyg-CG&pB5GksaQZEd*@zU?3!+AKcD*G==;2P_>$Ain8ukpYN)4!#< zCJ+dI9k7kTb{F3>Pun>U)q9sgZdrqHBZ~)z&j9K!9;B4`lEXLt&D%;ad>V^~FlpPN zl;O4UH{cUX1TwS2p-=^3)NOyqxb{!+$H(U&c-SZ?w{1tl&40tAw;J$N{KH6C_&x6H zD?`zOm+{QwO}K0Qe~>uq3H<)u9e}}rtYHz@{=^|aQn^A!H@_Exy`2IP#0!uJ0Z;;J3dm0k0oAAl>_woHoCyWsuI8>n+aKZJs^U{83pZgsC{o!6X z^$IB6N+gZB6Zija0QP_MB;Nc|hkNEcf&ubEJlXF-c>eni9=R|H?ZqGC&lfDiHRbO@ z_xyu+;qx*Cos$Yr%?>ys{(yf!KMiTFLVWelC-8ZR3c*@0bm4<>#UF3RdA%#}kL3SD zfJehi%nGXdgQO)f_h~X!l^)_vicx1Nr9s8cR_ddNMr=d&{bc8eS7Ul9orWX zU6oj$zXy$-ZiE{4;MuDSac|XoxKLrD^lrwc;tr_eA`sf?<+w5?s~XYWJE{y#@K;b2-SMf z)l`H{>&sw~QyC~IoZbU4AU&J}Rt>hU--TL}9dczTdXE}~j4&D6DvD5Etw8#yY=p|X zP_(1~p1eWm9jk-WREeEyT97s|6FZ*z2WI5!arV9A5!Ts^h}`orgx{U-b)da+7dC9I zf=#AGWLjSg$W4Yp*^b@wcR@|YdS;jc=H@c&-C;t?x&0C8Y{IThJ5b(a2ETM)kva_L z_YN05561x4?H(>Kfj}S-2n2$Yg3V?-Zd-%>^T-0W!JJMfj7H<>D;}(-W>`BLd|kZ$ zZ5%r%L7Mc&pFA%@`t(Q>5aUz(K|#Xchmb!K87_~1A|s_)p;ST1Z+zheoV@&I4H?D7 zZ!-bhPB&y^oboV_z=SxtQUSNM3msi1IHAVQcP_>K%P+yKB@ZK$g7mn3LI(V%5&A84 zVN(Demjh1HKHN1g#X;Mg7kqG1AUY%I{ufJnv zML+!U&0CS?bwQ!h99)UkOKFi-WA&Gpw1dlx%Ev#)!#CN}S3bO#C%FeE8L~*@x5fzZ zAP@)y0)asA%fiO}@eVI$yPNGT?s;%H9LFslPU(0Gogot8aeWXP(;Hy{7u%b*S zz~pE4!iG8<#$J>!{}BIq@E+XvhkNnD_r37P=dVVx&l`yXr7vtcR>{Zv1CT4#Qhd@R zY7!0{&i<7j;faTSCx!FBx#|DU-dO-xRc(FzcXPU6W*C@(8DNN^I|LLIDFqP~6BGjj zv0Jg*_l#$EcOZy?DBTSMLrpVGciq1CTl?HQFetufi+<-1d+s^=>{xs4T5G2kPO|1& z#b?5*!qLKNQXCYFSPs%J^fnQw(JOI?y)~dXXtqjG&=d#lO-sN3*hBTI(xhA(35kg% zHa?0FiA(Y4pyHq)%7{gyMfi2_gHj}#@ka~GuQ(_eMagKQ->Su-Lx&C>I&|pJq2sTH ze*pg1nO}=PUlLT3b2Fnxmj9diLm_-?-ETbS&%S}{uDO~!pSX=PdnFOLr}*bX!b#{e zPQtnIU^r*>{uSZ;9`J?HbIJu=ICB)Ow7CKuI&|pJp+kob9Xfs={He>9bo?`**2n3~ zmX1ECDaZW$e2v#S-*o8Ep+kp`e+JYEbR9Z$2)rE*)%X8!*^(0N)d@=KSKVjxLnwPC zZz;dOX4%qFp*$SepGyQv=<%pMxmZm`oE`&p#uVaPC!uZy)p7JdS00W|q^GB|a^*@o zb?Wq^hD3)B9XfRA(DCOIF6(|C}BS*Cr6X1;^X7BFq-3Ur99L( z*r_Z`2S=$y;ukzs^mUa5w2D?ohjt~q#K(&K8ivK^V)lg5dC0j!bcp6w$I$^@c{n19(KLn~6*5!1k@%*tK;j^#|6F;@U=i=>c4BrwBj+&p(8r zltm9e#oToVa0aZvM$VEqdHBAM$nyMEf>RD3T{nx%-`pB_Z-N1D&LSSX?j~Ma)0}1< zI(|Q>20Xo7Um9@7{yNj_pb6*pAdLDI|C4LPNbnyMN%w zsAtdjD@o6*<J#%i7Q0<+ay8U~^$z zGn#e$F3|3#Pv?r$&Ey-Z%80b?Ljn##0F$B)W_qUQ+VYj-iJyP^VjB>k}vs(d173V}Z^tLmGd z{=?y?&#k4m>0YTnzO3u`nv@>$CfQyw0!=(@TZE{ zsxeWUqD7TbJ3#zK5~GxexG0DT_YxiACMwuPsM(Iwp>E9!c>WQj193XF0)Gf*!s3(Z z+BK1|fQ{E)PgP~Prj0eY{BC_78`b4yl$Fi`QkR zuBu$zmQ!mFT=a&M+KO_@%PXmE_+e&9L*fjkLsTB0eqRu<6BMQMwZlcYH=dR*f5Yc$ zsHCF2f{Lmd8r&*mFD{#1Oas-`m6TUj9-`Unrm?1s@-j(FolVlMSqt3Mi@ORjb#@1i z20L0%DoqVFR0`b{l?|xm_`EJ`HTBfj)=<;n)M)rEP}=Y>HGd4eRAzq46=SFI;CDFz zJB2LXn07OtWYql$jrY+6zrf?#`Vp7SoWVKgoX@Ol-(#=QqFr`)IE+#*w(-)md-%T0 zc=(+l{}U#H!ixE7&O^MnBoDjMe1wiC;O0(ovpDxB-28Fy`Ba&2&@OfS-!NhgZD89c zukhkCizp&kJHSCnbuRk`o}c~zD{3rQ{<49ICK#lR*~AOe?q^k_mx47P^W2>ukmU{e zgJ|>fP-`mxD-4*eF7~hglxOewkbGAuUq1F2uYbFj27~3`Ju*KBUau2dtqqq5aEEy_ z`ekl1-w7=F22aDr)Kv&9=zcN zw%LMybvaf1sogW52e1D*;TW-m*xCElf4D%}x3BlsX!k5>Fc>koYFP2q6->MC4YDn6 zcD(;6m!5noXHP$$Y15{1)7zVYVrPs)++&kw{d_9fCP1m;;NS;Iao_ zAfwbNZJH6I$wzJBx7;&fGG|Pa^qzeh7vK8^8}{2#_gVev#YV^P2DPuDbLY<5@}lVI zXl=9fg%@6^Ek{zb7{3?(*mm~^(3A(!bmfnF5hX&52-1j_Z*V)LGTZPu8}W(2E)uko zb^|_-j2~;sE($h&##7h7#x5l-dJ6dV`P-R&@eD4$WG3&YtGFxK{@K%9bJ3;DoPIOU zF4##U1$;2`M*j2MlU#b~C0ua+3?BTlSPO6Gcdu~E%xPSB{&b#MBm$DqRJ!^dZo70A zmtTAh_dWRy&Bav(b(veYQ%@)8rPtV^*|Tyx6}TzuAKX1%;!d`k#bxqSY_MO=E>g`9ECzgV=RQUy%y z*0;Io{7bm}nya|y$)|Yu>KDmSAIdiI_I(a}aHACE2Hd0@@gvTb&j>j(0Xm zY`-3AUEMD=zhsZZFN0Td7Q0kVBUtI*Kpt@YK>C!_Lwx3vyCh25@EC%WieMau_`-hf+mVWfQ1(xvE?IGQeL)bdN* z`Mgy^&mPL%KI|0*WbWKgozH)nrCQ^v>YG}lsxF>X{txEsAwtFN;rXgvLaD_Yph?o9 zE{rr7(s@Y~rZ8r6G~y&O3(*gWD18Q@7gt^Q?Kk zt8#Q$oRU6aA$0|dd2Y4{JHD`HaSHE)_wn{U@6cw#bzD8ACqW+h@_$S zXqEyg0ir~!@~`M^y7W?|-K_FJzWYRBQ8bx^5R*BBSEt{{vYMa(9nH&+KfXW!TAnFC z>Jm;ZKP8VXfy+J*xl>{L{RWA9qbOCuVTF8l&Hc>XQKt!=ksXd@+N?=*w5q`|NlCN% z+H{eqc2Q{{3{4o6I#!&qhy0QT+|-e~A%hZ!pQfff_o+Ig%I(2I;D=UbRajCVR9O~> z{`9Llu6PtENB%12uZN1Sht0q8pOYbuh)^^yTa11{kj)Wxix~M6wqwM={S)86up;OYRXp{nB zuU^ip&n;w6MjmxW52bqxu%?XW(p&H1&N*ij^69-?^yC_RRw>ifbrdaK&Dt$1*lUyW zt3@M!>}z@DKVPwH^FAuwk`Kz-CwUrD#M~!e$JyabZk%x(u`0by<Ro=-6yh(3 z7kh0nxx0#R8@;T3_F+CMY{!MS-z5Un?TqbcpknV=JpaH_T8=q`sl&{y+qjyorPWmK zS-}VS?YQ;U+nF^YiiOY3qsW=hlC|5Z?mnHn?!JdJ2e-!RT*Z^K-oZ6+9Fs<+;w)dn zXRB)i@%y2&CMxL!hWB2=*UOcHw2w_$CA91~gsv@(qW$@&F*}W(&bYD1GpMzT-EYrl zk93aq{p)#eo0n5XF`0A4KsG-04r_&F=7`n|8Fv9EO&UgW)_N8%-6LJZE?&IlEh109 zom;NInx56m_-a>)G^q7__spv-%L!({gi{!kx}7IK-Yfc8Av@D|6M5`(&Kcj8&|g`G zlyK6fO`Bh25)%`(%{hM*JR(H3Zr_8BkychLTrA?SA1aBe!&fsmMH$Okwsbkmx9p~< zQEUwkO7`SXQCY-}wW4^e-%7dYt<~8ZS-fO98&yLq`lcT>>|M8-<;z#Gaa*yJG$*A6 zdE|&dd^EyTe}D}Yl|&}=V8}5e7&dAg16oVn65+&EQ^58$OC*g;*m0m9w{*x#5%<>b zXTy@EtlhqsD!ZD6Fo|&0K+e|ntXQ^;RcrIGNoQtOqrc_ZtXsT@HGB8d;FL~U^;W)G z^0)4#TzmIYUw(kReZ``j`$vcU#Z5XcPZ`@+E@R2kwWRN@#1nK#NLQVz*=nFHV-3rf zEoJqFZIn5nzPOOQo#|{?zk~c5m(Wl{#+sEZTegZ#>BYE%t+;Cruw%nwmMmGu%6(;$ zu3ECztYzJ%b*x;yo{VBUp;iy&IXgtj6nD#ZQ|0n%f+LO+wk})D%B?#nk}OpM#^De# zUhG^od943_F>7~bQ!AZtZT=4ON@{Tl50&8Qsw!ZM#O)D*&L4#0VIz6z8(Fzj=vtFY zqXnGxQdU;Tu8r$ixoVx1a})LXn9ix;y+lut)}6&agX zN;#8sl{Tu9uMLb9>{zPNx@_w{DqJ?o_iSh5x^=8wy^__Ll^B$esg`>Qy(SUp9TnMZ zS+#_vOP8`+1Un@Vlo!XqJ`v_U)D{={>){3| z_tmN%*0Fo-Dygf>Si5-#Ri0p>gp53i5`{}>cAJPw=tz$~ed*Kt6t1{&G{!IHv8F-d_DY}E zDulYiLUv@7p|l5s$xHd-g=`!=is4?7U$odH4N`u}GNt}*t(8#in8QLbN%_dzyqjG+ zx3OiH_z(7qo9(QUJYBYYCAoD{mxL^rt%3sKec^$9td@3WXF(mVTH(j~6)ao1mVH$& zsY!>!Xf;Y&zNNCm7^WR>W#RW(BL4*PSCrWD9qY+6CUe@PRMIz!lGEtc+A=jZYYvGe zwO4=o_CB8Tt~#4urCV9OrwFNCfpVnd?*vuXl#;2Gh33oDlzr>gtu@*0_rjt1w?6?s zHS-`9RpdBr&7u;ek}}Yoc9#aUg7t(8#(3Zco{iW5eSpl`nv%8Y~Q^xAf^-BOv_#*>keLwa@yy<2s| zXUk%JW;vm`8(HhBqr{p>Pt!pO(+^35Iiw{6C!frc58q}@uryqD3loO+W7AWwQ?5qy zoTcoVx12Bcm0;Olj?-K#6;@3-MKN%|5C-+@Me8187<|cp$SL#s>x{E{jZz4RhGlNHT zp;HS#slOJgfc{c6?@)ek_|$AxL?@0N)q@@He9Sj1dvn%s=`>X-Q{~I!VBhKw`D}-W z!fFeH$Is%1Gb8zG&h2dO)RV~S{gf2%#WM0r2D?^Ehbcm;p$9W=zMZrChLF49Ltg)K zH#X@otky2LuN%dl*I!~)>+^W=;(kY0Ln~}{wHv_M1DCP-oi~ZdNu$s4r_d$3k-Eyg zEdKaS7OpSEF6FTISt%sPnxx|_Wy8YxWN(*_+!o0(7u+S~DxShcU-7}*O;TpPm>Xg# zZg&k6ExY*oxtIBTr;n6jQREcY(8;6(ww=6r`Ac;D;APHEZDiZBkD0q9h6~>q8xY3j zkFkm!AH2((YYJ7S5uP-FiL=jQV2A;yn%WnEplItnUVr6l_B+gkw(i2&ojc+C@-^OE zuop+lFs5D|hJE$7yuENAP7xl1LORpXVHW)=Gg-UnQ!*-T?5XI+U3ZOS@4VGyHs(_) zLO`1q7tvnYg#~YX$#$iHNIBROb|uq#n%MUCV?49SMnW$U5OxS{Nj;_P9D-`6T=qiN ze)&1OcPwYGyA9(mx|SjNukvi&IBq?642i)ma=yNYM@lc{)tg#ju}gY_L=ao`Egycm zjuL6#%(c-JC11%gCExPI>@RSi)CbSDA*ZC_KI&Eg}XH*S?fB z&%MewSwOsq>>fSJj(Zm1R_oKROW5LbbcnN7+Kj-O(R^b`d1@CqdjAPE^;roY?HD7pW zKS0@n&xi}ZlwOGuxFsz{i-F3$i+JzlPuW%F6Jb7vliT(rStCspl+a3+J@quZd!EHb z7xrNPC-3vt(*1Z09ztSz<4K!{{gW5@c%vvO$&vV^P0s0fJuloE$EGjWktxbd3I6_5R(9=1M{^!uz3>VP_85o^-j6G83Kw5-7Jb`f@Wv$% zQ#^Jst)qvKIG`ld>> zx+DGjcBejjD+PPElbd`sFF$Y+@va8;to)d-_jxF&4rlCHQ%Eb?#O}%h>KA{GwRJnX z^vmJpYu9t)+$R}cv5~Ledy6GIDsf4lIOzN?q{Kv$yZ$piPxnwJLVf2U7cys7%R{5h z3R1Vd^?59w`vk?OyviLTBCut=#WU|$aq~Ngx-sg$8@-ap^rB8R! zW&DF&J^j#ZM-vQ6$tz#Q%U7>r+&A|Uw(w2fnxBWKhX^^lSCN@`InO_E3T-*S%GaLY zl@(6f_K%`rOS#Z=4wqeiBCU`v1p}jcv%x-MBVJTVFBS?xqG?1sIS45cb)MGfd>%%PFTSnv1&IE~c z_y=~`I{xPP^%DB8fZELE@rai1c8l@ic6kE7Vnms6yM5XwIQ86IYx*hpd?Fl&gb^Hg zSIN-|yZrH4B8UvDrL3x^S;HVgq}fbZL`P1Ubp^9-zK6%I5TPm}2#4E3i^xEQ3JNCF zYoneB22H+qZoSOY-V47EB9T01(SP3YH2$JiQj0YO}EkX zv%kljm)GD;o=mq$|27YdCcOLRa_jp>uAO}?H&0j7no5~c4VRgy@KCf_!{A^dqyfND z$Iiu{@kzlz?wEZOXCBj$VBw=LBp6HOK8ov=V-pR9xfDyMVYG@M=QPk}&=hXG@=C70 z?ExN`++7oJO~xRCf4SWMH-MBKDMtytj^m7O(R}yaDsrVPSxibX6~V?FOt-#6i3ktI zn7flrOSe)Y9BC-ZVp~BBQ?9z2>(1%H>i@hz#h{toFy{tQA_`cwEJKvKy}Wh*>ujx; z1~%M8RpFPsxTuQGJ$llsU9`s6qY5GrI(;2EZfLem!*vtF(zC+FMOS$#7+qw4A>GW!8r?xDgB2PP}TsoEE z2?e};-`iw3EJTJvX~81i|E`djlvLWKbRsO=NaK=)EYE4dakEaPUu0KKzjP*3`WjjF z`Nw?z-5$JAEr~X4;H7y|rw^>+o%ahl;ig+e@R>}iv>Vk@?GDdZNsr5hEvzq>-*GQz zcXhFC$r7ynhf%d^Ck3L^drW1lT~*2PC-fjh&7vC2(l!ei>iWL485ju#f&~wF8Y$iTf;f?o}0P(&YS6! z`ypR#-jCh;swv>^>;d8FrB8F|rcZkRco9nU{aR;P=&<<4t3p@of&-)^GPu%Ee4 zzr*?>JHg>0xNE-S)h{JZX9c?p9i$$A5jWjCgO;0DvT9Ed!>*h{zwpkSI`az7>K}() z3E@g;VLuE0^#*$rPvWXuZsVrwW-~ldZ65X0W0Z1LUsg_4olAGRg%GJDy!DTh|AlSoa7 z(q@CyfeN*`OL*m}uc?S=No?=|zFW0|ZQ0e>OLN#scdohNMy@!uE7|YQCqv4!t7<<* z?zWtA>6wg3RP}HP31`pdmRs-O;_*F1(R_;a)gf4qAX#{&jj1Ro*9OU)H3g)XSs8xX z<=lMR=@=G%!@812Y6@2J@q#)|x${=8I%_1+jk)Aj*o0DlfGS=7aLObc1Fo7v(n~EI zbLwT>eES&~7k$H;;>I6LKDhB1Q#o#2IGNj}{gV7HUH3Y>+n&M+ZLQ7r4>pGg)aGy^ zLW3}yRKF}?7!nzLTq~-JcC)X*OV!3V*%EgmC#Hl2W*ro~xa<-196yes?bA5+w97c> zm_!VoT1pD5NIYRW=bqe(&98mVK4V`lyYnV)zWEBmR{o0x*-lAYHM#o=q5T-Hx_>rF zd%t1+o^Z~%;zn+}Vk8wGe8#2*DWeCQR8a!+*RaW&#*pqEN$4`3@vS!V&iXQfrJVT6 zGuc%yvOu?iB#R<4xnlvJZ4{;L5WxY6Y$h^GXh*m%o>JqI~ zT4l3&FxhI^vHUZhd-ZcRZ?_N;W5V2OAm>ht;=4y);N7?1smx8Sm0Evq z!zlukwM8lehWEgoZKKclG!Z21IBhl@PKhTxmJr`+K79W@-dVa2o7W``kO;tv4u?xZ zQE+3cx65A(LD50fW`4rkpU-94o>J6At1F~G(*_jtun0YO-g_7CZ77pI-HqMYlF?@j zz`SQ6&pr1#?+BgmtrrP8%WZ~7*MVJxY{UQ|>IYR;3g=ZJ>Sg z%VyDzLW;M1%)0PtOz9bnSFOcY?N~zvd4*nr<70>s9!B>#j@+Jb)gJA++t9N|zpKbnh5TSeYny<>llSnTTo=O>|5Yu|1FDg!Vx=JXVqt zyU@Rvl>a{c=oeB?O{rJ%KUR1cLQ4@mTZLQvZMRX{!iH=%Z3w5^pgwfy)L#515^2>+ z!9l3K9crDtu~PEAJd6a%_plZTbm(&ogAz>GT;Ze%&%1SzvNU7>eVv7rRtFK2(1LJl z1PKXAL|AB{i9GO}+CH8nLjTqZ2mB)a!Z zrA=HoX7R6Run?FqFMDj{<5nEVk~BPCMZyTf@#sZEp09@5r!l6JSBuZ*%X zCw6IbDie-p^q`KUruCs;YDeO{{v}+8&=ihW1b+#qgXD(_XOM)0I^4wlBhkU_aFcT4 zWa6^7v3vJ2-kDp)sB@1cR(Nnk-9eQVyOi1dG&*!p{4(H{PQCSz(InQDlD++F-uSeb z!KaU)&0(67lqIj3u-4L7gh-yYY)yP*kk}gu2}`D1uZ|=~N;{NiB}$Zwu01-C()}bx zcH1RwtvZs^Ov{9>3>(pl&b_+RHM|X}QdZiw7k@(s(6c_DB2j+)%7e5Op$+W#`a3qP z`kJ?%evrHFdWvs$ZsyaMS5g_|rFiFhR?h!|c^^H;-E$t{^UZ6S``q{B2~VZOt3WjP zr0fTI%gM=2AikB9OI445z(XBJFVuYu>QJD{N~u3T!zj1vPKV#3K>T{2zXEQTjr^Pf z_U=1CR$hr__GTBdd+&aB?9OBRPU(!c?-k);7c19oCp$0yzsx|yGV0nZIeSbmQj(IS z<7z`pa1gD!pU8PPo6Y4-L~#=pWF$CtAk%KYno0dqXr0uKcCDhY z_!1dE=Ss$QiPEZ5MC)UicK0;81se#BNuXVuw)C5PIhP#YMLM*0Ot|e<&L7cP!fZ>s z)~$#NX}dcvsUdiCtAd-(cgX?D;OHx7yPQ3V1&Klj7P(w5$ zuDg}9hj$=3Igt)2oryI?iIQTW-PjA5b@2o(?dq7WHc_F3#|`GZ`!1lTYRmqiP^*{B zvAwu>Vh7S+dV~4-YW=y7>TL^nDW?-xpEaEcecRw`REnY!8q9=;hiDbSW3mz|f`V0B z7ARlLBK%4D^M*wc?X4lW+hoq0c0L!+n86u+4Xj`KEnjUF>H3Fr^nW#!;GVmg4aGKs zTBXpjM;{V>dE`}_h;L)TCIb3_N)y&#b()LnLe$bOt2UD96`{kR_BE(ZH8g?<>M^%F zj`J_LkeQdw=HlZ!NXKo*wr>;pHZ#Vez3eD2p%(&!ouDNI$m4ys3o-fDO_~PrOdkIB2MdE&w}qZQk8NtS56x*0#GnMk2)jUEdqwoze!Qj8!W<_ zIjRF=r5wz-;yP}e+?$XV;RNR_V`r%qQ+*{_S-UAz8+rXyYfyrU%Y8ruBem(gh67m+ z5w_b986}GP)OMtQyM+0#EuqDjVZ<5&r?RQ^goP1dXuzB}lyfh*fJ-jFn#)I}i1OgW zBIV7h?Y#7_ch)w2YaT6H8B}ZcgCm^Un)ixE#m8JWZ)ruVgivi`vfu6D5b6jG50?BB z!AksxNO=x2t8mrqo4-7J!Xl)7sl(F#1TLJR4q=$ZjG>7*U1~YGRd^)__dvA%@SqZiZ|Bh4@#H}w%>X4_7@Ls2J;U$+b`x2># zU7{u5Aw>MC<%LSPmnK@G6yZ|EDQ&n#1T(cU*Pm1+#0fp>SA7=+CMZ(qsLG_QLHJ|H zXUmqBw2X})$SV9X2p=WwzJpUC7J^GR@WSE}dQ6zkrRNML%%dW-5ELScZbUIQ)htvO zv9q?CYL$Lfe#DI$?KcJm6B1#gu`HizyU^y%V&kT^v`Gw>G9h)yXeBI6t@!sy9SI^- zF;cN!(JA?9a63i8{Du!p(zt%wbVjAc<8w%Aq`bJ?(p{LPJTyt&itm;f5)$21l<%di zR)jlMUxmSqyT0Q2U2VAX{EIkwU=lu?N~_;nb9lTKTBUR$t$PjcKkz<<#xUA;X(tMl zzkK?XViy@on6wuiM@{E~ORwU_>C$J!1>sc6P_QT}!aJ|j1+~b@RDEN3on5!}(>4tn z+ji2Zv2DAtogJHvZQIzfjmFlFZF|Q)d7t;3>$|=m_y2XxwdTC1#uyATWo>AsA;^mT zk1p|AM8~K;id7rhn@3&U|KbsQP3n$Z&@e-egz!FT zB!-coZ;c`oNp=1Z=QRIuC}HmzR2-@+gKx9lXLhk|)i)9;iz+&ySHnW}T?t@{2-6tK z`S+EZu*78#4pI#Gi!zpREe|Mzvk{MexiR&UB+Qv7UQxI`ge(O!uSQxrOFnO%l0Qqd zKa;;wM|2z^JO=zpgFc`-nr#Gi%H~`w>dMV)HjJ(g6$Lc*OpMUs{sF9#Epw?Jjys!T$LQX+XA6_aHi+UE_MEkUfiiaOA|QD$iK`=>UJxC+X9hT>=dPQ^##<1yD0 z6j2kvcI7TxPCLah^wOs))lp=LKPE8yaHe>X1?44EewB~eeDP8!egF=~mvkZa>dz(N zUrfQ3C1nn)=hjSCXBuUB?j%9U?Lf+V^5=7J&MkT1I{mlBQopFoZqggJc zC`sgH7orlm6vio@2uDf+`O5|32^vkjZ&TR<4;WInj7ZtjaehO0ML}h^LXOQa1=!Qn zVmP5#kP@PNrw!CHX^i0pLkLLoy)vVryI5ff4JKZqzu|Mus(Gc8to(9&rOpI``0iwiZ>1BX*^-dW zq6;fQM(+j+hj!)g5AR;kBo@QpGdJdYznHPI<%GrFuUn|!lPs<|uvb@5Q;>}^#8MH9 z&?U^ihW)LW>`)6BEZbIlahUtXUDAr1vg!NvC8s;U%5=(ff$jnPyr?y@(voT0MBQ_I z6u`MLnf_wC=TEK7@z$I1M00>=gEb#Fmmp^-B7_l>#TG_gB72~>xu=gxEPE~risn_z zYDH-iovuw7U0#eCsNWNS z3hc%F9LYPLReR&ia)&!shcy*c5D|hiWKU!UEdkHJ94DF1JUtN9t)A=&t8Id^bt;T~ zJ)r6@Us5X|+o6pt(fFeffaPviWy?I^&V<@S+58X_Qbd}8{W1;hrxhBnnIXH2VH_LI zLnqURGWcNJ_j;^lMrlGW>7 z?DUR|cKJ9LLlAtSE01#GrV9iN|Jun1~4N70?9TLUTcpu96x~Q4QT|;dIg!H&oS{`GRqPTD+fxTk?rb zz2ri_5sz`$J~p%45KXyW<|FTiI)d427l*OQduzRo7A)lVfL+w)%^0)wPJL)fME+^t z7G&y+uk@bi35z_FWsb}hb6VY&;M%PAw5y_EV8!yIvWt-mo^Z^59o%YLcV)KIXl>0K zcm0hUh30Fk_+!DmNuF>3jUHW_1b5EZA);O%t9;cUHp%{mQ4t`d%Smc{f8ldxJNWG~ zR_BaJrExi!rS1N6K)R^gdk$NM#rH(!Ar9D58;O~v*pyPcgyjH=cQmY(d6m_?&bTK| zV+}(EEU>}Qk(7!SI+0XuiB@&p5mP^)Lxhy`oQT8_&yV|BQ($(tDSA;o#LH)!L(1pK z5I$&LWdBN=Ey*679UEmLyQ65l_O|J?KwzM!y=^v;QUIt0rz4OsiMi&wJ{Z$Ty9%uK z+)6T9u+X@P0;45){ca|s_Y%tK6Q1q9GZT7*Oo*~c#?bf*b&?I1jK=+tzuDDOs~F9s zEk#Tj#~yCuHgy=ZFmoJp)H-syP=$l8-Hzn}6T*=+yw=E!B&fyA*M|!|?y8;F$RA1K z4EAq4X_LS0h$40lR;5GdtMY{s4ybomknVF#FVJ!!%#*sSISYB-_vyzz4n(OjWC}X* z?USvfh}!q21z1=xg=+E3N~P8QKK=c&5uokS)S#z)X(S#p+j<+mO-9A8i6vApE40c) zIo*@}cR1mBhC(S(^r<*$L?F`#0xY0Gliuj|dbe^ctAG2n8%Fn-xLlGsiEYL&^Y(~~ zm1B5!qYj#GNR)#2q2jYN9}N+Bj?6bkv(*^Y73QFn?M}Rz;!9wj;>tLlWia%*q|x;_ zwNmV=JNCY?reEli-LJ5yZ!ymFbM4;9gBM8L^PcF$l-a+fPPuaMkfzXeW&5@oXgRjx z^y-~^@=?v&jRAT6O1de9Yq3~`kI3`L7^lc2!{x5MHD()N$v6kX_62a^O^n2n0r_#} zke$UHs)h5CFA3Vh&D2v29kGh+Er-afd54dwXM9W5N^v-f8sC*ldDIRO_-}SHGATyo zMBGx@*6%kwFK3pPsG`y|xZ{8=EveKbw+Pt3_RK5?`K;%k&Q^8BcWMY4;D)j9^Uo_* z)P%vYc}~!kCW~#2d+oh2us_JVRKJb@?Gq~`hvxaBqG1f&@I}uwRb^gly)8^!l;Uec zehA~?gHUQpQ6(2Hio~3!lNC^ul){{olnnvWANMow&>w~sTFue%@hB9snIeF7pSr~h zqUy=uA!8DbTBts*A**`Gq8FEXPdykmK*1MT^9 zG0Hxb{^?+6A}iN*+IV2mt$|2gPzUd^^;kJM4G`U6o`8hQg{0LPVq?cC`GTqkE#DNr zHxxF!NT*v(rDE*wMjPolD(SVFX{~($6&(p$OMsF2W)YM{rI1MJ^+N-nJPdcrWueFl ztkrM0te3k!&6*5DPc-WFm2iD3e0v=N+(k1*hO9dE9gFo=N_;rc!preOik2j{XTsS= z%=7$lG{8sn?FkhM_k*bbE~00%S*)rGElyKnWuOgS3P#NCUxegK8cG%le`sZ@JYuE> zX)E#4rc{N|j*`rEX=eL=>{6;KWRosBo%TB-zVV12l<}R_wkyq1s16SwoZ{j^X~EIz z9>u}viFPWWIuDvCTPx+87F&FpqWo!3r#ZTc^yG8rlA*HsCPH1ZF$$Xmm_+8)1DASq zWuofr$67FvrgS=2bJXA&oykMpSIx*HVK)n~4 z>7T&;LKfPL_!Xp;yAy#xZ+TTHe%WrY>gAhPhbUc-sVi)RThgP4@a#N56zrZZ)J}`{Ou*q+=j??^~XJj<_viy zch;`zlS09Z>X`ePWP)7Q9kL-Hb zmx3A5>x;@W`qEzfYyloQ&07KqZb#my7tnIHdI&3D@GuSo9S9_0gD$s>AnB=rR15UR z0!@lsRKeYs8A-tRkhxrvN{K^2n!$LgVSDWsaH9G&TCb-!ohR5ESLv7c%Np7SQ%HKRX-k&pc}qZ-mFSB@zJO`%rP>$T zR_)sQTZdO#qP@f!iF>yDn?mydiwi1%B~hbt1Sg5x8hJM~zC!+Uqh2bVn;$XV53HRG z?lBg;JWH7&qa|P18-qNT<8?zNr_UU^8&}0eVmZNah-S3bdtM^sKeB1AdyEtrKnI z(QfZu6qWKt?h#NcZ3a?GKNz0RYiTK|X0-=2zF3AuRqkYnclSA;Eo*zOU-vKJtq26J zs`Y2z?W4#c%DBH!#sA7$tLH`TUFAiIZWU)x%Abc$`;xFMs-fJ9$*x!o>A+@cbi5F@ zKx}%Z`ZBVnA-{7~^+@*NdPdu8&={(ZCKW!NiGmwGK*mEeO3E;GT8)c=`=nKWP2N0f zdfO>9bX$#res_V9c9Sp!GRn3$O678k8T_9}GR)!O;ptQ z+p?S6H))9eJTjqnur5Jk{acU^s}%4tuU6|?3D5F$KFD^(+(4N_3`X3U-ZD@oN-hjH zO6#QiV3{A~$d&ee9%_KlzWiSB@d5I?*gnfwGJ@@D$$CTqPIc00uuhN#3eNmd;b=th zs!x()fx|n3VrBWmY#IJX#m0bNGJ$;wz~%OF)(9g=Fi8)fqT-J3dy?rTn!xteJ$6vo zo>lN#0{Tdpz8(^Yg1f5DyP7r1;U|fPZaJ|CrN7e1B-EB z;Rv~|50$nC4US5mr#|(kyvOpj(jqO*c_4 za=U(ASU&CbYiKrUV8IbrXy00?>%bZXrVqbnT8aQK&3d?xLAJ)aZ+>z&(|e0g zKO(EuAtCq73K@EEivplMrz9K+UmP`BY=0YyTyAI+7Gp=rlUaXD9}Tu#Yfd)uHcE9z6RM9R(bLl0p<@4!<_r`Xx7zL2z)k1$ugl&0%PebRIic(i}?>l zA~@fr9kGE*@aNa6GLlrI!n31SB%Xvmq4($g5AB59K*=jxOgT(C60Ltyjx8AX%;3_W zvgN*P(Sqrk2a-JahXIZ&Lcr%kb+c@s*_RHg;5rqyXFr@WaL==g-JlRu6?~<2J&_!% z{#%a`eIOv5fD1pG1+kV`UFO9;v&R6%FPl&%9kPZmbYqtYuI7`b5-$|DKe+Nz#~3{) z)@7G(|LE;3?%)k1y&lrbMx;jg!SApL5jIPm4&%;pE+GZb8MUda_3?Ev%jk z)fRv;nT}^^^+|601)o2vcu?4i%x6yO=+QSOr;M-6=#?CQ06FuWRah z;$+z1eOM0m1&Ytt#w(qh!KOV9VQ6Zr$(Mh89F+@+=I*jP`0B=={}yD+ynyF{ zU1lMBVqB{=bNn`Dc=?{(rr9O8_!HagL&5Szg59@8QJT`MRyWE>br|j{>>xS1k zd?#CfgKafh$U~VhV~CGSe<$8e1yu3iW&Q5<;T=n1D6!q_(j++k51jtfK<^t00e-k_ z*7}o~oL@5fuA5Z|5?w>qt8|VE0SH_q*Y6sC$~w@oI@?2)n$6ittx!bU*fnanE71-v zDXGXLR$Gd+%W-vJ9UP9C4hVz-@*5bvAe~M99~BQ9u^+C-msU&L9(AkuN#R*z{DuTa zqMa)y;SG-hyGlKm*L2HWMrA7V(xK-XU%~l%G|riaaT4>_{CTv9;*?U-(#!Q`h=NL( z&i_LH5%53Ys5H#C{`&bfe;!kbAn~8HtfU~WFmiHo(VK!eZ;_q1QDKwGAIKZCVK&I& zc}<|p1uB%TkqZ1gU^J1kOFDRqt;YUN%tOvCHZ&Hi_F)UTfZpPU7P0;5p_X02@riWJ z%f+>~Kf$G-U|p=>5k891;65!-5?;khy*dMiHKX(fIw7)$U$7)P=i9%4elbcF(%k=L zMtD3FpwoE<`t@`tfwvr5f43QjQ5?BSOOpZtTIUTAMS?8k0^U~HiQ#AaSZf(!mdL?* zU1HXWp7sXdmzmcHMP@9yjF^cGm)V;{aTr*OFnKhn>YfP2M5rfZxr^C2|lR(u?Vy=S7s7K3y)ybZO6$&0wqd{qRBHztqWX2r-?m znsQy94>*F>m4%+C7qkzz56$We8ahT{r&r{fd+Mh+cfkCfb6?FlhpzK(E0uDEJ#M&P zRQoF@@=l{c4j?Y}^u^_(qQ{!$`nW^ge7TZ4IFrHsx=RLf?UCxEt%AALlfBNOyX{W% z|ClBIW5^HqZcTRuDIqT}9$`pCVltM%2`Rtf&FTpPb4P4`1w6Dh8%4N&s(r!rRG^LY zZCiim*q=oUq=7Fy;N|^$gI`e6cxtkO9BA5(m7})R)+|Oa$=zy=Z7?{Z`$ro|M$)6h zlY9c$(j()XS+s)``coU9NF}|i?b!#r#hc4|eIpDPZ{YuT9@NkCmHsb=qI!-M7tbStWE0^U zc_fjkbVUTOrbMVj1%nPm*OQOQNvKj8-5)lUtU&j?Enf86f-sp5N_g%?r@z6~i=~|I zzp{+T;H;$cQN-+qe6zPk)HjSagj1Lb0X2HtGyji`LwHDjhdryQ&=kSJ!Ere$E>9<8 zqubZl(8!2YP*3vdom^%mpTwOluH6ioIQzVzCe?mH-C`^=@s|N(Ik~u)7fQAu+Gl>* zV+dn*y71FOrYmN8+8l5q7*r_ddRMv(zw2_rc`pU_$Qdk*lSD}i>L(sT>fATEa4$^P zkR~(<^k#O|eqyw832~e-`!LY<4{GBjy!k6yt-$n*B6n_)&sT<80C`s|TR5G&YbLmP zW9KBaAF;wxc_Z^*D?geEj!202ZeBDLWoF_bUo}hSVn8C|$c!x|ldMJj%0(giQ2qN} z_?T1Y;w$WZ(JZ3jZ{KeHJ{#AMmAFH+i68$@%ux5o-)(SQg8DcxrCUzI4R)f6nupL5 zpagUCenTPc`bnp(enFe!M=xflP}-(MYb<+OevA|iI+NB_s; zUD`FetXnZGHhsLqA|gl$lI;om3B$O)L^=A9UAnIl(b%p*3{ZW7bxi@4edR0j9ZIUi5`$)7QVCtvz1=SeD; zG6$fuL=`kJU4useqze2%fOJH{uwY)JhtiGW+aC;Xo}p+cuZe`v7}sq7Gw(0B#;FsM zEdQ=vT97GB=SKGPVG4Z3PjrhN1X({q+2Kr(j42q8`3_5`T31+!>eJr;meXg?KPQ^m zlPCCy$Ck;@+yfa9q`%!PII0-XM|=e|*5d^cDB+WEYQS6kTzYJC8bIpfM2rp%Bz^TxTX4^DTz zxG8yN%arg@&K7-8-{Nru=?0Wc`#v6%5J8wiB<2%`2T|ZrNrVs*%nPC5hzki>tu$E3 zI+bcv^o2sh_K{7(K{71VnD_bzh;S-4U|j>9?pVOmT%R=KjtDfcT0 z0>8=5g=l?4*OF?qMYPp(#dq~i5>MS%aAr>xvNxMN+{m~v6Ex+Ga))()Trpcxu^o6V z*9y}62l-x@=dN(dGj*1}BO!)8*%0|V|8T`U>-kPW1|Ox?kwPI>C9%r+qdx+YQ0s~te9#{=fLtQ;O976N}%EP|Fi@Q%IgRwLqF zP>VO$kgyoPa}Mh@2f9}S3J>&kskrJN9|y}@_j+Md`OdYgx=vx()Fje<{Wrx5MB6!( zC&u1w7}H@~E)FWW3APg^Oj_n;?6+p+1@FY8+wOQgCn|Yr^CLq|A#fvmSZq8qGHf3) z$E0{y>Oh;2iZvp&ikO}!|5Eo9pz_ZE-fTaE_kRKw-YfIh5X~3i@V@OV-B|L(+%1Wp z3ykB2KLzuC2lx+sk{0>r=0f`i^uoX-ZB8Q{bHIb*SSqiIM^JNaLsGD`DAL+wN4JK%49z!~{YwnIZ+S1f8AAozaMke1C0M_KvLA>Lo(S z8ls0Dox@X1)+7%JfCpLi3M(wVqgU*5?wFlr*w>B})*B9R2+= z(XEz~)amF%@kkl4CI@YsEC3NxyTmNiX{jEFNuos@bQn@<-ttF@yVPsR0m~=FM9u%W zIwR?{6@u)i1wip6Oyy0Y0r}!H_-^RtEMY+|Q<1MXEh=q|3@e+2CFN;{If48<&9eeZ z4;TH;<|ADbLOFT~H@*)d)82cMGU+T~Go+9pu72-N;-^>8BPk=6H;c+ajma_F=-N9r z8b9tgmXAMp`^~LcA38t3KFvYoXp&f33O*nQ9Iw#GtO(hYUZjJizi&V6#E91lbe3%@ zlwj8b*dvnpsVj?54Roc8Sb3Tydk5S> zH#E<(9hgXXO52I>Sg{I)m26nZ1+kr7%5N1Qb4awF9zN2^e%3FQHxs(5`>de3g9yu; z|8z$CB6x9}{8(;hN;uinVfeY#iM50KNQK2mM%W_WQ;)y3hY|15@>)7F<<%WyC&4<85klgFz7CzJAEG*OQmC?q-jC>*N{=ggp02~~98QkQ0B(0E`an;b2DsE6cv$7>$KXo0b?v)8 z`i-4utfajAuu|O2;iPX9WyXp`r>S$$9|cuyt;J{-3r$sg-w%(5C#mAC*q@#fKJQL_ zOp<+>ieDkBv-q1%{OIHBV7uE}hP8DuJ`cAA+h;f;GK%JphMBG24>)%b67pwMtvt|U zo-%knV$%M2r(XjFV@0B*9R4G%+mbfo=d^w`C`O~L#>VFhDQ|lfs>l6;(fP?|-Zes? z2Z8KN>wdL=Nkubt(3ernXmEyAoay^L0?!*84OirNf&8qFRqF@EdE)GXgm3_S`!|1* zvfuBwyB%&rS>vgkQA`EV``~65C7m{Z%qp+=r*=Nmg>fr)GtaCmds_Lau0LVBgN~#9 zzO@^t`G%J%JS^8j^jXeOAJ4B=d|r>py6#WzHW~Kxlu?{x7gZt z*E$^?hD?`hZitr^Jb(I33he$ZIR1Kx49xje{9COYDt%A3F-fHF3xHMH{OhriGZ{YK{XKR09Q*IVR=c6}Yz zz5eNF4F4A8_6=Lj)QIALC^D^Z|4G`*e`kYvhUEFY#YWM&2#bp9el;z>$_5dxC6h#3 z?>I1>t%H7_m2rhv^iC8*o!L6qnu{}cptK5YGoS&dd z1RDQKdb-$<(`z5m(+Z1&2M1o_{$XrVlIVpGwd(|)+sWv1PL`ypDMry90YIgxi6dg% zJIxq9QRy%a#cXxz0&sjbzBIAnfE%34NYWSZO`67wq$W8wqg5WZp!WcA?XXr+Sw&7( zmFb17;uU167`-1*9=!wB#N*d30k{8^CF=`z9o()WrtLHKVd6u}ibjxPRO zH6GNik23j=p~PJ@!^M-E9+C5{{l>cF0SoxSOpJa$^SHA^fg!w%0XXcE_6(B;~>N$hVmK z2`@a?u19)?P4=WnPn#{z2cpT=V{0*IoT+hX+pRj>DO0D*o=l!yx$F*eEJY@ZOdk5o zp!|k3IzCCQuUV_BRF%}lO@<5^IFL-g035K;g=kt_PScfh`eJ>ynK&lhF-&`Eoym17xY1=o zhMVmb12FLBJZ*BsPIDk>-t>koxdU#WYw3}2dvK(zvxSt)4Ii|Arqs(130>8H5R^?F z_o*%1>eawI+?;To2L#z&FDl{Lp0NzlvTjxnb(|$}dCXNiuSTfAiQ&SQg&@Z<%8o6( zv4W|tN#BdsIHT2bvmRyJnyL!k*+ZVc_$4Y=CxZ)bVt*Tq)f=0^#&=}(#KL5 z7?i&nw77dK%ivv3BVSQJs2Q zBT%6pIwYUCR0GOr7NwA)lpXn9MB7{m?^SG|S_P6{R@OE|`EK)iDAb+n9j}F2@9r!6 zcDO!eKXXPAXz5d%*wD_Rym?gZ1>s#wsXuaejD|y=p%gx7zUejN1)x4Y|;L z0~6r_Fnk|-u-k3N1=77_hsd`kB)Py8I`CeuIr64x6Zx-_E4OTqke}H?c-|QjV0rVo z^1YDNGjIejGj!*;dlnfVbWIhG~X{rAqedLJd&*MH4D^mJ&OI!mcl|A$s)ml$fzkI4qhB$(p0tILXaBI9Pe8Kiab1z zR$TviB9B6&&m3!u&N@ay7IkoChV7OcQq&T*)C_MxJK2JijQilna1^J=VewDQ<~?4l z=DmJ#q++1fFKH(n%I1jGwHUcg^ZL<;R*-pzX0~ECfM9y0AgNvrl)=uH7nEdOKzKWD z@npsgFQ=|TFi~h$Qz>HDE^l-$EFwcmS_$$?!hJMUW-~#b=g35HP1z`Pv!vck5^P)u z24>tSr@dd5cf8%tuDRdYH{33Z3PhVeZW$eImeYw-tg-Xv>9AVlMq=;JUh zq<+CVXf!_>>3VKkWb37eR5tyHSrn3quz|w?g#}_sc2<5bkmpV_dUm38o>rkKtTZ*t zrujxp)^H*BA$T4Z(V(yJqhb$OtLpijScTknLsf0@S6y$&?;Fb034{A#5ar`kFRzNa zss*4}{k7p_B?AEvztsHbiQ#jHPyFUFU7$lNqcjL-Q$n?=I#--M2_#)j;BrDE>WxvGzzFQcVc7f{#| zAny}0bGooH6-5A@_jg%s?rBdfHT^%B0+9PRne_Wq@>(k z-vvX!vzvm&m4%e-?5b}_k9yxl676zJ37Yud&$-xlEqBX>cCvAgcuYNyAaQ!^$@{|# z<0$xr?njOsJc<1_OugNr6kS8j4@Q{<#%SI*8VWg_2?1p$T>cHw(^&>1sY_y+&Vx-J zS6yEjKHPb7RySFM1>Y;SF)-J!!*fjc>pRLYz1x2-ZD@whEr_`JV^$i{IvyvPBa321 zH!J!u;zV-jB?CWf+Vy;)5$U;@I?UiR9?pv!qykkNc@$3kr*LE~7kwHgeS_Qi%89#X zVVq(xOkQdJ870>wbtdWXy0LdL{t zMpA?I$?de}oc+h=ht^%ckl!u*p$bOuQEZ56(u@WNIN{;>Vd0=*OUM`yBIEZUl&VRa z0T~q;c2ImWvu|YnGHvUj9--*Ow-&geC zp>Ro8h3kx3craj#2T?3>ydb_u7%C}>gte%6mcfZ}PX=>!(CDa9nhf*=2Btwv z5e$Y2>fPM$uo{bJ4n2L-M9F5)X`RPEN?%J4y{EiBI<2CC)%CvN)$PoUNo3tl+e;9oRfZhF%xDOK>=p8dVMU8;r3^1Mhml^9 ztCz$lT&*~hT(!Qi!})MOC6_bcdsy?N%rOh&R;OC0)b3H9>i#Qj>)Riq9(6Ujmq+f|kGLcwgu@p$+e-Y$W;Y!4y z+l3BumZa3B%2H`{l5*ja5MQCn%2>qT-Rz6z=TYHM`Kf&wb*9$yO*E8D+^d@B;?!q9f^zQ}k@o8NI#MbF?v>=~aDgDC*s*B{rV%lozcDmpF1JPM2<8t+Z}8 z0WrTbFa^t}C3t48@woHg(Z~4rHXryVy9wMP&lS~~nljpkM0aeRAlTrBX4$g6Rwnbp5dkAMJJR37tBkAg5$^zof}0z3y48fmkXjI36gZKF&+G&f!zg}c^` zDEK%Cq}@mfLNfM{DQD{HLOWj^?4@>1%9n@yG2aIY5c$V{1XDYNLxp< z(f;cw&)Z{!_!cqVw8&Uo4^^TJvVmR8nCT~Vzuv3fJxAm>c6Xtw6w1FA8)CfeN8tF? zwLOoyvAc`7c~~&d35sm1wb-W$-OKwH7T<9bBsx=MMWU9YJQ{s9Wk$}|3Jbh*Y`q>V zal4q8Uv|sIX`aJO!gQfy2vm?PPR69U%$OxjkL_6sUTT5k`>gRcHnqjB2#d{6|84Sp z(t=l+EEHDs5flz7eC?DVCfUNm*=wGOUQ}ejuTPp>pEX~tB@H7PCMTzy$y4V)_Udd| zf8TZVvaA;(!fHq`{^=$?w~wLQJGZU?Ry>B>k?e{{trlCFGuRfB&5He}-)%qwstDyA zQOf<1_%r@AgRi{_WcKT%;g=M$`nYAT>y9j?XfYxXSZO)BJJe2n;z%*j^FDDnke0RtWXN8SX% z%HARyb_G=pxz1MB0P(EBX*Rke_rZM`{Dknlu0R?t$BRtnBeHNGr%@yd9iCv9PbxJ) zEnJp8MIUzvi0W$>*YU6wT#0ZyOZ@t2YI8kuJws{((`@Vg1upg~llDn_%+`^g_TwdP z>)u*VgA+$!lR0E2d(!R;h5j7{)5W0UG3IUpPs4Qaq69@Yv&vc!v+!C1nD-pZwa>lRj9C#7^6RNivBA0`w~anr@Us}&Nod=$D$Q4VRbTWB zmBRa5I7Sg`sP@u37b*Jld{tzpZc)iha<^kuzNm9Z!g>XoLY7c8U-4SP&3k4UFJ%EG zpIuJk(K)e z5)9d2H>$_hJ;)MxI)8bg@rU6*=E~-u=<}WYTnq2w7RbO(aqLqy16j;U-8bM3hZ(h@ z7_1I=SGgzCIlJVqJnZ*o*cb|^z~gSb1>?x$!@61*)U?DAGZUKLUvbbyeX!tpv&(o= zt=+<5B6z|L9UGaSR*_mReP46BW~9;WPUCdM4Gl*fm`4|j8CkTOZ?$Nt#buC9w-*4molDJIdqT8hd?xKJf=0!PjJKJH;!v6@T7B%|i0{fu2xalK zw|J3J37?no+X=E<-;?cCWWvwaFuZFa@7$5wEn2aw+?Z!7^?BDMvn985#~9$G3Bjb? zki55NPIKNC$RCJPq?=J1njEdytOCx^Tzv=#bibdI+*9QW@LIVZnwdM~p z<{h9{Xfhwx3{u|)Ou$oy7c-2kT0}~)2h`vzVw%qg59HcCm3r11OaK*emw?6%;eMIh zKH`*oOrailjq*p0)~+A_gr@d?n%mbOSY>*A={BE;1Ul$ISEPqEM?^(M#Z0?ibANx~ zBM>L+)xOzQ_q48FHmQ{07vdhl)JzviKWOX~9FpUuISA$W0PJ^8T@rYr#RN1j|+W&uYqUY@ANi0zlZD-C>Y0^)7$l`OvWRL zUs30wRIgMFURa?K5KP~S0ZymsQn6@a?dx(L9&HqlW!#)UNzO|B)030Ml$1bI6>vKY zKcf*kJ!UG!aV&J&;}m}p zj~hnWc&I=jgD;zc(erzJrU8@P!a`CcbPGLeF1w*ir%|J^!A9qJJ`desrK0~5mYju_ zk0$!5S2GR;(@z!R7x@{%UOq)GYbSM{3UK!a$sDz-tbh7mkkUco^;m|VT{?^dP4{@b z-U-1s@}p-u(JM^R-b;BN8W_cTw(q^l2Il!K5Y+ZG1b*k*t*r-tV-Lgs+vDvC?lTehIX z81W)SZ|+1J(VQ|;92HGrBMV$i$ykl+)k`sEDGfzk*0yw|xlGf2-I;CIk_v>I>gy5t z1P3daD#JIeh*BBs@zA`i!ZT|5a39G{1N%}tGK9ObBaD5?BGuaBFl%S4hwW=B&GZ|k zq=LVWe@q)o3TmC088+Rh5j%NfnswJD`j2KgKF*9JV{IXs!j&dM#N=nSm_6p|i~Au) zb(FpS@9}RU{IKk5*g;CHxpZmIxI6#Am0GZz$^VWJl74+}Za~{g&%>jQJFYq!6hAfh zr>aifkmP(SK}ngzc{*SLB=4r!|Y=7)-k~3DajSCVMXSV-C>U&g;9<* z!`#Z$=-2g6zqKT!ahRf!io=o7HR2m6we_wdZa>zdVlS3ALYo7QST%KuDNJVYoU zvA8WrD06tiZ2-Lr-jiFEE9ZXC~iBXQ^tH~*`> zB_dSc%k~4|zzwM`WcK%yjQm-gxZWdJo4x1q>Vu{sg1yPHl4(xu2^#4~ez32bmuz(i zc;KVz--V56`qw5C=^x^jTi@PZ5o>)Hg(92a8zK>gwrZZllhcjAGTFpX!LHPOC+rbK zw%$k;Y?h2cLB=Ve(*lQg;!w`tvtix18SXjH>AwH7n6;b)jqY#7U%ufMZgx;)zvvHp zM3cXk9uj(H#&Geqq)@EERz&56PhY%=P_S^x-&6oEO)d?v7sin98O2 z8kak|nT==KjG$--_ZvmieM=xWeVL(H^HXNd6H19lYU$<;>lFV7kIv;g^aFfKO2WR(!bt>pDJ5;9EAuU}bywnO`iJxr ziCP6PpX0`gPje%vU#`+T&F)tKWX0b4&@A=v6mfSUBn{25-NFtG4C!dLxLC4m!H9lC zsK1h!jT}BfBc2o*PUHJ3?rhjQV4>!yp7(5Oz2`*KYDtSZ$S=+X&&9q#OaR?ND0h+k zvJJ0fS3b~^LuEHVK<(9;s4+>PERjiCQ zxU%^}zCJC}T*NoWX2y z6R$2QLCnf&t{ngMV@XG+E}o$!z(p?84ptF{2_;_ZE2^kS)}{^1E>lL0>b!#O4Phcs z&I=|y`hU85$MCw=FWkFroW{0o8;xzdX>6-e8#`(2729^26|C5{ZDS=l`R~2YxvuwJ z-`2PJXwLf?<2UX>O$B+1h&Zc07qR?SrZRwHtFugTrw2$ua$GA0<`?ojMM~22<@GZhj&Oh}!N2kOhq3t&Zr{w=PbL1WS|A(X=WWxlLPnJ*TR5bR{^cbQLV8~cHQp|6{ zGF;ngP*KE_)P98vk25j@Uuc?%0^uSXtc{;?F(5e;{Vz{3{TC%08;)|Ko0LR5=_o~M z>7nyAZi=()^SCaKBK{xw`Z2N(2pxdqEA1`}ZpCfrg_m&GQtfODlTr9&IqBz1w)-;i zMd}EK?Db{U8s-DxQxgGCa)`{3_C20`G2)OyyBC4VZ$Y%6eOLXYWmlRA zeRoPNr)CKGru}c9vwtpnlUH(=FXIB>Z^Uo3(wx038 z=vcLeE7pkl*T}lYhj^xYq);{Vd*re&*EvnRmJ`du?=yd*bQcPZ z&yxDx0Y=?$hS+XycZ)IN8_1*_%O@udWBP80@y${h+tpLl0$>Xaf`5m!)4lDXMuZe| zRZcuMNNg98GgR_*D?-N7>DT#MfXvB8_<11oRN;jqJiYt2lf@6_$GF8h?$&}ezP6V6 z9hQ{I??_XMR(BCmxl9H#KUjy20$~M{B(@ire4AlX+GIsvXoiD8GG1mvm}HqH3Nx}# zmSjr4+%&&S+oGnYb-~=qhmXZMu4Cny-dnEg%gRJGPY#Z1Mw&8N2JoplUAOf1#7>+W zuh)SEF`}l|U>Wiw-z7cu*PJ;1CjY-t#=R}um1i9D75i1R3s+V#?3Z^+zlvj`QkaWw z;$~Wo#uR3~ZD;2=%B() zrE6+S?cJ&I)<<#pCr&M8Lv%FxxvRNPtm!?bn)qd}-XsXeT`&=8-gB-oyeG8x>RM=d z_nPH<$^jt;8%{SZBKp_2AWO0WiEVDES$xi|?^R|e9oSyrB?sEu1b0YJs|uPAfC|I= zuOvtX$%2WV{eEY#g4*K1`Z^{Dmq^IcV6c6rYCCDK@J$Q#N4cDh<6DJpZgM{qQLHRa zNo82E!ZUqGU9lG&lf~7CTk1-BD9E@Mmp64~-8W2TDEaS$Q6M>M-cx)}@0MHjb}&q{ z^DF;_;|8z6B6t=;;C7Q+9kPo!s5rin*=Q(J>za3`v7h1D9W~MjFR*c5<`tEG&tW0~ zaIi7H-~2Y#>*4=f(-|1M)znP1-=LVgyg`wz_c@oMDrYfcLdMA_00M_l%U zs07)vUCRXVnux&);kV%RE#f)0!^6eaOnV%{wjtukF8D#noXjMwgOvX2oFrc$o!wFf zieSLlWhw!$X%u>-N@1l4uh%yV4X6})CS&X{e><8z>nA&KnK+4)i-h@~JyIz+C?5we zEX2QA=#SYg0L0@vh;i-Nx_zTT4)5x-7{Y$DQ}2V@-8YGBlE6k!fN5oDEgs&39FOCILy}JzSl{r7s-qbc@$xFw1NB8+OA* zhLC%!oGXKi4N+b<&8mf&>gQW4$ikbi$U@(}20mx%j>SK>9N`PSK8o#+zo&Q3m34X1 zPOSdL-aZdR7Wy&s*^S)?6JOY1pvs!wOjJ(s&7G@y`ESwK##PU>;Oyc@Pr|ZsePAeY zlH)VF2Wy!ay)Gq1+~m2Z;vu$DOIzofT39pf(H;AXkUhRIvmSt4 zf&wF|bnhz{MMdV#h29=bgp69EPIc$#{?ix!%&F&CklD!F+1}@*baWBuiZ}|&j<5!N z#n4?~{SqdXC=s{xHzT*wj7mD>{FhJjDC|O7khxWU6L0`TPw}yHvbmnjuD# zt`*A<%=YTy{h<4YB9zfUGB@^j0jBJz!YKmbLUQ9{rckiFW|e_NS~+= zkLHn-F&eBCp`few0kt;F-?lXhEOcZ}*3#2`k52WPv+i(hQu!TF`+J656~p=t-D-C- zialM<=`=6sd(tPv`@$sIu&VM!x1U{q_chw%j|UkRh|`|Ip2BdkU#xMby}!y1i>e+i z^65X;X2b%#5}@dt)bz0xiWM0f6KvmQX$qAM=&o&02na@>6;=-CIg?1rG5?8v@G+s9 zMoXfuGh&^I#y2!@#K*^j_YN$2db;l9bn3|?T&noO^Cr4`ljCF`kQjSfGrgt2_zzGP zGxQzVhzJ4TahI-^ zD_38Zx!`5*Ykcn(Z0XNHgQUh4zCK8?9W8ND&)RMH2QJ5AFT7`~#(kyaq3^1Rb*E_# z;jPbf+lKGhb7~X0-ZjzDkzM5Ve5vY@pQUV-Bni|e>OpIgQ$uRFIBMh5&BXhKvGae@ zGGu%`EuimNukTB-uO#hpDf_ov@wZHtIz2A89}3kmeJ1iKp|sUPrUhLExi{Y7mw59U zFg4>iOgUuCJ|bnEO6(4DxMpcLPu9E*#2CF*-0S-zW4t_iAQU^NgsUZN+p3bHA`QI! zpT%f|d9p2$*LFr%>t#gxLf(*!>Uw$cly0jG9h^9_I!}*?0$>%QJ<1I2dRs&oA2Hmi z-k#!=iTx!r+}-4$DK~B238e1iY6VR?ZU&TGUx>L62imbG zU?X8C1QhqS3?Xni39>DZBy;<&RI%g|d~a|%sy&pq=l-*(Rr_&O3U93ON|5KHG>IFu zA+cUEgkbxpx5L}vU`c{foltxDA+nyO0av!#{Rw=~7wK6KRNNYGtkAurl{BG8D7o<-d&UPBx*ibPxqko2IQf^||u zb%rC`Fkdzcq9=m$g+fq^6)Z$!MKZZwP~Utd9Y&#<6`R9b{0`U-l2UlP8w1ZqW+)e? zz4qQJ5ju99vOTYHvsWlU(yl>`UwP10^Imk{{wUF~`Od9M6hwSqIKD zeM*xY3@3nVaYI$3W8#Qu;-DO{jNwj0m0?8t;b#ASn`(mZqY2Dc0E_IM=TfmSV93bS zhsy=M=kEGYpY3}xayRTwnFrBMt%cAw(EUZb$r%ds#iQ280%FZvfcD(pMBE3{X5Y7W z{`mLm`*J?`3?WS?y{5u-X5j_9Ixqe-{N_4p6J{6+LCNahlMS`2KX(v6oEs3f zvBxaRM`S|M?*?V};-${_KUxZy9&gS=YE*6a7YqLw8$UZ;ZH-~p^yzOtaXs6TE}>r< z1cM9@Iyb!|*pHf=drRv6)xE7N3bi6kC;4u&_ll(jOh$I~g}gg(>y zIIkR$QRN(c3E~epU2oTD*3lw?t9+sObUrg5 zEhpv2f^wIGq-O`e!0;pbYf6vA!B)zQ)xktuL-MqcB}qE#zmIco}Sshh#lbYL3Tw^#6aL6Egc+~K>v zKl{aelwk9;1{2gh7siI8cn>Oa}N&KaBu8=}o*@u*!^ij8pb*@aq%C#0jRmnmh z8>4&QQ8Q$woXdqw^cR>OYBNCwKbGSAr4cueZYYR}{L20++T&1?TYN_Gh70MAJ2@<~ zh@|d#!hmE+_T(Ux3NyLENiLPd8n8FLNUn@{|A5OX?uXTItJ>kdVUHBQT_5GFT1I`a zDB~{#q4&J6S$x4JSpDnW)Ur!*uL*4qEIO!ydAJA-hdcqbuh*?dbudfIG9DD#QMIvY0^oviviH)u@4r4U?hUjkK*Ya7(0U!3F2 z_xdf-px6Q?hc6aYDjDdtJH@BX&!jW^$%jj2li)QlP~1k|dbp(j2_PLlzHE9Z6Mf10 z`RVwn=1mzL4Gc^iA<3$Og*%r-EwJNKAtIPo;g^VW+EJIo=&Me~v#D$UH-doXt`J1}?mQ5bmdkMoYm~5+fQe+*um*MktN#-8X%$kYn;+go z^od+|_>8A{d8EBLH`21>Xpp2($B{PlT0LyaZm8}$h47al{JT@PEe`jCdF~057tZ{n zm3Cq^d!v!Cmy5#UQq*GDE|{dyh&7+ipTurb;paJ1%ni6>Dz3b4R2BnnCg9S_0s>jV z1h$i6z3B=JkLK{yhAVwP1qUHsuITeMewXuCK=>wc5#xa>r5BvoLbIdF#QN>YN`igDdV%&KT(nR& zZ*`Q#xygzdy@ZcR{S24 zFMYAk%$$@PRR;V-o|ndU$G+1;J70|a;NKJ{nQypcy2f((evo^;boJ^thtt$!>X|fh zmFL*~MuMMDj&CtgJW^guWq{69BwuMZW8JO*!NEn&1GNaNo5;jhjh9E%4g^9hrWG;; z3-MVcMm~sQE!US_QmT;TtNvHy`gN`-D;GucoyrfKHShJ2Pr+1F8MD*KH)Ix>c&}38 zO8?~zmm%Ac^23jF_qo2!q#|=78bWxp@9curdZJyQ`$kpB&IJPSb|4A8BJ_QEws>*R zbrW9hdtYU&OZ@?Ub{77?C~{S9C~2S+%zDVx6n5$ybu7PPHc($m3e9BMd3171|K|lR zLxv~i%S2oB$;4T3q4{U-Td&X^F5kbUTQHCNL+zfIR~NJhH*D_X*aCcl(a-(Jtam_< zQrNrc$ui-TjXR2F0zgjcbBYL@-!ZVt2wr10FF)UFzn`1;EYV3kC{)G3pfc+;pX)HS z5TRs@x4*xC`LrjFRIH)yQJB=Ms3{M{!c*^u7*gv4S8{!KkF4qlY}`TSHeRC~Y&mc0 zWsWkL3Hjw*S-a@5Q)pw6?^lSVV8kGbesuHONoAGbH55_xNEZ3?pR(|>rCRKm^RV0K zJ8+yb+3K1<$b&4MOx)Gu^{gmr-ENW1+1}uJO4p4(*Iq3{n^v!g_$Ddi6?r zO`{Up74UVVxrl!GquHoboE#5U#VZ_ulA?@5A(rj^?QDsPy*PN5mKxd| zMJ*)xxKlw@U89;Y#iD0oIl}~9KA|9{!CQ#whL)d%Wrt>kYMxAjSF&iNB)y^uwD4+N z2y-?Njiyab48jQ*9lO@YK=ihQk|=ESRQEOxFK|2223AUTjN`#Sq!_1!P|z@hXjbZe z=aki%Eq#!SjGQP~*QglO)pnr`9(z9j_0ih6M%hgcyA6ONr@0E^3PoXh+rGHCZ zimYslfKEv&X@T8J3Vn`;NStpc;R%qo$^dR}!@9!*WFtyhnf680r$xwl;0S`%uxYOU`w|BLCD$Nl;9d(8aB>pK41 z&<|@dS8Hp!k1i0)A%|gMunJW+b7e_QpWDqwlGA;#(9!b=f0#7t>a@Ev9%OqnNk~X^ zr(EYaO8Y+2o~|^8tug}8Q87Y9;9&FAXhddrH07`bc=VA7;$hqM*8EQLyQcbivAZe0 z$VOqcIaf!oM{32kQB*0WnjvC(O$PPsBrC4`rj?~2ak6u0FusLCC%_6S&W-q)AqN@z zT@=wU%6Kc4f~j~$yhd8SD*b0ik8uzrZ8(tjODv&{JOx%PtiBs389@jdA#TXrWAMh~O$pPE4V@th8Qv~}UVWSG>rEEf z6_Lw3&O-OGU+>+k1A0j@0LR1Yvl89*C&wR+qAq9gCk6{9HPt3H6daQc+5 zb~=>xY$q+@FqnoQNzrb0^?mJP4sicVZOkxG+tNqPey;0NccuA5KF{9C9|u2&2qlt@ zjP|RUJPN#}!MKGbCFJSBHHQxF2O|QPFVP|3#)g3XxIetV8}p z707nPh0b}7mm(h@fOmCmu~4Vi4j3LGzVH9njO0<_aV-gkGJ%-mS_=J9W#+~2vmrm8 zTF}n~AGHym#4nD@*IM1f`QOISJR2}UZw|)^QxsJnc-+0CBLo(fJlR2NQRFY*+|XFIdnCb0Apw-`xw;2)a7dR>i*c~biPBB$AKdOFD@ zZ3UgF^>pv)|2vA0MFYJ9FRBDAft^jnBBh^>6)hDKQ~b?Q_vf-9+*IRzW(bD0+QU04 zGicXd`1+3~)Y@L5tl8I#m|mgknl5@zl##N~($iZnC)6LK+gO32dbBXI<*?t>;AZz> z8U2K3wZ?*%4_9vq9?SoA68Xp6C6e$Wk0Ud8_GN-L7DQ> z`SY+DO5@tPzeu=a=w zR(SU5ZlDNbsJS=CTu{9u9d7aHv44_Vo;Yi8XvlaA7@R7993YnE@Nc#kv_UBA9uX1o z<9N38e?CyLymm6}in4GovT+NLo=GI+Pp$MN%)0U!SavL-{c-~Ct1)!0Wn6<|MOU>wO`}AKV9l=aoTAZ`1Y^Vn7n!jSvlK(eb_jd*KR_!)GJ8s;((WYgjqx5}2 z%F74VYBRP7nB&P^!-m_+Oe7GIFXH8LK&X5L*LCv=4t=ND-5FsrRvg3ic?Z)rgvZQm zYuuo9jV7)7t$Cda-xCqFzWFTU%%V}L;H=Uia0YJm+wyUcUwiy+^VL(xPG#KhR)3gE z3e88C^`fDrHQw$E*EL)CZ&QIgQ9q*4JF&v!|5~-CTrPTp5tMh!w?SOyC;|_%_i4nks((7NU?TYvN1J)ec)q z#zKE(6kLT{o$l-yuZ1I5&N*>&EriZB#Q4kMImC-g_ah<&dGyRoA;Yxpk{&4IPBIkm{zS_Cl@T5~PT zq5)k|dD2t`v?|D4rr;ag)nzMrzbuL{WjzQ%DLw5sMXX~yp0T#NUr}{<0qqLLuvEuu zM91*%HO@mnHLHy#+MGXny^}|46eb?*);c)wl`m9TI9LS&+yS9=A6HF-`ee7G7aDtY z>&Sq>0E3mq8hgTa*)GSWl51hp8Jmi zCOhP%C)|oPL-8!E*pC?t5z@>5?*KpMUuKvS&9Wt|cIeMn8iay&=3^x9pcOf;BdmvE=WWhDG1i%gbE)#0qtIvTR=@Ssh`^C4 z7(S^TwSCd;fqp0FyDLD++H!ImDd^xAe&^*!?J|68*yi*>!z;20fg6&CH4jFQv9ws_ zzf}`}&9d+m$DMAXgYige*0;9Ql=cBt- z#~C|;TL6EH8&4xJew!>43{+86M!T$=CN+N%45!K!Bu z#kiL(CJa2+^&G!Zy*UV5;Q98&ma)#p^+@@0t75{UH{i+V{)pNKycNo@`s{y}1?Q?R zkr&dv&Y$HQ%OMAggN7wS`sWjT-XOX(B!)VMaxBBJSX|(xxcGPVI9#q!TooOT?Wi1v z7?v+&<#mJGKr%Q{k|0J>(zwb8KaFN|5pfWVkVs{$+R=Ggn@00_r|;u?)mcfC&;oOG zIZtRbvF|wCk)}Tu=I$8^mG=W{S(yn2e6VP)GL2uke$$7+Ywm|0n=MrfC4YK4U2Kh{ z3q=nU`c48C4TT9o9isa(=P6+CLzKdTt6HGt0kZUx5JL4aBs7dw!a?BX>m;h42-d=) zh%=i5e+63`$pklliKP!7{UcKG^Tozd%gOP8P2i(!nshX(r@D9=YOD<@Z^ZXqqS$>X z(eIL!KFhG;*}1C_3t5mmV{heP+V#X*lbG&vV6@^ZpwOn7zm*dxvQE7+xWnSm(UIQw zyI#B18H%~EN2T*~dC$;2a@`Xsf-L>vQ0xMUvZK}Wt3)A_&s%*an}_*%o03;oCBUC) zQSpE_QoGd`Y0RU-IJ%^KyN}Kg@6LgY@1elMf?w)p{%Y#{hwZ-0X|0=SPu_#h(>%(s zMR)I3n;;JBlhgUxCC0@Bo@_?n=1r%-2LqTn{`%{{Td*hUL9+(j%Pao|V2yeQVXMF8 zA&I6Y#;^YJdJKOWJRcU|V%DEP9s8c>VhO?$(%KjKm~agE{)=Dq$6hRH@(n|SB%GWQ zdV7@I+@aSIvS7p3Fl)E&UMTp5vm4l6lAy+s-%{QeGgNxsg3fmosC`aESI1Y7Ke54n zys>1LLN!|A(Y~;oSin&W#{_qf^eFy@`CjpePU8z7pNCyYYZ*cFxOBr43bBxItj388 zuj{IOegXPp6tw<1%e0z9fs@_W`5X#1U@$JN^A1mAl9p6Q&oX&%V(VDYJl78z!J(_i z@dl+xN}54gu)%|KyJ9L%Xy7$FQ(1*Mozj_Ebu+D?9ybZFtk+a#@3)_ob^wC-oLqiJ z=jYl#nod4wmE>h5G_G5`Ug=~m3`N8G_t{)CHCFg+$48}(^LZdUM%X%CRt{@<{54v5 z`oh}lh?Bhm#;SG^{h;)d92BK+ka*UtcN%!!ri0ak*X5wwH!GXE7Y zi8@{LHUFJ06{}}XCFR?}hS+^Vb)C_Rd;io{Z7#y`T7X$>m{+3%fQF<-h) zm>*8?T!ny8y?rPFzFwLm26e}R^Iv#~!Y-+rN^AU(6{aO7sW z>=MiH5)io-V45!B!VF(LESf^Lp>fXy-P8Db1nlL>oE{v!?HGANS`|6(T&=VMt5l4= zFhCFTT!O9avXNEtBL=V(D0bu4_lv&1WSd(K+jE`rg%E7+G3)mqW_!#qx_n|DTMO>s zgrc`#JMCdOKVQ%4c0fu+@ZbBqPLM2-Qe}W6WXCG?YE}W@OF2!On7a70WXrfT)NZn2 z3TP?zI(h5w-tX+~z}-2Tp-f;MalZ0=U}?WF)l9bEO$(J`w^$Ile(MZ-NIBh(YUo~H z8^xJT@fOc|&BhrUKyz|%GxKTP_0=4E+!qxQBa599PI6E#!uYOC&cuLf-l>hkJ* z0eR&J)ihN-OyGfkFzcv7VU~pEc~i9z6(u3k^~bm~237 z_OO&&VU?p{Kpz;~LOGj;2c2Mr3~dP+X(d6Vu*hY64JcA!H7{a2HM8C5VX)TAgYgKHHmlB+nnX3*ZaEfm(-EFoXfVW#iR8Q$NHlE zUKLSgxEq1#nqK)3HuRfRDbeJL1oRR!L`g!a zZrvX4jSfm5QJVQO6!3BlWiyw+5V>KNVlj;t>`y?ZcIAP5c;xy70|_66J_ZI(7sWa( zClkD@Hw_)nZ+^P?!!X!UKjwpLIhNU2Dskz`=>&<)8yHkVd_)+RK}Oz4?m8?tvCPA> z1!H<%F`2Zq)IRMB9-2|!&-crH&@Z&Zujw6Zm94A^d%A?c=bU-hdIxknAce~PjbR!AOxd$vlp{eTos#g5e)YX&{B9t@}Nvd zI8EI5UX9CDRJ|aK6q%w{p--&DbYD4c_#$lFz!P%lF?#2Bnf+`h#X!g$A3^3E(0L>x zw}1OZ6j~SV<%^+~63lKpR9~R?T7k13<>pakCYmvU>pLUbcB=PnVN+FzfH$P^nMr_~ zG*gAP-m>0YD3${jnDmZ2LnR(MAa+Oy1G$Vu zj`fTQC>A)+r6uR-3pRMul6BB6=U$Zx9x@q#fT0!-yt4~HKcTPD&iI?lAi*WHuapHk zF2Qf3#G{8336#A@iQmxZe)UO<(08p&bYCJZgEziY2(T*Rz${UGMZI!ArVvNBy+mIn zNyDm~v0NHd%oKz(hN_WR02(Sqc!kr@^Zr>xN#OBkcN$`paahVMB4ZL#+?@|kehe)2 z_eHnwxRSh1k>5GdRFFv?o5qEWu2#Cab)6QMcEAbkM;Uf24F~cJ*4-`UZP(gRNvIlV zm2?>L-6r#>>J?gnn(XI)X*-FLpUhE;d^`|ZmJouswIHw`CW|s^nU*_YNa>#pZpK&lsHsm2Q)Qip+-xlkR498mg%im zBjeY-aHz``rxP;RrlB!(#O2p0gaq%xunxaSma?twCDf399Qi1f`Jchc2OXF(d{>{Uh|ClAU*nLkKM;2FRWFJb&0m!r+VMfxmJ6M=$3 z5YDI#`&xs8`U8SgASCY6QsJ-FySNTttF4V2;qP3P-yD@pjMweLzd0CXz^MCs?Kd+4 zR3i{abCySQ7iOXgZ{IRA#%5loxC)WNWfpF3%hpGY76ICf3XaBps9#jDG2YbN;Ftt7 zBfG_aB62=qVDI#+_=O}qnPt+y#4kWA70{Jqui=5v)v3cJo0PO0ZYij)7#{a_(PO1n zeoZ>xpin(19B5C;*wUU2N*j)zKE2QgxkahS5nJv4>RLuJ6hz@pEX9C@S~-UNs3&xcdZLmurI+$mzR5i)@0`W)>GSi`s_)I zk93)4%&KC!>U|vF#cQ6%zGF+kex0r zTA;!1`csX*|-BsS~#{GvmpH@uNb% zIZOmUx&B0e?rh4<<@vS(sbc!~;3}70^YVzE`TD#`T+$RdC!1#z$meUw>nekkj|K{N zAL);@@oCaGuGkkqm=3b;y)w-@xEbUV-`oC5H?Fdu;06=%rZSre^Y5L?2wb%<0FKAl zCEh>%bC<~rhTD4rYzlQLc2pgB_Mmorb}Lo}bEqDEy&**mL)c(PioYlvc|s7K#UJ;7 zV|oaF3c5_W`boMCF(5()>F4HGJtATzfr;cx@*eCqT&F+=z<71;?fnZ5|JHITu=|N~ z3|l`@YMxYh*t1d}xAGsIE9#W=q%qdp>P+qR((HUVQb_P@od!#Md4?^=dpG8-j%nY! z=}~)8l0a({ThDC)L4D6SaH9EgO;;tsK(Q7-)ako|S{>B+&jF1PhV3r%Dq&cU+<9ap zZFjE0i#6sX=+EOvFl!a>r$oUrCl{g$le||(LqiMW0Ej-2)33fe)@UGNQ~=wBI*42&K3D$%MY@=xQ-x(uV?TU+nq+Z%Sobm%=?j~1dr6HsIs z1lZms5>=8|fXqb$0&AdkSm5M#;z#uH6gVv30|s460q!GDrl)H1Hx}3HkvfZICY-|$ zSI3J(1YJimRJS%7o#JKNDSbOv;L|HN&Os>!q=mGb{q|K4C2rBO0|8SD3pEv$T*e1_ z(EZSrYv<3q>EutEU?2C3^~y2qquJ6Kvo+#>78GLv3p(&OF1tC4&*SBB>V?bW<UC^w(UX$(C2hO_nc(o&JPgD>W8LKo&CGFT50bdq%Yt_t0*hy*rEB#+~oYb%l`NN#&%Jt iXe#)B|Et_K{XaX@I7xefTNyun{A45)#j8ZW2mBw9=Mgsm literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-75.png b/windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-75.png new file mode 100644 index 0000000000000000000000000000000000000000..8dbc3e57b020be7cc3d5313e43deb03d6b42b0df GIT binary patch literal 24048 zcmcee2UJt*x~^3ORGOej2c=3!TIh%%Jw&>M-g~G4LRFEb6zLGE^o~FP2~9+L?;S)s zL0ag|8+5tW+WYQ(&pG$pdol))3^J2B|IGaJd%pL5|Bz=Yas;<1Z(X@^g+M`GM(xU# z>n@o4qc?Ccztxm_g)x7wx~R!Lxl+&J~1m2l3HsYVEq933jBcr_+ejj3L~xuCwiZr8)Tz0j=4z4K>ba_1|1iEF|$xqd#q z6klS0tjL4TzO}p!$uBMC_Fe6N|D|#6WVG6>^6s4Vsmj?>ykU4>Ute2pZtg-nm;ReH zNk54T!1)i#x!u@{qvBKCZ;dA-rQb>$4&Vk`+3^N%8jrrcJ*l)y;=k)4TXE8OPU*z2 z>(>$lUy#?)BHc$Z6bti8mDCXMRFu;p(A6TJ$kRtR>u+#^spsS5O_GK1Y>9Q?d zP?8C_ou^XJ_q3yYWtthVwlsx;PC^;&b<$n3wvI#IJPkQ3MendU9zBaj(t>etaR-KD z&XR)vxWyTY(YA@8Cp8TX=?G~=UOV`pbUn>i_7>>Q$?MC=XKNj=uJom~mHM6ADg%KT zD}LvA7gJ3u&vXvyTYsF-IUQ{1D66QLn3!BEZM;Cv%2ok$1YTS0&prDFB}KBNbZs;a z#R1(48#lfeS?5uZSas_G;v3ZmQ)Jv@>kazti&#Ajgq*-M>bs&_9DucG?;q-2Z%)0d z`Nak+-I9;I%4=_F&P0bp>kh1e9p1G--(#riNLUBrENi9D-oP_;$>E3Cu}{MRFB(RW zkB(ksM^z;Y6<2m-iwTvkaE-Znm3P_MOhB_%DvK@Q!Z9;3{K+dVdxv+7s1no0gXRQ# zJ1iyF{DKr2d=jS?D^&>B0)72`>r2()VMBnA0XEQEUAme2Eo}MLYLJOeI-p zNkX`3@-_mFZZ1Mk4lbsg*k(JHsk(P6Y!A8WPJ3%@JaPGk zh7uAJn~LDeWF_wrb=R`ZNguLvKGo5oU=!3bT4)VRNJ<)-YOjJ7PQQF;LQXB{2ii~P z8x2KLqTQcIFOU~ch6LB8iiBUNijU2iECu8x5D+zAbQVhTkQaVdVHHw?WYAa@BjR3v zi)(cxo17jD+mO+;>t8e{*SCM%-1I_}4kGpaIbhO1PP5Wi0ZNqf%->)|VWfm70+CUk zL)cTMvZvgEqrSQp`d&u`C&Zp~P7E~fAz9SN%N=X=JvgISi>2g(p5Cw7Dg^OBWVlfA zqe;p46fI*FRoI8Ct6NXB{qE90SZX`{t@4~FMp=5YILrac;w`pR9eq|*$nFmBf?V~b z-WxGv9JeA{O*&W|GFK%bqeE$i+ad<$sNjb8R7uaKR`y|8K9VV)sSOoMvnKTl>kRHh z7V4q044}<*`KXowNa)BYb61sc-=eo6xO>HR_pV4ng=HVDhSuy$!;9TCr{hjdWe~{J z4Pr1eeg)u*yaw<_QfFspiv(9dW<+Q+ z5Bl0tT)^QZO*1q#&*W8-D_OW-|GpJ4l>%mj@manb1U zMAXaDJy(|wUDAw&uu&0%tFf*mp8#vJlN;%VC22u(heHpBcbGChIG08%PV}h(@Rh!! z^Q^C0mG$z~%*8Kz`evAX6}1R=tq_5($3Rrk-F$rs*$P|rhqO32I6R`F5k994uL-CG zS96C4Ni5Y{WMg9E3(YG&dhBEnF2=-_$ocq)LmG}PqOTDbb2VG#r#|*FxEl2&OG-vY zIB8u9YDP`tB=Jr$3ik?$e8)k$5%$*|CVDU_<2bWZeBCSIC)Y%{>$b1uPGoQT9hE{hJqv0>;V^{fD`Bw)gx1-n z3+zynn-XwlF<3{hSne~Q3$==OtfHYc*^GMFa-5D-$Na(fqV;CV4P^P#G>ZM zgv7+es$~gJK$X@ir8$$&(e$q3*-OosX%+!rn&A!lHE-sTe=sL3cEh$!l$QD9rerw* zUXBsl-C8Eayu{_JTu2-ZX!jJxZnZjGOxMvndw8>KOSa;Xbqo8P@P`|oIS9EdDAk1cNQjPoB} zc)11=*{2TQ$IJ9VyWr&xULCnnCi-8ujP2c9%kqxPehsdq-1YpgxV`7`j+$5LGRn(I zs%JgfAvH_)yf4scZN1zZGK^~ZW06pb{s(_-e2cr(sF!cSoScrXZF8p9X(0@djzHXv zcF_N9NOMl=c>%#6E8$!n6;2Y=4-&1iA3}8s{vL+ADyv4}p^@mfhG!)1(@wZ0wUB7I zdd7-jtsB7*AKsA+5D#x`n7=eP3d)3R3AbaIV)nTuEmxH>akgaJr}ZVm`|8e?om6FF zr5$AARR_aVzsuX>B&!})xjuIdSPXA|&ii5GG7dG1AA9P{L{H<5<99a&421@*E`}B_ zn2BOgFt`syK8<^N@IZI2gWHgB1h>jOIX()uF9h;fl*%<2#K8XD;=;+695|Mx>wwtnx__kc6ev4$p_G0}92>6VaOST?UPKpHbik zXqd$Fw@+|g%swo<2_rok&Ry(ce3>ltZO8WGf=k-xAID$G99Lg{fByX4i{5L?E5+8$ zf%~3R6N2vRN+)0U$uCa*arlxh18c3^Qp;Fxz31A(T~jDW?#VY{F4F1s!e7UP1|AN6RC z!9M>=ZOK*)r=d#P=flRR$#2iD34h-@59%nKf_-N1`$RXbXOXh9S6)qAVUe5Iat8!P zc^{K~GW4FIkcYPn$0g~_s#{2eJk*IRDnEkty-?JGjp03aovk*!znY+H(3h(G0+lZhlSG=lf@QIY|e z2_vtO@!g%VV&~bjo~QU1TZRiql8wcF*tTwND(9kw7bz{6f)Z0k5Ln)`>`RK5L3B$z z=`Im#!q1i#AxX@FCme1=+7EPU5s82gf&avqPlS9{! zbH)rk`TM>&`XMJq^P8rix}&S~?qpIRQn1^5f8ky9!eD(tmJCv>1scz0?ZcOw<1U$? zIh1_j)$3Y;%)t`p?GQWw#ar@%fP`7@lJAbIGjPn0-ZqC@9hbQeR|kN(%Swyk=1{;GMfOz!pW4{6W6o%vl+{^m-*l zR=CO`u_@7gSR{?LZP=^hQ%CzTg~n{1yty(`R=8F@-}y&1pfO_7FtIVf`yN^6w$G`z zQR&wBsA%8Pcx6kn<*tx+vd_GavhNbJT)-S;KIU>1a_Z5mFr^oAcC8ilU9>1l#!P9UXE|P3*K}~> zz9P$#Sah?GwZsYw_#TYl1xMD?aM#juq+aQyI(AP8r+r1n_;br-* zTR0cpS-R-2WZTv6mU_>hoA_A{#`tVTG56)4av#_3C3S7UI=n$L?1mY;w3>5UG0w)~ zVdUMD8#58^ls$f)g$vgbsc3{0Vw#-!HwdSEq%?;ceZ^H)A!gQYu?t1klyl$Q%X*B! z*AvkZUSuCM26^+AKb!C6@>l-2;cuA?$V&TsE^inVeAZE^AL~?`)HR3o9rwj3nI;WA zyiNxaZV)j~HdO1^6?V4b^n=RHU8$Dpoi4l=E&ZW9NeA=@&wHI}b1G}p@B)7{CX&?C4PNUo>zFhROrwlvOoi(`b^nwr`nAxuiGV`WTTT%tl9{D(Y=9b(w zVUqsH$Gu1>YHuz(+h+1v0jAoj&&MnFad8F1N#jl9r{d4!oMkkyS)4Ktd$C zVgn;B>srVDd+8O|jjQzB_)7tGgRVC;+{96=68i+z_KcEbQO9F5g2nMVyObYPVmZSe z?~9kRwAgr^<}fh5BjMNoQ3o4+P%#P!LsukBLTxA29U^>|_xPtX3uQ~%;)CyjI-g;! zovpjq9Nnn&lk{)=$Wn}*Dbe@(Blo^Ii(1(&n(hfqWgvk(i=@S4p=dAjZBl#%(0Xi{ zLc90ex4aI4z^58+EDy8OMJ&F8lPBy+Zod}i!X<`@o(qCW$lmPb5*vTae(*B6_!DSj z6c)D!(OlC{m}bPy6AhAr&cijV7h5UcA=Gd(WAJ9@sZ?v0Wb0xM-f9^*cT{-I)@G`x zCf6BeB?GJuJ_0BMiGtmhQv)8S^6YR}-#zqTM8{!T)2(vGTH%iye5+pFN4}IrwIrmm z_oWFI4GvwMPJF~v`PE?czq#rAam>QneD1UA zE?@ZfLw@@E)%>o}(0JGVp}s}+-7P=tCM*T7stiE<;~=r);j2{E02ldePU|Eh5L>zG2@C9NOyFV9dghF21u|ccvANxnIbjSR zfwHJ#GoPmZZ+PUr#QuZk$8lO?Yv_!~%A`O$k8l#3ppj_}qBk;5INP(1`sTseGQa_4 zZ#H$7pTs(Y+s}_Z`F#6)*<*uTRrHj0w_xIVh>-=}XL$U18WdKML$!759>f6)EfVP^OPh@zk< z?K}r_FEAveMF~!UK`K6juDk5Dsrz^7B%n!PzU8pRC5H#VP5Z0pb#`S+-+fM&l`=fu zbSqC}&7%FiXh0G~`4WOcARsOG=cwn)C$J+QNt!1#hV)?S4!SjYHplZ`g%Q>t8)Ur? zu!_*in}^xPy<>=J#czr$3!tyt@0t1V$f>Di)Yb2toSZnW53`=%S?Ci(hw8xhX1%uN zFAMF3g@up%qq_S?Lc4rRyDm$-61^t`DCk(>+L|@ye62y_9W^$1(_C`VIe${H78SJY zL`B&5o%V~Y+t#;F;l1i68FDTi5!IeBIfW^8l0Q?{Z zq@}TN2QW^=*7b`v58p-$CMk-Wz23)NBOa*Y>h0dzt<|gHn7V;wDDCUn@uB0Ux|%}Dx#hlq(e zi_QN8CJp(GbGKQl~_l95Z zPVtMYh>4fDx8g9x)#CpN5d~*`R`f4B174doLH_se{M>dR!_juWT&>KUu!dE>i~8mw zK0f|ee}ss>HfQ`I!0rYPe{$md zYr^GrA)&#_^-nLopw(>F>kP{)WZUy{d`Djg@hvP?c=$3eQj(fZF!hYXT>PG3zUeA{ zW_H%obIBL;_v+K4)@hX!b-FAHa7UO%R&@?SZ*#`8?r9Y6J~USYazX;0cNV$4M{P}qm>VtK%pjZ93{Tf#^!~F9f%d;~P;Z@6 zD<#89)zlug?1>#G2gldP`&ywy!wcGdv|pw-I4nl^`NZF@B~rx1$FE`Lndy9PYkT}2 zX{Rr8U{&j7t`x)*wTU;8M>oLn5)3j=O-MvVG+-L$k`fbPWs`fKn(umwwDr#znAXRA z>bu`>$H`x}JVkAt_XZ`CGGXX_W1vb_opx#Z3ch*wp}a2JrxKK?c~|@p4{}nr$M)@Y zXAyT5cpWl@rEa%KVq`}ZC6*h%|3so*S#vcNF{(-@K1rGKGK)7E$7fN zfAo#wSqIw|h6hWSR)Hbt@sD1&!7-W9swid(`K1Yv>sk00GSmIf~;|D%-C^_xo`!bI4{L$j+9pmar!v_1u063FpZd&~VK6Ai?De2x zZuV0+lalS#=uJmwADyv@l%@&Sk%`!5&udZ0AB$pbcTzciR^Em3ijJS@rJ}7;TvRse zh7!IUS=|+78xgruKeNTflY;fK=LLrZry%}uH{(SEP~GtR||;PA{Y3A%BV zXw`l%`Yv;8H;g&LrKR_PP-Y4_Jke%R?bu11Ob;GnBg%Ns7ARG_ouxOGEn!?asbsJa z`;&1Jpx1Jay!NwC(0Bl z0Yeu`GtZ^9Aw8Y`WSsRy>zCwu?prA?q~?_I}V9^ zYJhbgZ-(B|Sjs&Yo|-z^lsq`-922LxYQCP7-guk$c6n%0bPBRRd`t(Z7zBS*z%C%L z8b51FH$x-kj&?Limwi-)&I4Pxt3O+FyCw%jmQ9lIKZz4PG|gWV zuG&{;_Yw)k8h(ERsDv)Np6%V%M30w}}+njS|pp)|RpP3ol#955X zsd$IWUYodox8hSS1}A|w=Sz8$y2}58Ypyq_JBYl>L8SruM6yOOdJP{)e~f(diLPtA zqAsv0+|Q$i4s*E|)4Jc#l>IFhL^GP7Ggg?I0N(VUi|3j>4!H+fHR=TdW?tiwajj|r z22W(K3GZ%gOp7UYb(XzH=ouO*0qh>bV8Vj-(|MOC^L`E&;-E(rn1b96H~#$Hi(lY< z96yW09-HpKfY_Twtm6X2wX8vL8#Y}L{kGk`b4DEI*j%Bj*V~oSF)Gw&jjHhHEN4h5 zO#^DOTYb62!j8aZ&q3COf#*^)w{1KhO^64A^;@YP(E{Dxbt>B1Mob8d4CO(F!;ul% z{dVr$(e$NUG0wb>c2uF$!(m9*t9Lq*66AI7N^`A^B3P2X61wOA#u|N^pIDO@mRMd? zvJg_jrB&S-nox4xST<=O()ZQ2;?RR19D$u_$1a!lq04a^1@S z^k(GX04S$;pUDb&0Yeu_TNFD`MyBMw8OagfKNz=E0X2&wzb$)uhgj`o;R_hCKc*3U zO5hokVTDo@HC;t32cN3VxzLjq_BSO@IW*EV`kdP9H8?X-v?s<|)0&%;dQLtA+h98j z+JDYLl{CxlmtvZO_c&|PnQ@pgdJ*9vOvY9V$Q?*Rc55q_xTz-l0a=qQj34eyth}Wa zI~&jeq`yH*CzXP9eCh&0*$~K!u=%TYVsj4$4h#s&4EhdqDsjQw`jWY*Y1Z_9D7yd6D24BO5Zt^wC>$evZerxI`XtV&ew$#PF&XNimOOqTpdo7 zCFQ!T8Dm*}+c6h{2Nu2gVL6*FdMndvcr3&WfE(|F;}bzK2l9t%XJkYPE5Gof5p=*v z3tX#4?Eyk7Lux;H&Wr4_IuWS%rw~oZ%sCFQeaKnbKU37HsHCc;6^Q95j(>E@gtRbR zDndh8B{>JSTcN@k?~H-rrU)CBJ^R=OtM!_Td+gjYEq2dkaX%24@>odrxOq`VGW-M1 zln7oYVkD?e7yM_M(VR($xyQR3!!Yng|CQP!{;rPuWyK_neJ5g3ed$}jC7;xV9_9hC z82|_X3@uM?j&|4W8e#R%1(aM^S)izlTLnAD|5@wVz^z42S>TbzBNM$V3~Nh{Sh0M$LSE;dN_@Ua69z>?;*)@g=k}W+nBR;ibKrA+=+{F=iXWY4F^GxL$zc{COJg}o2edPSGm7f;h(f)0zCERBXXVt7I63j0_D1(GW7C86 z0|(T^Umnz5V+@e@4-R%_o`KRYtUmlnFRwN*!Vcd@1AGtfkYFwBn^g+aOr?euQR$)A zEg^L~hdXCzmYsFm(zUDMxsr*kTM}otO-)UY+Q9#@cdr*{`7Dh%_=)AW@#rFFBkCp)qFHbjXiQH#lEC-u2Z)>+2sQlCnF(WNfA70e;;!={j zys3J?uw4v1=CQkbd*_>QscwhJe6Sv3PCm*tTyQx&yOAd8h>u3QJgud- zibYGSe;-SR2!jg1rg z7d49%JXZ=g)-3~c07KY(+~P$+N z_CECK5*{+(istjF=-xLPw?@}JHB;bL(&@#WSk&Y;n&<&8m!XeVXoXF5AtOP)>l5ec0XYS8j^p1iV& zTo7AC!A2WP?IW!uS`UmWxI&JcvMm}TIik1@|4WHU$>TeHOY~rJ)T%Qxnd-&+&|_L_ zCG2siPp;juGo`HdR36Me^0CTFuR^qTHTt!7>PW7Lgw3T4W6+)(pMPs6dQ@aRQ%*ON z@0~_KL77VYVN4>3UNMfTkV94si%n-qA2SS<*XvoGXlsQ$XFzd;QbRq`O{hSLInbzd z$eSoHag}wS0*S(|3hf!bhc#Nm_vEf5#pz?_OVrDXVm3KuM%reEh0J*_(*6pEYnxO?w8~eTTEj``#lKF zDKpa4?g8>l>$&<$UB*_Ez!M|5gcB5~)rmcK>zLa0lMH!yBi?g*_KS7K!y%#2d%u;Jt;Qd|8D6m%NXPgp{u4X`kd8k7gGYw=|B**(6#n87{N9P_ zp8qV53_o?UF~QdiFSJ++e<+Ktd2$lTT;98>Q7{b%cTYb|Kh|xxB&Lyz_mTK8=5B{d zSz%QUO++ixuDnV4P7_=O&98{)`7OF=(#l9{;`_VJE7Vje`FysijIV2D4=GR4;^sk3 zj$M2aq_Aej=De(u#mB0Di7p^0C;~Lo+FLjQ`XmzTK&i9t#d?g-*yif9yR03g+#neN z-TyWn;ittq2U=+uHZ%_BCMHdg6Ibcv+Q4;aCJz;0C}nfbBBdD+8btrK97({S?y?*Z0>u8+bK`PX<1ECqm6Hm!Lj z!^7zSiPsj-dw_C#cO3T3LlF;b0H#ATV##EAs-fS-)~#l92EShqhr60qGFiRmaNlfG z8?wb{F0EM|F6$Qy6!x%+6(+Peaj|zu=V|(hZ*C0U+P&L7TThmvTOE}+TSq-BTy*eKY4N^(PVlGD@`Sc%!(vpu z`&!yb;HhB#etf2l!=w7D?JnDX5zRRM^5H{Xl&*@6mrHYu=MeE93P5o~F>4xZ9eHWb z$&l8Xw7KPW*4%Y|M4~zm8(A1W%OqGGTj5x<+!_g!_y{*B^)#`mA@VgudSJ9JF^rZ7 zm~p*>aX+N%&d8&vZZ5VrR=A)aa;+h7P02(-l*{UB7*w`{nGN zfm`YmA|@%@C>%|glitHXTxncg61|}hsji(K{94Zdui*yDZV~Ub;&)_2<)Ue_%GIVO zP2GU|`~_5%nVSow{8KYsS?z^**~$1Ay~R|Zxo6`Va}?lFWYxn!y}@E@kYE$drW)CP zXcCa#*%IE4vaMw>dPc=(uA|>}M_<1P5=-$&|K{gV!Ayqp>+`WW(&;}7q+Lay@b88c1P;}Z~r5ZCvomu`oT4X9p|1~=Cxd2tD2XrL4X7X^K zCwS96&1_I%bePsVpx6_)@RlSP)em_SH@vXt5f*M6AhzmKwT)k#LotJKTzq3$zWe5YQqS1{$ zxGNe8%MiXkWY3mJdi;xo2&(2L!nk~3ZQw<(}zOsA;S|?M@ zQYcyk<#0I{J8MWIe1CbRNyS`gkVk+$U2_d!CHXB$y~iS&xnl4^>OPUaMPEb8Wp7|t zF=L6V#Km<&Ivd`K7fnr4`~m{+OG}AzRZ<2yZBk*&6czky^@p>~pFX|V1Xp63(?khhSyicE@*YTn&WK#sO{u4a7Fh%_9>z1^> zN5S*(T~^ z*sf_?_`Id$sc?z6H>u$?`l;C7e$d`e#EFKQ>HmKAr6(->x+TW_x7~!>*ep#X9_-+| zK=pB};nZ;@#oc6Uw*DgqVs=>e_w!0ihfwWE{MFmPxP>?%UYlnnfXv|2#s)R5_lK*I z^4F6vU7irX69EbLzKHE(tTrA=$sj0d)VK?%>$r8{HH<`i{!MRj<&kS`N`!mf!6lr2 z%c)znn$|{w#;9rAnH1iR);N3>E(wXMKYDwN&QJEotGARqlZGF;V&HTzj zs^(5qe2<+I*7JLXxS7!FPO01N{wiJF?sL`2eBYONg@*uLdPIRKf_=I&aeL)4OWyB* z2K(3IW~R+(MI$00)_?iPc6Re5EsCiumY~J&j>YJTo?<3i%UL1+zS&)!X}2l+6D8J0 zmxd1?USN&rK9YDAVJPl(+ohrc;~DDS%ypw(uG8;mjbQcJsgh3$i{N%}vosO;Z{JGf+F zOjCED7JfSqWTq&88pwEJ{=q=jylO)wP|E3CwmB_qy}Ry~y4_iEqR}Q-j7~Nf#XH{P z)qL+Y2$u8Nv$A!?i7I#|FuJyz%8OQz=_oggZ3(t~%v4y1!e~cv=>Vo)Q!=^I(~iLh z|6m;>-Yt=|D5b(-8hbPO?S|1%IUY?n45MK>PK_4l<>mDocG`}W7#sW2_SNs*gJ0|# zI$TP(!p3z~lT&j8(0(sF=Sk+WDtEzrX`Kgof5 zMet&GPtV#YAWgaNTV+MO)5(UW_ihIZGAWiLDJ^X*8q)(s@_~S!gSB++XW%b9Z>oYb z6Z0V^HpMLJyicsNhX(0;qOvPrD7XvNG!&sWdcWEs*Ec$i#jh&N_&KL8+yuqdnKiIv zXfiSh8AqloAbN#a+-I$oe_D{&;X(qB0@>vDGM(k_W-df8mtKpusQ7=wD4y%^|1XTf zNl=P3ejcgiDl^r;s+pkP%O^Y?zwF|hVIDblrTs~DyUz3enf#pGTqsX20zr*&+IuFR zFt2jI#(&MRuxysgg;;=U-9fy!2whhM5_m31TM1&g#8pGxhl0UAcyfl=6+pCtZFARD zG@`)V4S*dBVR0PJqAKK+Vlb<5k&J^IMCWYqF#}W859#`>x{}1X6SqRFmXtJRaYqhC zv-RYwUp(A>yX2AkXj<)UnG6a(z4}QZ17Bs{!*6^OuOMS~JOXDXj00$gFA5wwdeHdR z9tSPcmh3lO`yx9kPO7W`hgumnuI`VtSRq(*%1h2EmX^6#oGeicpXo8bvAS^;EUH06 zuljKq?Ei@0Jf=qt(g72h7_k{|P!7h`OZ@aMd0{X@ZnF51Y1>$hOX8-mIlAyI;q*G0ov9M0sQsz8!Iu zV8~&YN*J(k%}Trf&;BpXjx!V_X|#(2M({khGfp=BBy}v>q_W;;D3V0}CcMONRt)t{ z2bCmi#!_HXX$`6uKS&%Ja*QbXScCCgfWZ(vuB+J5M@O?3Rq{P)i*Awd~*1b*}HMA zn^BfNv>lfHhyUZ~aqDv-Bmn@e7h;>qqvqVjDAy~egC-J&(Yct5iMZE6digHl*>3!g z&@Szg^-TREpkq+dhA zWP}C+gR>@t!p(^A3%mRwo^iw%dRcY1Nh{i~i!7a%u)r9t&bz<;a(VsCyD-mq>!(@~ zHvMJt^4x#oE*XWE!a9NSjr>Qzu|UE2Z-C<>_WuWPaMG}z>Z}JE=Zh>2#4LM^!k7=WCiz>b|H~lvnke0(f4bwtL@^K zkYQcgt~8}y*^{_;pvH+)+JoJO%x-71AM9_!^rk!uB zeB9m9^mgha+vy*p8;q`tgOw|fMnXgWc>2RSO!kK)nSz}B6E58uA(8mr{f6T(hp!E% zo6RZivmy0fhu=19w_4MNFGpIXlmW$?{@Yk}*TA4DnasfBYDI;M$95Br3_Y>kB;qE^ z#oE}>w7BHw6(Z{9voq?^V%;E4fPGW_>6R+07iItFjwbgvQB&Yr+N=Yqg&eu7>?Sh& zXqCGAxW6_>SZp_CQ*?Lt8e7Poivs-jQDdfa4cu$?YHj@#vPueXPyDVlb9zcLjff}k zR>bva5EUpD3{-4TJOFd4ujXqlsdi?;!PB?OVsuun=?Cg}){c44%bR{=s%f;boUiC3 zSVITsPWqxmkC(cP3vxvk>SDSJ+hFucw9|u#cHtovQSqP3NCH1>mY#R8ODzs9B?ueA zq%vHhVH;u+$ZXAiq;cF93+la03wzrCv@Ejs|4tUMPqfY{cygF!M-_CkIxxD5f1>f; zrf6tM+*}FM-}!fX$dcLu`#)htfuu#@;nI^5(#qcv6!fUB!+ce-uBxi)dv4yb68+}S zXJV;dYn=S&OO0RqO-sKnL`b%d6l#ySVr!S^HDxQ&U8=~A1t0iK3`hoe3#G#JVI|Wq z^I(ZQQ0nsmLiK?n8B{Rx#s28pQw0MwfhA?Zw@G+jk=%!h&N^yZnW7q%CD}jRS=#dd z33nD}qP1tC-S@|6E6HSs2L*((tzLttc7(SvexyR1e$o6+eY2uu-9MTFs;xP zGAB|YF1C)v9e76CoUZSoR`Ojf?L#V(xpYS{!!CCOuN!$#DOm=Tg)2yPK`g|d_U#ut ze00bZ+Et$!T2QYpL)#qO`Jl3tBpY{PpeTXW@kl?d?s()u^j4p#e!bA)LYijh;ZP0t zzIFm8*r$~76*?l%E|Otywa3=Yx{^q}se~4m94K$My<+xWcaei*byH(#Xh~m+2>>Ql>od^6$%Q*}uA=M|mvXi%CA=>37 zo6GZckHbvtR#YpC#-@!5Tt#1IGS6TFsFV-7FylJB2j@3Wdt|+vjQrstt2_HwyhI|e zVUBg_2@+c-(vYJ~6r-quLz%#1i?W7~@0dH@YCCOqGkiw6-|EYMnJzIg9k+(J5*_Q? z@f~HYNr891U{o@m><7;X*5N6DthV=RK;1uLCDfQ$$?g6LEQDL0h)jlKekG2n)u#N` z1t(yacn>f>!}%TZ7-B8bN7U4b8Q&I;ZA=5+AsXx_TySu2$QG~hS6-b#$%nh5VJWLB z{*!VmP_Ezg9KEa)ggB`>83u&Sb0MAv6(L6MZX5;0pJKwMu|*iWRjt;4SJ&YEQ`Z<6 zehnT>t{W({dn$*17$w!q#-BCptAUgQnk(g^o~JgXeYv8!dza(li5O)TU-bLGV?-OfRaI@g zLZmjCqA-O})&936i#LlvIC!>LmLAAqA#TPJsqUl7gnUl%Q8|1^S$~szO zJ2Kj2g}UalXPU2gGJ96#xw{RlMXs}5de<=m(iA2EP+)cetp=jZG4`S&b#o<#XFh!> zg|f-nhBf({S$_m|+A%8tFqGfXESp5+&eEQCuUUU=dx!NCA?7i&!`-L4+LIL0X_il> z<4;oW+kA$wu}P~e~%`@0J3JA(S|G=c?w=2R0^ zRvp*^j~on`bzRwgfbw%#_qJvoiN^q2jyT;7@$7<~|b{jc=M|A8QALjUswA&3p_ z?Co7VeMq@4EI!fGWS%B9XWDu=WHb|-mlu#nat|f*^&m;lFzuMR|9`q($21gc! zWDDJ%ka7DA47;3jYGKmf6CXkeji_3Uy8oSoaa-&i|MaU#y=yePi|V-ASse`vCM^DH zT2NCpaC^IYxXc~*n~E*{94!7{s@~Y9>edepqm~LtifL34BkNzJbEFV)aQ~Mm!vFt{BG%d<@Kp2Hl4PtHml_A}OO@jWlmhKduw*3iITl@)I{p`% zo{J&{fMGlfT$*PlC+c{cnN%}6&_LYo!SZLiL0uk}aCY`(&>$kopZ#Zjgz+?633L_y4Hv>*x&F;()nfG9 z%rtOI?Ss*OobxaWKNCAHGi}?hNIR$2mS}jxy?IPedvYTEdq>K-{ty{{stj_k_^`0B zj=uWO&A$(#{Q_v*A((cb^ZAJG6)kh$GMM%`oH>d<@f;o-Tf=A@IIh2||Ic0Q3Fyyw z+(vG0ghUeKFXS0t0h0vhzet`_rq!;<9i6>2O-M^?#v~g*Eah;1bpIi4GXtw9`17sr zU^31NUzLINAy~MZEpeQ>dwr%M$H&;-M+5j0ANlMTUdEt!}5=)yIF_7F8m%Q(_x*P`!muJ z&5TheWdAwk-X>R#xCI7u@1C29$5@%)1Rw7Gk4h8%wErz>f~0-zFKL34uSWwD=!mgj zc=j{VA(i$=qQlObq!_b0&cD_q^lZGbfdC@xQmPYgNgX04uvFG;?s^4M%xgs4Kg#y0 zz0>s%))TRLcrtbW`ip*dd3m{;r<1hbK?~3pL{r>yb?)m40GBN=b+qmv_BcX2bLpJWvlAuyj;rgiBK?%@!_#x>TW6_0XtqsOeUV%rdc~Wr&t#0j zOB`dUvlo56!YvUYJ=HxYtiH9N9N*<75yC6&1R!5o^u6Aq{&@ zTVhaR>ggG^f%rAC-4#%#QBYZ)gxs$IbtueBioGu4_FmkH#f{8u+Sp*(PSSHY<(s|_ zi$+10=@^&M*BZpsa5PK**zoJcRat}}=a0h*ay!xC@SJ$ucLvJ8CLyibr#F_9n=#`A zg$hr+={bb6tRmU{XMmqKFU(SxC5uP-x{4r-yg#n)&6|srYxf-5vbyYE?@iDWjta`> zvq+Kw3s1UT*>~Tce_h`d>U~<@w--l;Srp4l$!_69=eZj-q^(3Q)wNsQ+BKyqviUHn zk&{I?dW~6Qr~uFW=n;7OD#ugYB;f>IZDgyhl*hXXRdN%AZf!@T3P16tn|%trlKSmYRgc; znTrrhlw7Hx5(@Y|uJZdG$NSfJe9s>oH^;%VF7Erh&ug4l8w_P~upw(8w35PO7Zo_; zX2u&-`ep_I%Bjlk^(y22B4_ot@Y7FW&p)u4c27%%@EYFraw##T87y|;n|^wieJ!-2 z)~A-O>*}_%poXR>wNP{$_f)JJ=hFCr7}0tA*ogIy6Q)O6)oC$Mol@|b6RlKQ_lj0J z!|aJ9adU``N_xx;RiIRnC%$8*DHC?Nm;?)*%CLoaAly%5t9&12a>gn;qkcZ%u;bGx znqN5^GI#@fAqm&CPS5605*QmkkCtqjxr$BHPM(l&?XsvaLt+y;ouS!K_jWbHydhX@ z>EVNj77=_T|5TxRu{_~GPa!pY8q{&e#NNsMXGl@}TZ`F^U2{qkg0>+`*nyaoA8j9G zCvsA<3%qdX%?SYO_@g-aHsu)8I>Iu}KvhW?9qhI*L-yNlJ!g_JOfzQOB9m~g@A&*{ zee_WQi^W6n6$}$b#paix?F!k@dienHlG*Se8PAXv`Y|%@@jb8A^dPsi{aZYkp(c${ zkCnSyy#@j&tYW9!{!0uahg1%ay_%* zUGeN|;);=CxK29y48y_g>lKyeoWrZMvdnHKHn0cE?y}egfJ3rv>zqT9BNUWU9(Ok& zC{I%ZDsSmc73A-}Sr>A8-CSbh!I7iiLM!PTpCK@W2T|%6L~p#po7~X|eA@xg%mg~Y z*NC_o(1YkEG+41q*6`@y9Ii3xt%ixSYxN{|d|LiNMrXHq@V8EOy6d}f{!E`!_xU#e zAubA~U`XvXJUl-)&K{1_aifLHL;a7NxdZA zp%9WvKt**k86OzIYf9IVk z`~6K{%5Biowr+BxI`|#Sn#fIg9Db5KyAxaBCrU)1m&&E?Hr7BS8hDTP5CV-%Ruxtu z4sg^7&o}i&%&**iI5Rmh6g?vBLXV}9e$V!Yp-zgy&k8RvEY;X!U&Sg`8Nwh01g3oB zZSRmGO-LM+AB@Scaq~{R<0FpQ+N|iZ4TS2Et{S<`rLL(!w{QGGc;WYR@*LKgZV~Pr zE^#VV&YyAX<9wx(T5XZWJshXsqt6wd>Jqa@>2qNrMWZ17zLEwC1M*~^%GRuDPoTIL zlQJG=xAJftvLN)4ce$9ri#55lB11H1WEz_8A^>si zn%$hdTCQh&6usB;e|(~S%kH|d)l;=)SZD;|2>fEGZzcyhS1%+e53{HE>RpU?B7W4H zI+QT_G<%ME(-9rI7fW{)k)2k+qxKSw9T7M3kSRm#Z#-e(>L9exfp3H?qvzGcYK?aG zVo+f1gyNo58#0=sUYz7q*`V5vG+&r14!_wr2j)7ja~M4SqEPC*P$X6VHEVKqs<8h{ z?cbH0fbXIn@w@`hW`z5wMAy27i2O5&GbgWHQS2R8S6PR>l8t(VKhsb$e_ebi>tgZx z$=4o?yx0ayoW&66X!ml$JZDf?f$o<2&IC}|(Xrhoaz4a6F9#yXFYxErK7Vuz0;L*H9m1eY?EK)rMEAA`G zo)bNro$v#+2!Q69ynczB^mz{e34_lu6PXte#)p1Qz5Tp5StssyI)S9Pwja%DU7GrA6~h&1QrpkBx}P}*GV z^Ihsdgb0MSC^nl;~9BY89fpj%+_g-QJwIh zAzb@4auPilhS$SLa&0A5QW->X<3Y1ThHuGRB*XgbJOgW$E&zw(JO}FK`(#o+_RjMRu%k}WDH{Gq* z?KCde&AeaWAXSyeQvuQ4`>!WoVz8F>E~a$U{M^&OEHi@RG)f^BUmh{6X8{@Um3~E+y)bj34i%N=l!i zxN6Rw1cm10nzerolso#&OaW=a4rqlIWvjvB%<`f({}lj}HHYL-O+HN7rz1NYDt-Tf zY1VzoN^2Uf5n9KuxW@y3LWXX+=8CFw9HzA$RBlrA(w>46<(R#Gj~DHdum2lN6aOo; zu_az!|5DN$L#)WC%#Z0Sf+GNRUR(pZU%S8XyK>DX#l8i=i;j-G|4HHC!*x#o;!7;| zE0&Mt#q`(h5KCDE8IN+H!=1Q{jLfp1NGK{QM%VPl$<&tz4m?-{MZf^Jsxp+6mu5`F zavj(I$N1kf$MX9AAJndfhy*BaCYd3SJVy+qRQMC-T_)3y?#sL`)3Zj0{JQVNZPO?Q zFnr-?vU;~HPV#T#GdkkCW(BL5kizJsd0&sK62mlGczKoM!Few{BK4WGgW=p*j{!js zTbY`>H+T4Tp%X_OQoyZqEO{VnVEYct-FgDjbR&{xjAewW-m zCi$0hFUgEyvR0QY#!qao?x$U#m1mE=hom-6e3A-yGfrb4$AG8Ge-7<^f}W7&c9lsb zybZIJ(hD5_UeY1_(T(r1KH#aZ-|{y4NuS_|;v|0*D;CieEc*K$NRE#l#G-BCj#G#v1kmlXRCp0Jw@vCeBPJM1nQVmi~b>yi)NFs;KN|&>db2pWv5z; zb&1yzkITR!P_W5#)}DO<8&3(xHW&r}3g;4{e0a~o&x39Bnm4Ay{^E+BSOuf3f`^Ke zO3SR;)mt{GMDcPh?Q?{u^r7dGvqF!sK3lwtjs|C1K+WJld8830GTbU$0a3oPo;ll^ zmEw7`^Y$XTNUD$l17fSh2Cp&?0Y#pQgN4I)1EwFj zU(-`I(}#I{6gktn+u_ch#)tAQjxRpEY;fiZ|NJX``wK3_uisoTs#P&qvA^<{3h2Zg z%Yap7qXGCs_a~`!>*;@YYS42*Aqr}W_kZ@O;#Vf`Q=OpmSk&@Pi;2*~}!PNxFT zzWwzxlRLH9EW7=^J%aaDsvX&BAU;~;HoPnMTH*~hTD4N2itV%QxQnM5PadlwAM;-1 zVECi5|IuW#VxYrytI-zrswCHF35(Q5-t_^SfTLZ=4j0_cmM_P7Yl_1?t%$1!f+mwy ze2+ZVnUU%(!W>{kZkA`D4$W?&pP%IK7|)wqZ$TRa<5=sizu2#s0g?~x2sSg1`+W8GiJVxa7LuAIxpV?q}ZU8ME2x-a;U=nEfiCT0mS#4l1xGJL{txPI69WJM literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-76.png b/windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-76.png new file mode 100644 index 0000000000000000000000000000000000000000..7f222a32c7bd4558bb27a151ff8efec8e25c9dc2 GIT binary patch literal 29339 zcmeFZcT^MqzV{0%pd$FQfq;sLfQk^MN(bp3=`94LccmI21RIESklsX^^iF`#1d)=^ znrEW zO+j%+fP#XO{VX-`n{KLSWZ*wacWuR|6vaI^7JxfvY-QACC@9JzXb&u?fcxiOC>gm^ zP|$xr{-KQJre~p`aC@XIC!_nyjDT}~abpxZwNG>Ro3If*Pt=zi+8l|e&ctBW7rVGc z1Bh(O!Cxr*8>eW#RTa~Xe3}7 z>1k<_?t2UFJ-U_E)jhpvbO-!s^$1*^DhV?VzaesGaIk{d!48SlE70#eIH)fKBlJf~ zz+45Rg^x?rQKXGIYpWT(yh79azB?d2?=Fw$^uXhBPCXapUn)^F6rasw z8ng{0I8!%Z+N%uT{J8WyI=6!@?74S99O0ktHI}EpU6{%-0KsVKRqGV)+Z7;@}McCz&?`ngAmw1irEuVQd%ucP7XD-4XYZ zqc;*kr+aov@m=xlTB<(2p5z#ik+2oWKnAK?| z8=qA40nYI?O>1n75ABQc-fZzL8A)0P#uqCLoI5|?*Lw=?Y4(cjpc8euH_;lk|0i=8Gc zuU{|i7(xp26=VMO94b0m3IL5EonbaVF9(Hbr0IbDx0@qOzZiJO$bKHrb;wQ`N`ENLIo zP?qI;gkcZ*Vw`AUO^B zD_?BZ;1HBD?^sb$v7KQbEwz+{lJE7cKt5k0QZK|`vM<^8tgXNi>bEwd!gZmf%1S#% z^#;df;!Ty3k|iJTlSAzKF4E68Y7I@ujVIkXgmy(EHJjD%PM^YMzJ4p030MBrvXKy3 z7WHmOH_`KlV)h8*LSepgN5{{1`vu=U5HY3G-B$ytRWE*tzqV6W6(SyS5SJ zT+f%gQ>KL#6XociaCS(~veJw{pk$tk)2~uYa@e=N4JBInAsl^MmKtKo;lkQ;Ui!%9 zqU3`W&Fs!jex8-uWUNM+Dm#|toBag{bkWC`9V66PUPt)uq$58YmD>>itjF*?TKJ38 zGv|&?^7}$Z2=Bq}TzL)XWxSsR6<$vM67zOZoSBpeN-k3<@x_@}g#H9= z`z$20ezFP5c$is^^Sp8^bgw1&FK<>s%p?SR*O%`U>(;=} z<)(YSGHS{dBb0xsH(|RIW0r|h_XdW!2S)5Mf91uX3I+Q>-Kk@;7F*A&jp>Csg3>sG z}mvOiI`*~dqY88?AVE(5=>x z6ykX*=@!B^LhM{cWpM*(*Efkm5wF^tUcG09PzYXMmzGm1h-Xl+=d?*RoH|TLJ&QY0%19HwvA5F zG|0w&KT>Gdt3F>55f?Li4al-?m9p)|hb&jO5fvQ;+U6PG4#6i*jg6xfh?t~8%}mnc z@Ap&-VW+y(^suD{3xf0s8*K(g^mJEmzEC=cZbeRKZ|J;w-F;_hr&F%?tH4ipzw}U! z^Ygp51DtbfiOV=!UVVD12#AXYeO15CgrAX}^^__LPmg2{3vrlmj_E=NqLCeU^W|5p zUm4!?1?Ab&y~PxojVv7 z8T(4{ss$pJ&1qs#+&XM5rz>8uaNF$XP1zX9v9+GFoZq{J>zp#2JL(DQxjx9DZDA|i z;e|098E<*nKnSCcALaO?DCZwvhE*rcpJI>|4i`*%uf7B`8*#-UfaBY+Gr`U3zZqp( z=O=O#oiNf~SZLNTBB`&Z@AEBmYsvc18PO@a(Uj9)iHh^j%i>&0j!b(`?{>W_5h(y;r6|!g+%qH2QL4 z{XLPPp_QthXrqEw)Q$Rx+7@P_Bu3DP9z`qLFmTP|8`bT2I=S5-A3@}HfbUQ2vgm5} z*9P}&i7bWW?W@-xUg#R+nyfWZ6U&~jR!=McQQj=BX6g4NRx+!R+xW3{@>Lz{xw$Tw z()QSDut)rAfb$PrdrEJvEcTk=j}~kwt^OpN1V`%a%B!Aa;uYq;pX*cfq}`eJ*_YZm z(Uf!>2@R55v5q4cHm(A0ZtJbZ;c_pWu@S;0mC&7GFF<%RrhJyaz1C}M|I4$sr0X$J z7{YT<&@y8XnAy3k>(oPASyAIB_Da-yG2VjR(3qqPl}a+upDRd85(a6$fXv1bE=wiw z4c(!8Z@Rp6^ASsB-wLYnJcP@kfDm<#a6hAeMb{fbhu&1J(5KF;R4`0z-7dSQH!zYI zxlNr6ea&dvTy$?teH5%!x4QkA7oq2yBuDS9y7NoU1#|&FE83yV5@l(e7l3Ol8%7~gIR*ASo=v9SiL zPIMnxo<{R3K5;Ir6<=P=zV$IX=c2Ea9@DuB$A)}?>|IHWVar_ranz=ddDu5(U4rh(ry?^5pUz%#PL>p= z35>H&A1m05e3xJyrmJ@A8E_ptDhtsuu$ePa8gt-yJiArdhb(w4^WG_s?e;{U^r|7l zp1&MS682HFk;3JCjym*Srb(PZ?^S=Wu^J3~>w&R}$y}9fn|rT>ZKjHUu4Z~1yJGlH z3(g2}qMlKeLo8U)*QyYL)X*<6vgD$bfRpR#Y;^UDKQ;L7bb-BbcsGg{?o82fbuSkT zwIV-Xg;G$Q&yi)!Z_lcjkrnGor2ZzD5D79gqkaOs{9~aODF9+PFwiU+9_x^w703r-CGbXof?_5?}_iqZ=Un()O(;$nV1JgwbV`lfbICHCMf zX&iWby$=>=6H?so+ex#p_EtLt{Kig_tNk{TCnI}{n$-QtBfWT6@}BFmZ2A%(OnsE? zQ_t(!WUeM^@u)`hDzl#Sg=M zPh3QE*hVMBzg5CyV&y;>zM7U{eq`-?5b$Gnx2FD8wy}buBK~k^5`kJlu1YH3y^8@K-&~yhL_wbYaff3vC)qFd{?=;azik{ZA3x#G$V!IbjN@R)d|)~fq7&6}w- z&cb_PP9ppxG%nV)gouv4+vy;e=-@BCpdMVy!@=t5HjVtD7 zJq+&fKB@w)y*x3=LeyC(UakQ2c2Jr-p?_U!0!_1%tzG+m$>~W!4Dt_n{>z5$?lTK{^|c6mqt&bH?PgCS{s{Q^#_9 zRL#Yt$!z9;D$)IQ=nT94N=0w|DEg?*Z)NB{a3wr-&zmt@YAirpgyYJJeHWt?NHaxb z>A~`S`~8xfQ%51H+u4<+_;9IG!ViLVkIeLY z&EK5|+@fZMesS@qTGe=`<`!yDF}R{t?fYT<(l~J10^V_>qGDn#W@FAdX{NVMVdKui z+olq*_hygl_GBQzWygBdvwafx$Q(=&!ZrPL954vM&j_i{>es|aI!-6&%tocf!ly4<8yN9rRi=r5z@5REw)mvFJR}9|;*C_^L$tzP9 zjwkkj)62DMJg6D42jZXn)pxolhef^Z8>SYNGu88}VLEXk0j zxUqUjvzIgnn%WgUb{hg3EM;99LZ`ZggESJVb6!vhTqQVcOKP$W-W*%NkmD# zz~&u|#N&JAv8EG~3xwHD_S{0oY#CJi4Tq@phG?F8!gbK(e7QA3N@w2@lN|l{#-pqT zQlA28B@yBaO;)U*hSax2fCAd4sWKxP2}@CBmSOcvJ%@2$&E?b%;g^I2L^kR#)+x}F z(+unP?DO7J3mmT#iHT{CS34a*T91Y2%q}JFZ7K4360I~SGJm_LR{)Nl^XR(F5o3$T zEX}v09mY|mDpIs2csWI!9oKGvI-QK06tSoLWb9BlHBZQqStxjT_-x@h)$A|a`oQB4 z!);zz-z9eFCYNJYuizWjC;SAn58twic1tGStKwF8W}o9TcP($j>=}7+k#M|sP8P@Q zNpk!k?ou)2xbv^2;M~6A65u>3ClXGEsdGrUu6r? zOAgCd;&L?$-Gv3ArQ4!w{DeHKNIjJOBKl^YkI3z?xH+}D1Fy5mI|7Pf88!SK2)S0<3-AOaf2cKdRo086e75k03ZL;Ul;;loP($GnyRV_b zc4^q{1?6Ooj)1&+F11_l*Etso2F_tB2jGhuc^Hq}`pXrx7KVw_tEz^w6N*Sq6k%Yq zk8|N{-PEZ_6!o3@UruSNF41N?rQX|~{>g&dJ+a%7`Q)~?Q*YnPK=)?EytjS>M`{g( z*NoXXCx4$aEH<~W?BSz}VkB!mm=esO@_CmH^HI)1ay<7A>jy?VC2tb_Pn&TVn&c-c z5BSlLjH|81me8fb1AAqzvpn*tO$Wfm-D^^a%>Y=@NIWK4zc&)2GI)-*Co%2$SXXb= z@5THG&jR&Kdq%Xz(*%*8D$5`cGnM&EiB0GvIICB6I(!D)9q`p7;|;MC=Y5)3<^65I zTeWFN3@`-5K86MEndef1`esPb{sX_%uLLv~(N6bbsID=4A)0n9{)W!L_Vj(y3S#Bz z{oOaTHP<+h3w5+AqdjLA-NX*IIihHUyLN7=Y3#*$N=*ABId$3{ljP2V}NvV*F)R z6-VX$kZ#hxJ`AI+x^>qbdbVI@0kc?9OiX!hHxAl()YRD7ux) zkA^&*D>>)lJzsM3kMb9@`y>7LlE&|s*kRxe7&4!VS%!Tjs{Ggm02eDHD_7e?$E@eX zKB(OI%V1MPU$v!IG{XbVy(AoSjqC6BDE6(tI^$D+1$E z#Jn}g*yIi3M*5LyV<`}B?5@csN_ncxf*{o;ODRmEXgOaSApeGtQSkdmJ4eshyvJV# zH58nive|$#9kdD(+iA~VJ_+`}dCa%y6l5d+;SoxkDK^}i*QxmYi1CvzdI$cfY@RT@ zVNUrrq+0Q)E0~&7Kzbe7w2yR~?YdUGo7{BYJwoz9L1S6FBus^7(A&CF`#n7zO%RYekg7tx}Y24Pp zdYfo%1jRaUzdR&zBuc=|W&xYhWe}LXN6X^Gtez}%mq)a^ZO4wu4Mb`9gEJe!+Y1#N zx^s=pxVid~!F|N`#4B8=%0d{7irL2-3Bj7(u6^$F?3Lb%%$`p(^qDoF2KZVTaqt)!@>OA8xhlH6OwJ*PnZd^hA#x8e0gQGul#bkI!&AN{)NF@KK0OQw-aYG6z)#Va?8 zt4%xCKQ_|5pz;NleryURZu2Enh~IT}K0{r+8ed}i!0$*fp}z{&66lE^ZnCQhPr+<%ceRob^#CQR< z6`2Z7T`mtep++7Gyi5}}^E`!Cz~B1>0E z;b8wm0>YVDo%Zwi|JMz|wd$jPtqySUFaBN~6mY0nxDAZeC$pad^nbD09;Z)M^?zv& z#+^LMyW4!l*)`$2zC;HiN#ZCz1!crF!ET~s8xiV7a(FiNqX>ZtJzU5>sd5Y zqR4(Q+N|dGCOHt&}&QE#@WLN`JG=m;R=#7r&rt9Y2+xI^?58r!%#Y5)!JOdg@OVelXYz z+1;eqW?ZBCJqd@UU5{C@!hJHGj29|IXJg_CH&dhSR=0;?ooT$!D48j=|Je{!@>fdy z+M4L9;g1tVRQOWVq?z%;9;j=i*}v=sAFUxhA}%8iC;n~&fR=!Nhpn{GMND>KR6xwt zP>nBr(~Eth<9-3JYotF@)V4!~_;gr!X0soAR~(MKx$5e3^mL>O#OQyp(Y5Qhhp;9; znB6^PD4rwnB&q&2!-&vBea~bMPK-6=XJ^W@-WfCYAeiREul~kA?r>4*@u&MQQt=g= zRecK~EsbWkGzbX`T9XqiE`lY6`KQe~XB*AkCh9LS;rx|m=l1_*1M;yPkH6y9(5+si zZG(ZaV_}+4Db{yygXs`f72@%aE`aTjyG|e0o;GxIl;S7 z;v6l(bo1$AcG(#G+4h?oaeub~?$KZ}jeMPtJVrD*TguZdv5I;xyS74|PZQLTP!!jy z-kD+B$#x0QSxZ5H1%Rciy7Jkr>|E4&Ovrnz!wQ^cFi)^y61sYbt)j{wS^e=r!I(yT z2OA>wxY)4Oo^uh_1l(0oyd)3A?W_FEljyZ-%X+^|6mV442qnTjAh@slR};*Yw`LQw zmsWQfOV*}o&DURjo9Be%!N035V341EGw2P;d1jGa-{ z0irDpoH1(bcYP+ETc=>a>a!yq0Z`?Ee5+T~E~-toVc`h^p`Rflv&-cqvFMt$ICJ0!IJ z{5nGz zzy3h7uosB+e%fCAQ0@nLj!}PhcmMK8u)We#bLx$q|bVClK88qKEJj!EMYn4BC#tb( zPhJBKyZXnxqz!kxMf0Q~i{xYG_Uz>fef-NX&7cm=bnF*!s9KIPrkvBYmd zJIIceV#7Ft)BJ}6h1X)FoDCBh%RwUfSw;M81UjLZQ=pmvlV|10#mLVdgwX$+Xy5y} znt}r&gw7N54^6Lxy!+p${K@}K%1;ZV{P$AmZR5~sx)#7$z(2_tTM)O#8M2ZtHe9URvxxc=@nb@g&$TG2}EW<4{I_H4TX5w(ECeJ*re60m3!JzXD1 zgswm{>c`R)S^lZyfj}RXT7hZPqi*63*Cc=EFV^Rj$X2Vc8Ni^BaZphZ#ufoaO;d!#i6;u+^@hz=w%jHvF4z=lqR;+ zFo*E!?;(GfsokNjW2%nVbgHg@2 z%94_U-;9JuR|tuKExtAzM)Elv#fOWnl$M;X8M~mYimUN>Xjl9}dxnzYUIIP%>#dlc z=!=AVw#;Wn&09{LMx!X(8Jl^2P}_Vt#jNs{x#VE^8VSF@ii#^T!54>lW72K(L@B@a zBxba#Roec@Y&yL64d8A9td-zQeSG`n3c z_{U9I>C-2|^;7CkS&bj1 z?Z*CrinKI{)B*wt>#Z5AT`5N7=2Y(v=T(i4k2+NDlavH&X0*#mpP ztriF=ITDrmQz?|%5jD=|OYjRMM13{oNZ;>|upTZU8|j-SM=t`={<7sEI60g6_TtQT zJp8VhzV1&?!9N=|KR*sR|K_iB8@KBU6B46pdyBi4@u+el;0~tu@Tz>i;jTe*Tq z_L_?xA`UMZvCi<1aeKb7hY5wsw}JxxUK6;{?c2?Oa4C0y;D~ zPv3`gmJrDR+Z;x=QN)#<%Ukf6BgjRB3RywwlWEDv{7&B$4EW&U2LWG@s0Av<51Q}; z`^vIB?fNIVeMy6t$tv|SR*!6ry~ePExJfPLWP47W0|o-*;{GLKM6J zdmrHFPLCWf`MlpHn4c&K?8RT@6^}T_#GTKyDM0E?6W1NuevjyCpUFd=DEawpQ;C%i~k_E8@_I~ z{AT(Ey-+2P)pYl~)!Q?9w1LXdUoY0dwXHixKN6P-(PRwgSj?r(lK3AsNAhE|ZieNf z0Azz@nnf#nkyx)TEMBu;a*87lby|-w&&SX92z81#Z2qBakc?a>l#OfT4>9kheN&$p z8TTf5!bf|}u*AKNS=@5LQp*VNb37f*Y9g;Dk-bg61-dW79LkSKe#HK~e8Ljerx|Qk366|ra4>J*P zgT=A2$)(bA$SZpjcKUyb)mwpBy1yEugsL-Kb_CZO>CE6^Fa(pVxCTHs57R;| zMm5~`R`-6)rqngP*cuQ{h}>Q&WNsbd?;q`W?P+C|YB&MF6gxQY^c2bc;Ertq@S#pW zZ}Zigye8ElrU@I}o>((kk1YWf8HQ%{@1}(pa~`081o_(=VxResW7Osny5m+{l!Ozz zlFvZS|F5w-$U*D5ble+Hw>cDJD?K^08ot?RPf;0oO)>pU+th7)A7q? zK{6#}jVB~|={A?MT$(+!2N(R9DG$e6U023f<7Ho23Y-X0Udj_w6~|8NF)B&%KGECB;VHJr#r>_!C&a;G0vg1zw$E7 zeFlpmNvdxB4virCg~-d0-iH7e;ult*vb02X{-WK`P)GaGY7+u5-r!^~i-|2IQM5(rU5fIKj!OqOm&P(1*Yxx>AGxQd{)oKqwm5Vj z>2w@>r<2u|{+W7HeBNBX@${hU+=Ie;joUs-D*7h(gXOxUKO34q2D(^}o(m`M%Kuq>jk)&y@9{Ms zd{T0){-#6J`6JprZ}||BrHXev294r@#sk=brPNB)!(>VG+Vfpv4zQ-LZcG{Y#{(t9 z|Kt2xdu?$My)iNwj>Zb1x&IE$U$m>|cbP*Q?(~S=F_4NG0~n#bagjtx7^aBLjWF6& z9g!EqWxbslVYP+LJdT@mxh1Y_cqxVa$1IyG8{w$yBf9y{>sth6l+CI%2Q>d!(zQ84uIoNq_(*9>2cyeq_$DLz`p`6?>sQu=AqRVlu4q# zR+T6?KkYMM3Emql+;imQZ<4&vZ`;#>9@DhiZlS96CzYdnyT?3>AtbfgoLv0gaDf*I zy}ybT=uGzvo0T6hF|J$+pCEOUv86b|1Jlu)aPQUt&*PP!_GJV${pBz+$9vjd%cnmS zE^AvhGIF*nW_$TonYi$-IsU86-lU4=jevnJTMncaCPy#r{~=t;8!~k+6L5`nps_)Y zJJP3{Q#}4naIY5qQ*bZf2XY5yW)c~8#=)?#yu5yI}Qr%;R4 z`~crlvEg0SbCdZ}w4#QQC-m(m>O-YLGM>rR;|A3%%QHaKD`;6tqu-dihbb}vr zgH1de29JTb;rC<0xBeNr%F=3!vV3e7e?RYji^goI59bcE$g=NqnZJ?oNu*63P~^+4 zd^)pZEa=)wRV^?Y)0+aDC)P5pj%vEqf)Y}MUF8%ItkEQrq<6;55%xypqL=ao2gJ>d z(qkgt!^@Z=JI4+-Q``1ZhC9bBcb?rFRkf@*`m#(V@^Ea4;zJJMg8S@U;M=!4T-~jY~!m4k4l{M!%M#u7)YZ2aG ztSc2rbk38taXj>LzNV*NkqYqoE@Fpt*UEdddT=gj;%;5WAeeFEj8;g;%e%jv+g}}H z@5sYM48%1BLf)R$LR4~5H`I5tPppH?ejOjx^*8i%WrZPz9W&b!YM4v#NT~fZOm>qI0A;`O3wf#0d zBi6a3QIpe0A^V%qo1IR>JA(RmrDDANf5LxV)=rz9(PD|o>Ib0qwofr$Yy)(p#qD<& zsAo(jqgKM73^_OcbmOg|I8$&9`>d;)-;c4I?r_D_MSwB1)8)ua__>%~WIFX7g(R?n zWqPSN?0G6Ouk&ry=<9TQO%B>jynqRd<}ix#zaZ{{Sdp17Ys9ppI|-2tiYP7Ldq45` zf~(jM6u`NU5qgKnKb&3lUE?w2z(Qm?8}{LR@z;Gn8}7~H?uDtfIQ4V&uQx;gLc7aB z*l9+hqCB5N0q-*IJqdH$TjsihMW7DG{T?J_OpscSZm)`Ofw8`=u5AX5&j;;{DTFV% zmq{k%KRo?qfQq(D_ASl+CWDc}+UB7mmI2rvw=wB=ERr^YNM#>f>x9iH$ytGr%1vMs#8l=sn_Fn5Ns@ZN4ZG^Z@;5;~%4O9yqFON82-=wMCf0 zyKXfmbr-p~{7}FDNvr=4BJEL#==EWf&$K>L<&x?CZ8sp@py3L>Ws!iEg%>uR%gWbA zgiIf8z+Nf^ecJW0srAX3a-6}NLO@!tq%(6APOANhHdXEZp}X9xV~b|Wy#%RSS`E5xT zbbYy%;IjE?O2gNDY#p`6|BChyX|cEL##G6_S7xP|8Ie0N2#Ah4lx_>|@cbkEC9?X9=m4Xg5HWEW1 zmB(>2Fkh*kAUwOY1&J41scCJbpR(aU8EGy1TzluwJgcZjhL4)4s$^wmiv3@vZ_m+Q zcm$$3PNT20Bm|$gyGQ3xPpmMQiC=93nN+*PB84XGf#P}L%x6*CKzjcEG^PmhcIFv= zK+(pr9WH3z3>21;9-EszX9tiZ;|>C!qjqdf1f|!*T>WLeR{c#M7!-dJp7c{CudI@T z{(vY8qJK80O&$N~$s-gINS^%?^vgoz_wFg_iNDb%6e#7wf83;_{F4%Ec|E@<0$nOX z%MUePrpR5Q97)xsq0hc$6D)Mw!&9>Hna>z@TfQ!S|fQ$x8>w$9QXNofHhN zuma`$f&%Nqy)Cy*RpL90lhaEn3esd?SQ3KD`eC;tJr`O_l4s) zy1wQ)fSjSCj8mCi#Ujq6e)s9wgOtv_m?cRLMfYU#&c7q#FV(q}yPWM}H&2dQ+P|h_ zc0A`Ay4OV}49tG&JZF*{Nx*oz(|;JLl0ivKc;yYg;C?yxZZ&Fk{A1;3FUmPv3%3Yx zhl#gkY^8I;+=jB)RYPN{DhbQVM9Xvg#eMi88Vf+=0ewg+zvYs?ueryQE@1H2+8f8f zBvx)P;qM=TR?|dPLe;>@agI7Vl){TDddU}h zFREh0Kxa$U)Rfe7MOeFQrKI}VGwH?{=W~cF%&}?VKC89*GpFx#PlVhWyv^e30YzT~ zpcII{^)iax16;%+N9`ULC407%)7z}0V3>3wB#k$&4W(#lHLbA&K)v5XUE2;jSDP;v#P3<1F3(rE48ZF%v~ExO z7nn`-285g*tRIiPezcDSCSEg6CSKKvbC;@DPDFj(lyrl~=7$^pGEI7K5F(@&i>S2l zfUU!i4@-{6UdJ>d@~RGg4_QzyT`dRWnsVqD?9O9AQSU^wL{J3ZpD9~-+Hr@)>|Ox@ z$9)=xzCP3IJ(}-K_IkM}Y~4&19FwggoTo=rEjK=ds?TpkZf6>Cm3Nzd&gr?uL@=gi zXXuhUAy))Nh5&L7s0c8$(~DL1&<&g_aRg~Fvj_Hhq+?>G)^xL87)cxP zckTm%xYaPYI5Maxs*T4F4txO%2%eh#GX}ed^x8+BCn3H5*D+Z3uT%ZBOUGldl2`bI zq9d6naXD+^14|m=5h_KXQ(Ag4k(X9YtfNR>1z_4k*p$q$~6MVckVlDJBhdYwdxbfE`@m{ru>0kgamc8%Nfj#?VS5FJBkoCB@kF5?%B`)j5}Ew;k=$#=iS-p z7@R=evwe8t1HKAb{YSdxUU*uFn_>O#M&yM}Vbx_$SLx(h^I_+KM7wyH1(&;mgif>P z!qdfE>xXXITGqZcrcEwEai&PGZfb!C+@nhP#j0(=4VRz7@?12-Pyr%8M94DCEI#F% z4O1Cp8OTVb?sfn6Y+$KIIG&{Ma^;TIgvRNTEXCtse#5xj1ks65ory#tnlhel2RE)v zhUYf+;`6Y}qbuo&*!13o(S)Xlwfkp2HR+!AYW8d7@1Z5!N&Nt+WdYm+U(%vTM$1MA zSXh!}O)2#)GsV4PZtqu2YV2N<7WU<`&IhJL6T>{;S`~;TS87)=nQeY;7%^%lNVUHY z*EjgLS=H0ciol5MSk!+Rk-gIKZzHnmH5(!#ckkTOJW^&}JwD_$jKCo0HvowT1))dw z2$%=?g)gzXKtc~3ac5Uj;wJBI^4MB&nlV+XyP;NrX|Mz%dEWeuQ8MqoAGJX%OJ$}??H(AO(2 zqbd4NGqa4Rw!&snwz@ywPN)(VEzQ*be8uvV%>AV$h5NpR3w!PxP zFO>(3&gvbH&Mx3hLn#q_!pkUs#6E8l%U;6-WKSY(aa-!{=}d{}D@{Xx*qQW#6Lv;Q z7JL5^A?&k2HP)l<007}Q!>$;OBsk~$LBBh!zQ;WlScsup4K;r{4uD4tm_Rgk!Xy8` zB>4hX^UpKd8Ku`ZQ*d){QfB*~L=L-yr0tSx?T*9z4(GWspPUa%10AAe^+3F}(y(K8 z@|6_>c+`UVk4i}!V0yG_yDYzafYzoE0$OrKs*fZd0ZA^ndh>Kr(xVqoea<(GP`b#^ ze(^gQq+LB3q@{0ALQI}DVqB1co+(L|_7 zE(z@0EU^q0O!c)Lny4M9byLuh`CbEf-cE0ShCz+{b5MztQy(9aK_3;RPRCG&N79NyTc2G}jAY!ZvvM*7fS}7pn#joZ~`0pH?sB zTJm|CkO|npq7oOCyy)tlca_3Fg$tTP9#7fCF6S)q-ottOYQ>wlh9@021|5X=8RMoj zBKGV=HI)1D0XwIfiD$BppP`ea>&seMX@B5&E4#z8?5eI1#8qUU+~zuMPXYUqtFN%d zF#l#EqOdm?^0?h#LlwtC?@NFCLqpn7 z=qN4lwIi?QGlH`67yU^Knn%xg!Hv&-?dM-y84QdQgIgAjud_I2m6s1t^Ldaj(7g%` zt#<&H>-YSO^j>O_OAMCn2cK>ORVc50yhFG9WI~p2rZ29^`M;UB<+cJidv&%$I^K(` z894X1#Iq)&6JyL*h2Px;hrhrWxw?(t38RB81<96`>i~6Mi7@3`)0^MF zv_;yyzqotqUJ^aTMRYmUeYXGh+shMgN6y;w$G@|uVeOia!w>Vnhr~1JK;nZwj*N^z z2}bMV?!9AT{{O>i+{cVFz}NIVla9P?aGyv)an-5ZVDX>xxJiNuS}nAZ*)70#Nrdz_ ztId?8*qJ{)ebsw{LQwj};YcEu=5m4F*K=Ohnxj|W>7rO0JBBt-9dkC(kRr+zV5 z5Z_2e^T#l0iJr4}m_OwrdhC(DbOZzrP_!YM4xLG}!cA=HCh+8ggQ9fQ{o^<+ZzhD^3iU#Fe8L`BNYmx)A?y6TsU4n1=Ezz8#$= zt_>XR@Rz2NyHlq{e76h1)i0+NY5{v=-TqcgWmBi<qgaCoidkKURLp>{?{`VPYk2}s7_uIYe10y4gtTNYHbH49Ve`h?+{Coq{xw=#r@i4vG!^;ewn47x1)41z$N@50 zG_}-TQ)L6+p3EcMGRxDhP}6z>TxYS_bk{~^dhwW+AvEmp_29MSHSELok(L#&?6WBv zW*vtofKY$Xa*#b*qvomzo^mm>N-3)PIrm!3HX)<+LKJ7It`MPQZjz5Z$Id?%QMI6- zHDWN@c6dl+sQiTOjRpF)_OIgtmEq{cIx$eth za;4Tme_7r$rdiP`Xm_xD&l>{bOq19-T;^}aL=>Ra`CN762> zd48lX*BEVAY@Dc3N#FA!roU#Q+=>y(Qi78nQAY0-CnU#-yWEOL0!K1ddy67 z$Zh#~e>w3*nqz4sdvnl8g@7 z+RV9p+8qYx5-=m4-j)(x=*B=5J+iuUvcg=_o0_vS)GBSB9&DMAkA|4z*IXCYT~CmK zzrrI41hC|a+Qv%sSyz-#(k*qpFYmc}g4K5;JD z6A~e!n}kMW@nw@1wDuzc~wM;o$PP*Hl-s=`f4b17c z5aF4TlKTz&$xOGDjGvb@A3k~Sx0K&+ANEtZ8M_DjdG_C7Kh%W(OW2PdpCZ>pzT5JY z5cf1JwpWMfbJh9FKPw!WK6AK$AK+%A@$|H&^_DX4K~{-!_(CF!4S;BfXzI3Gu$vsr zhrQBe{kUQ?4lroyc&b5i{;g7vvAuH{FmJuY?{glq_Aq=RgZ>~W*b;9~@Txc03~QKP zSD7raL_?!sfIL19hExfd=kyxH@`Jrl&3Dm#d4tN*Xk}Da-esh*6Xo!El|1o*}w-pmNMPWHv^_3DxscNha;{tU7^!6HC$YhidUb<)Z#3I`hS*ZSAR0` z3kn%G7j+sc(RfXLRpNS73S+;$s_VDw*BW=oC(Ik2R3y?jfz(U?WSE}QRV<`08g6Wt zW}YZt6!dlWyL|~CH1XM#v(qhAz0{p386vI89VJzZW&OG=OU?gCkj6?skjH6wB?6Hw zJ!7^cTQtHi3pjcMN`-WI!BVr6^UqV>LT$lEJ^tb59Zgv87wT#%d>$TZ!789W&qaI! z()BVoGLc%T3PYMz{MH-|l-+4dma{;Z+ejW|c{07*C0(Rn?h*3&qp1bkgNcv#foU5a zV=Oeq%Z5jXx6QNfjO4*t-qyJG>^Dr+asA!(Rf+pD|9h^2_w7jfnF*e3<%fb=@f44B zxPDZXjf`^ODXZWT@ZSj^p7O4XRo5MG#{3j(e(Ot5&q_4=oV&mYGMYI!$x#Run%%bm z%*$cGb;mfyWa$~Bzl(u30 z7@T?Ht?#8#@o7{KO~o~rpJISoL3`u2p%gP2*;Pa}b`_z}y@0%RNF8xT)ceCPB9P%8 z5oj+;q7i}Y(K9a8PyN?*cti_7Unbn6l3#WcnJX=9aH70K?k_KX!Il!x)id}0TcO0J zq2v2aplmQYBUjnZDA)Sl@${!Dh)>5==T4wxdMSd?R1L5QGCFN{B4trRF+&^yv?hG5fv%VYe-HpM3H;_b5up^f!kME4@LG zh{%FIKe<`kv2-pc3RWp*N0_{m!+H2n2wHcYcnWt|l>t=eV-iCH1-a~lf-0Y0r?k;P zLCzCzGW}jUGEU4yk+#G$Q}kU3=fK7m#t#KDFDoVAM(u)Z9=*Dd#LD6VeqZJ!80l52 z1R$ag{;I0*_vhBI#JDqPj?pJ5QiQFF6S%T5Djv75->|tbyEP#SROH6K@ROGt!&=AE zwa+r}OkPHK>5Ab$m#F9(7#aZW^T}$VqNETyc%6`>0)*m>MVuckL!B4IEVuOI_cccA zP7U6Uy&0V+KZ(~kU8UIwT(%yPb2H^&`cb}8ErsqT`OgSRK-;! zaC!}lUPj!jZSgD*Y|u}JxO{bo4G1EfeTtXt`A3L(_xi=T=U&+3!S$B2rCS6vi;4MQ zwEnMR49vh6NCI2M{=p6+@?9Ckd0mSjFsqc8vpV6_#}i_wXbpBOR=rso2WsT??0EvY#J}s^~j8~By}5xxU;H-6t;gXo5EKA52e)BQHLzmmo|jea=A;z;+rjyjG!~$ z_MF5opTelrFtg-}YyTAA=g^>N4K@oW7B}XFcep;VQ#4 zts8^j(b6n3c9-71;5w}p0BD;|zV}UNFqiABd2#6cV$}*W8K+f09wIwb9OVu9UqVM+ zj^TcEFb=rTkVR?{2Us!yofLADKyC%9HcIH7t5m9qavYXAhb>_9%57e~VixoeC{ENk zz2#)B%>6#u2`HsH0Hu^GkQ2S+bE4l*EC$B;e}ClT=-B&?&PsGWJPJ+p&Su)-rgr5DauL30Rzo4WGzMUiI@py$;;0j9^~riG$vm81SlU&t~saiY-G4UgG>ey(wiiz9SfDt-*=EwP!@NP z#hk8@x-4`hWzth-YG-TT)R30cR7q1^%~nr6h}bhVcxe0ES9MNYRz4rR?qwWPAQ{&2 zyadY5-C`_&X|1RM>J$=rzmTM-rRpaYMe4IziB`@>}S(7H~Zcedp8#MUn-vrZb4oGdr{YyYt_wLSX&T}eszA(>RKb>qwJ3(Wg_ZjPzDWdHYAjW5F= zfg$ssPg*qGGqC*K_eZnH`lpKeXU|chX^z_cSMBqQg3bv#)DLLM)&yG%w)d7&Y@{>D ze0EwOglVec$jL)ZgJJdWIaTGCKP#lVCOtAWzDc|VL%nX@d{SJD`l83Yan!PTg(^N% zdfWcaP|z`wv!(HKLi4I3t)j_(UY#u@#c4QXWnI*4t+TRO0+g`C9PE%InNj*FOqO*% zI)y3qn1tUU=?XjIv%KmvIfN>ik*&?;s(H7Kk&d*R5W<6r3?sr(i}f)#*BT|kDC<=3 zRz>WIZ`CiwSEbz;K)U}itDF>`t2X;a83|z!1|z48FZ4Y!H6V!qN8uA7_FhQTqX4UN zeZITlvYf}3&sN&>#V9kJU2ZH~K;fy=10H$!OFs9@bNUOtcjU^D*m+mvs6ojps(s?2 ziCxeKv_6(_Z~$lN=5-)a*L)v(8n8#l`e~=wKsgtZ_tWF?X@(i6SKtp8<(e zzQ8nb#eL&Zk;2FN7v;Umiyqd!%)9(!WNjz;MhC9P1ZZF7N*bRIR4QxW&St_OLyd`S zIqZXsFDW2v@&jw%@~Sk(>Rj03nA7kF(Sf1V)qI|nTULDQ-X4Bkr!ZuNo%y1KP4?#l zp&8~~^IIyuPC@D~#tXtN1hZ*A>7JfUKwE5@irLm7nKx9dPkaqSLby@j-O?6wMnUs9 zrSX+WW8GbAB?MLmHBY%(WdDVv*06b(9VS0R8Tv~cjm~-F@FE2b2*=V*rVk2K`bg1E z-bm^)JYYdr+%w|w6r4q^njnZmR}2yH9!sj;M=k{w4*-h&4Bf|aX% zJd8r;by$&_tidlmB!7V1A7ho%$nWAyzGGiMHO$k>BX!-_y%dv1>EcXQZ(b>$cOxPe zn4Z`%0R^6R$GMYKUqag#QP~Dp?b(3^P)~tjAL>gwEi_+n3t0r`afz>x@?DJ85)-z3-3=e-toN_rTg^BS(@|YOjpCDn0_GM-Gluj|hTim_^S`ltHeYl~h70 zoX-ovTH_0;y)j31U_Hri5MEhaoATGC>MvLef`LX zy#&Ad83q_lyMMavsI+$zYpa2eR5(x|5hCpk(i)MR&u71i^$9U)^^_2uZ$cD=6I?$o z@b_98BKSj{^wznKFWrL6x^iiAOt21sm1Xfabo-4+0r0RPA+R#F_*RD+9x+DlZ{sPb zgi1bJz}Y+kRCRfZ676NL^$96M2%e(P?&3`ak`aDQ>km8%4e(>97d5nyF&fC=sWP~i zQO9NkFpGY1@~67vgf^R(hd~9~lSSt`Z?(hnT*XlPko^3ep4D?=UV}(@Zf(CG8&pxmkMc7ESLyLy;5z5UdvoyhCJvL_poO2F2!<((UD~>dWv^4^@6EowUFHL+J!N zo|jy2R>1;a{0rSKw0Xk2`We2&A9@;y)|cf2S=}Gl}I~RkWPB7ELk){H`n*7$T>IM4Q_$%O!T- z7Z~|RcnhqC!e#ILZ4tNXBzxU&Cp~jc2_^s*7(lHtA3F~N0$5-{$0j{(*dM*isJ2JP z&du%(W@D5Z_X4Qy&Kj0o{k_r5ho<>_qmp1?FOFFBp;sYU#kPn}- z!(WZRr|E;VWQpO$_W&9`ZV%4`w0$Iw5%B%q@iIz0H)-WfL>xU=XZf{yuVbUr6FYmv zM*B7i11N=AwM=46EPqheG^-I1NGJffXMsmXj9cJQDbMm^YJ!!c%y{9!aT(ByRKC5# z_;x4Jrw)*-xTPEOynn~VU3=$&Wdq2i_NIr4e(k;4Eelm)TygP_j98YEGx*D4Ct*1O z2vy8(o%?397BZQ@*Sw(oMf%Q2 zyl_iWftJV6PmF@oQua9WJ}=1UyJ3Y--7OEyn~$ZBB+G_(VjCT~yKB@+=F~bnU}?=_{x#(2UTqB3p6VD`;=g+UtrtCebJ(F=2hln8$(8Sc*fTJ=a3{r>Uz zg_PxVzG(bJn84L$Q&^~l!_1?LGXesS6y6wV5sxO|# z-XOgGs<<)QlFK0y!m4GGFrHILFkNc|4?}kx$dFb|0!z4)Ux0}nD%;e7N};#A6%SD^a$lITB_nCvw3kY0mL&wJf=8_kjEO za8yQ$&)(hdlcd)em<)h*{e@ZJ(?POZ7R6KHo83_We?6arjgsg-o>C?KByodv1}K{M z-~lqg;{p$xBR*=h+I3=0Lx6qZ#|We9Jg%yAdlM)QQUoK+wL9+a z1^zy#GXUB0Jx`U}SGR%{mI9Hw%p^l_%aO(BEBS*L;EkM{UQvFF9=9=)$TMtna}uN` zf2xN~dSI4)c+l?j4JrVj*xbrJEATB;Z!F{oEN~qqtfD z-l4_332>O2TnrcO2R`~;rw%FpZ({h`^fVG?E_E-3_Hoj?d-qQ|5%=oVt5JH|%M+fp z?_YSRxOeIP^B#TnSC8_KP9o@k_E;A-40UsNUn3`W=;;Q;40gJ9;j~TpWYp#*?`_hj zQ1v%%fd7APF)KaFPs*5&Za^V>3OK-g)5{mm@BQrjzvL%v@7mv926|ZFRGJ!PF_ij6 ze# z(9tz9VQEtlJ`=CZe^p%ntv@y{^r$_=5sMV`YZ{J&DHkQX83;(8-?i_wo!@*i6rQ#=3eAgm8a%aO z+^#@8V5QhISvdLGS5o*(;y5=B7O1PlkgJyPaZo4e@4@-SGaxrp+dnEhb3!n~bB zX0%ekBxj+*Pq#p6X6*wWEqz<4PXi+nvEN>U?y15?UI?r65)^|ak0sUM%)qUd% zMZq?U&uy$K<@DMXb;_!~i_Mzx(vimIb`;5d#*8d@q(Qu0D~B*ZrlTcLE0UT&#MGow z0VKY@i!kwR-a;F=Vu3lUz?xT}u6C27yH03T{0@6cyaGtxZc%c$+8g}w`oJ<`%!dz& zGt*9@IFp0N9lP5}t~c8fCf40ewKEsp^v9`Hq+s0huu4iD7HT8_%6GYEiQP%iw^0&m zwh(MDHmim;5JjkX+SAlD7F zyDX^LUTR>g!zj8Kmzc6Rlhcx#1deyrUWm+UF%f(~vdOodf-JLs2U3Y$JL01wtrkhe z7#BzzMd^{b<^>s4{)8Go_-KY3M}ds}Vq0<;}FD1+mI5#WTE>a#c7i)V{G9-Z0k z*+oVBlM@xTmjYeFf;syYl?VCdKN37!@A4Op%~*T-26K|_DUNbW_j&?ul{!>fk=p!6 zv0orA5V?UJMcyCX1Bjd)ouGnr5~hC8T&pr)dFL}}yS06&T5(YN>}J_d%jib@1QETp zY%MzY)jj~ypiyn^T>&ZFa>u=>%1WqJ1$cp7-x}pLl~tTntL$uGC_A`eW9YrKc|~rd zL(siG^cQSSJk{Ft=q7a~q?Q2LkdE6%b8K)QHIh|nU{C1SdXwF*r+yt>9o~-kNO@h9 z^E9aH>drd}@a(pBX6rSB`tj*6+vFGS7XB-@4yDr{j|W$6F@#Pbb|?+#DdQWoZfW?5 z%NPTXC`6{!({)PfeW##R+-fQkvMyTLNZ47Pq@NwhvZ`Onl`ma@lPafM-nwdf`5s2f z9Wl^`fKH8J>55v&%c50YZr<3cSdR0+&4=Hrsp_#SHJaX;9FqiZ+;lR`Yc?Mu`BMWA z+9tH5iUI+kB+h};GIot=a!_viY=izZBl?vGHX3q`fZ1Ghe)kpk0-MEMs~XB5GbZ2V zy5^7<`Qy7ahMeu7Us5~x7VlMxI93!p4$#FSz_`h|CKzZH{5bP>*;*T zOZVI`La6#xYtSai6ZK`jSkpsWAXWr1w1i6tG91X>dZ(na@t|WWm;F9&Ba(HbgVHsg zC72NRpf#fZT#oXkl1ML@%cFJ7xBDMGaZX`ba)E=w%FjqCKZD-e&OPTxN zl8^c%yT8M`6q#4EJPuPrON$;42oEwu`f}vI=w?C=p|=Uw8k4;tC*)+<~GA+?vOr^SSbbX>#blKg|c_xd6CoP zGa2+}c&d8uScL`my$0(-fbC@VavzAU)g(r)o2 zECI*^`fT}GepZ*7UoUJv7GwUyx*?PK=YX0w(SJUYIHi`l%EVVZRqtvVUZaqDEwS6~ zOs@WfMF2n8`6zODU3SW7dMSFiT^MMdXGLXS4zR#RTktOLbP%0YHw1cuWr`-Vjbs`H zgz8=NajW0;&mbP&&ji51K1T zx2ZzflRaUd}AiH~S`859p^;kppAyH?@zU9(yR$#@&gDIsiVt zxZ1`*4&1%@4RTF12sX`_Ljt|eC8bX0a|&$)c_~~RgeH4jlQkwrfvrvLUueM*Y_lMU z4TSk#%g)K`L3R5Hr1SBkybT3fwdGP1E)?|OAS%|fK8dp(9>iBaU)ezHc$0;V0u`-$ zyGyuSQ!h;^q%cV~u8=L4Oga06hXC7XM+C{G*%9HnMjCTkO;{ccMYDt}NNhN2nla6- zvnfe{xtsykAJgqKGkh$$T%85h<1_sHuUB5neD^#Qvsfut&!8;&h^polXj+lH^;L<) zqkWrE=Sud+Aibf}vOiSoKbM&Y7x*#`RVmen3arvIzjZ%&@fy%~M$~svwB&NRv}cWa z1wf0YwA=@(FDsMwh<8nn%irT|Sy!uJ+6}*LrzK5%jKWwJd$swI{J|E7AqNuItx!>X ziN&nNo4Z46(R{t!9ovfE@iAU1=pR)a%TclJ0FQNwSE}41U6_JquTY+RxA~}bSAMKe z1jfdar~RZ}e>3L#)%L8gG1rz1&!uoqE}12rckh(t62$!772LP}{-QiHyKSFw;V$u^ z?keIbLa!iCa56bF2vimnViH~gRfLk?wZ8*9^gf7ie?b1HHdsHL~!+Niq}eA zH2wcpQl0%=OshQ+#W46nt8wAU z_lhr0bZw>ZlOeGeab}wuHC3I;;p<+u<$pX8+(4clE58eWgRD16<#+2IPUr2X(N_mP z?_sRi_^v(V{oZdO+yG>T<9kV9Fd&<`u^))tHlc!d35r_0r%r_%ntR=M;r%<56PoMm zH>pI&4wBP83+^}@ShfbRVd+X5-`ZRp1PO<>V{P8++03-^Rkf{rUeg*Zt=h|0PcSKkf7X$4%Ys?C-yh9IiRg zm;cD$WDg8XmtU1Z&vQpN<@#ARg(aU&t?{n`%!|g}3=9n9*-v@5F+kK!TfTk&^>#wN bC#pNhMOU_?L$(Hcb0(Ts442TlaAR*l#Fo1Lqp&&{+q;yO75JPvT)DT1W&|UNL z`@hfg;aO|nalY*Pth4sH?z8v4t_Te^1tNTEd^9vPA|=K5T4-qK@Td1h+-Fbs*+H}a z9_Vgb3h&U$M`?GT23WSTsdxgBz6ZGMQg*8*XVXe zGz)c0tdn-kpbSMzuNc*m;_|&od;?pIqB>me%ll}Q`Zrs~7eCMhg5K+-4bvP3_B3wO z`y6?oV1Tk`wZ?Pb|F4ng6V%Gd$)!{gz$*WbdEtDUTfjiBoEtNu)T~oGj*pL594T%q zjir~BWq{H}kScWngcoRcJ$QOLfo>)xy(Zt-aEVr$*s!>v$)V@}_mhed-bVU`B5;XO zuXbo?2;}ZwTUJ_X^(QlPYzHVToT#vQ8od8=@-)q%L@nWB6(U}9%cmh&9o4tS+j{AP zyJx@=Na1|q;pD`#5EU6|6_7>$SMuWSURN#A+-ck|g$5@>bJV)3>s+GWK?jmaWiIN#UQK z`T_?6*J}{fkaew9bTB~4QLz^sWxWS`RzA=67!OeVjBOgfs$Hj3;a$9_$swVO(|^a8 zC1pfq_e)eEeROoR9B--7AL|g&23GAqEjMcX9gHpSslAEbY|Zxa zUevK~t;+X$fL(cIJX>yHb|{H=+k-t}ePd&TIyzOvxxDTb0e&vfXKHHdvuT@%(_(*M z?E=i}$Uq92zV9%WA%)zVE^(0eUuh41`+c`dzVWicOKZ!W6tuheOmZsoK4-!^Eq7_| zbC4fOX4b-3K9bR~y$Fn>I@{Wg)1lon$hV0cj%vPg*6Nq&X0T%nB>4yBF zuPd&Jk^+qwB)$1|lW+6AYWTc?+q#im2P%e{olnO4hwI>IX#!gn(o6%()o1^^JO?vEkv;6H{sF z&Vg2rivZdTF%0P6R)HJuEu+1z@XdtFfzWHrYNil*+}F6*(|V>L;B^PUHH%d(&93cC zq74$Qoc@b~7kU(U1w*ELEh}MPLx4As%bnbqaDMeZBr2sO9)kLCWXPl&k!Vyb90;rmgdc#)Nwl|Reb-8o&8^?_ZBk}ewU7u z=Z0+;h7lz|;!4f(hyCX9nVZniB(=sQc|NrKk?@F$1&u@zK+#Khuj9*kUx$D6S_7R}Q7kjuHZ1~q^-Z8VKL!@{>kU~~xnMBbQ=h}eZTQtY-SelF zU{Es@$ZqjId3U!80RNLdOBt)peRbvbWabJ0;Hl!=GzB~+@O(YFyN8)iw{2)>iTSAY z?oe6E=iy>@N`7}xuk|$Ha*(s4_6Ur+E7HceVG0ga8wWMv)PfJH`l_W(H7mcWFywq9(V)=yEKinyCLi+LRy-L*Ydpg2L_kyS(BtD{Hb)1mjFNbsRsrt*SR z;Jr7TCv#Bmaf0DN^OPv_TCrj7jN!h6A9%3|O!Q`^zIFQX zehejP`=0hB27JGMISYQ66?^_Io>apL4Rs7a#S*S=uv30mp(V7)6})D{_T$AgH*Iiv zb@MYkjUPw3QPjkL!wOsUA|3%oJq(;31swUM6sBkGro};i-2!hXVg$^zR7(CTC-LO- z|0c=zLDtP`iD8qFvVz!)1(1)AM<{8c)Y6IbtyJfNYJ7wLfU{CrP(C?HOk?@f4H&b4MpvalT>I_}w|sw|jR z0ETUo^%8g1Cjd8|6F0Lgw^?V%hz?7SjEw%4D~$+z-f@I@TmYvgIFi)#)XU+_k)>bn zw>@5c30;3RrDxH3yHsiHN`V!4{J@Y08XX?aU#>J9MdYOtS83mzkBhaeQq<=AxyLdH zH-?5krZP`%vS#`VASqg2isIk;o@nm(`(1=Tempmkv4-{9uG&blJfMb9r)_zNlAbQq z4frv07cs|5qlI|uSA_QyJ4&fk+;P9+aj)WcCd+{7btlE7@C|X0ywJ|rNefHuLa=k- zSt|EC$16UvjjS9|bb}FU#^6+blIoOrN&NN*#*7!q)?^cK1Q7=KWi}ap+mNhV=e3d& z8_Bkzp<-m;pk6?)e((paLfYo{6B}-$Huf0N!XaTD?TJZg+T|Axa({G> zG1{eC%3*Shqnp%|?uctG8UiFYPvA7kDX2uhkxnho2_IuKyk^E|I_cIwjsSNtG}n+? zFM4Z9qOq{OSm=^FB}s~RFq8=P-cM8So?3%^5{5$jhv)|*wAiA5LS73AhF1h$lpr%7 zr@(&j4vSab0t*{n4K4V3QeNJvThbTqi z#dKfOiaB2l^fb!c9n_2!oOzYezsda(G7P?FK=mPkcVmw=i+dRH(X{ANSy^O>B)Lgn z3CwOA^s)%w%UCeKMbCz9W<_EHq85Z1Zc+2VJ6ohW>Rf%c*Azl_aiW_ucHXKRXJr*q z#4EsN*kM?&-G8cVdaFeZzHdgCIQV5X856Q;|tkWR+kq!co@Uh-k{eQUd zHVlbsC3cwu>CDBfWGfbvjX$4gOj;Nc&1d2%@SwcFS6*-i)C5C4%5Y~2e42UB3UZ9U zPh9BUcn_zAH6^2;$nU*;U&!QQ1Pd%f0xN;!yfFpRaV@uqn^CXHumRffmfuCb=UTtj zDW)MCCzu#KbQJ@OEm*ypyAMHQUrUq)R-cQ`3xQcq6neMQq8ih0G9L?3U*IpK@$=S_ z#G%Q?sr{$6-r;&KHJtYxZCgKDPwV!URTVjTI$T~uMMYWVV_ZhN<6fX);p6^q^K2*P zeC}$y5kaveZQ2mSTx_4?=D~@(C1j&sY2o9y|8TIe_tb;XGqNoh#Ipg!?pGNe&DBDf z1@3^4F{s=JB;pY?>RQKCp+)<%Tk(xRQehkZB#RD4SQewGrn_3(-ZG~dtuTf z>CVgJf7wIsv)(6^;B-!H(?;Q5lV`nu6N>I=+D>TZiFvUW|KQaCM31}QvW7ovKu^QS z&r)9Ad)#tJXmq#LmX#S5j|86|Q=Uecty|)p!8;eC*S4kGoV6AmAs&ZED>c}TI2b14qaC{yk#u&3 zu59br8--FnkW@N`+AJN0=vy0Q+WcuA-~M9H*R;PfjIZs?*)Z1ne`JQl+KLpt#wQhn z=@7Ft>mcI|u0DqN! zRLy?VS@M0623)zrGT3C9y2g%oC{#uCErFz2w%#emVyVZbp;@0~sYy)?in(FMcgwH` zb>LEeIBwzC@IybQIHJU9MF-GM6RL=1tg(JSuBBBdr3H&Qs1GUWX6k;nvV^iICgXLg zR$*aQb8JqT1l5VxBzzH8sX8xQ9G-7X$wg|MzHzSk0=oNn{T0*qxL7yeJ=%QQe*7mw z%$O%v2d6?Z&W-~8XoE)3q=P9A5ZI+k9For(B_xriR@ zLgyE^XPKy+fNcp>EPw-}$^H5`+Y|M`I+-$+)b&d4qNAjub&{o*72Y~t5)pBsMD}p( z&b4Ije2`eKcw5`z*r|{?S7a#X6#7YkeJhhYl4E6A*(}X)T3xc;K{ifZklb^ad`<^B zNmatALhSg**%EgDCRJ12?<*k?+eOmK@1DtMuj9LIbb#U1(b9&cv`4A7Ivr{jbpcMt z;`79K1{GlbX?Zuq^e>vI&`W@ zgP*Ct_Z3LP)a-k&Cw3cElX-}Bqyr@|47ajm=G0(?#tg*gZXw9Yx4Jq|Tr8z+xME{a z!~<&^4fH&fh-6o1%QT^jx?Dv(dABENSl;HPq?0kL*0k<$mTd z&HmVIaP)Ga{Be6;2uu$ZHe4Yie2(d8_%Y3gU4}v0z9TR#2>kHL$D`X2!-`hdG*X%G z`376iOP)6Z+S-W37jIluKMx|Oru;z^Vc+O`IEJhn_08UZCNH$0*+X(c{ih$^>psw%I+aCMGCvnTPf+<#j6K~ z09kVxgjPl7lX0u0#I>K2RBq{m&O1z#m*-;=S=vJ-t}O811W4jZ!{M2=2~s zOR(O-XIn3)6;#LWFmkUR=rqWkKm)+~?wF>lsTzkj?w87T7x1VcNI})Ui z3(vm+v-Hki1YRs&W-$aI%u0d+=i@@$a_P@2fFJ36c+)@W3Nugm!8G^IK6u7;zp&Iv z8u=m8d$27rcoNo9b@7MNaOo_H1$tbq(|`?v+D~c&)OUZWb|7X$t7`y5oJa`H32W7m zOuRDw+TR-ZA2*)of5YuUh0#LEjL-`dG2UHUC^zvFcsat0c=LYU3YHRp4X!9<$Tc6l{dPsn=;8f!VVBS${QYH zoA|{eG^McJj!#e0;Dlntf{$E*6wiIgLE#tmse4PIdFW3+MKcM^0Fn5pphq$N&-`%)qZGQaNv^)O zlJ0iq*?xYS^UE7nS6I!fomQ?}B2f1qk##x%71buG38e41dBe0)3(cHV=10@{r|6f# zS(xc18D|G!0faRS3m;C-K~><#4m6XZ7+cKIi*kgHpm}WY`>XZ|)BE(yOjW6Ew@5)# zYbxQ7yO+z;I9>qUpjN8!vI%RFb1cqqSk`9M~o zS_$nd8QJg5j`^?p=8nWo(<_eNr|vJg7q8eiZb(nc0vr1uoRyy97e{Jc><1Uulf-EGS&rd;QE}Hy{nM-u{?hNt(FE(gQlub!Ghv^&*dz)@ zbDAZzP;vIEsz^jsZ&c~LL;c-vs2!w3Yr&pR^ujhsydtS<Bg6*21o)iGhAx4{s+|t6luY5OX9)b+)t%R&D=Ua^=q8a}cDXp_Aj; zx(?s5^Wz&+V}%PxP8ZKwyd65_9V@KK4QFx>ko!tgNyar4aO5;KL3-Ykc~CAOjCte5 zu|RmM=1(zW4)ecfl!-R{j{MhBkH&ygctjA&?*u_guoN)b4jCcTmH_w?qNB+I-CtQT zxq&t7wD1?_m}`AR2fntBsnwK)p9CoT&2#COlqznmT7GroW;k4nyt{Z=*%a7nuzgh6 zro{*xm+@Lubm7H0p<79%r7M1h zv)sGlBd&vSJ}>$ZeuosK6avI6h_b>E#x!Zb$>hSJ+lH9h{I#>nAb9{upk@cl(`4}(CmEK%bBC9p=;-6zJe8ilK zq^pn1!|;#ZPk_~^+O>i7ioF&~GbMuh-p*j&ErmtZdQ{Tb0a@mFc)eacxn5NQwg4SD z$IC~)0ey}KYTpR0`+3z_x&W%SX1mId$n5g*YYlg4DsE+=THTCDJwJ4bY!@dz!GbS&I@D^cC2EhDxr6<-=kyIDpIpd?_!IlA3$ODW(2gg5q%r6G zX@I;Hy=^$G^=L*fR&sB&KGQF0pt18>mFr}c7|#j#b#7ZnH#42SHiA=CMHfFc>OwMO zaC7j@vMXju#?QH3SLm;4;iw4xz$e1jV^g<05%VI^R%d7_el zfgak0^83D>{qv+Ae6%ga_zQ@;bk(bW^u`4&EcV!;aw(M+7+)*ZZHQur_;#%}FC*g- z$|$do2;h&gJF8n5(ThFPZWkv8O|J{5nNMXSy`~i(7R7<}UAG%PkI|kj6L)VBk%JO) zW((t4CiyABo?nXmQv6%aZ)fSGBRcjVgmSxwNox(7C|#T|y~@BA52}|T#$upvF9TPX zT330{=DY0$kLo}HJt;@UbZKq8%&W%8R-Q#AUQgt?Q;-bo=3y!t_DFn9dw=Qd_LXpt zP-m%lLw{F|&rUE1)Ue0+1rp)U=smU!Efqf^mMj^3D?KoD65a4l`#UU=@%QwxuF^zf9*V$Z(? zdQq5rSm%{-)#Q%Qo!N{J*p+l+ZPL!Mge)a*`?4Zy{g-t?G2r>=m`2-n;?8kJtf*iW zPK_|GnNauvM}zTuoNh)IDG-~-0C z=kn_7W5v9qck+ctT#rqd1t8Hmjfxp zqd!%)+^x_Tt2csl)E45tw2zxPo? zq)E5DTyIvea_5yTv+@cNTpDCfI~7hGT8P`-iv`s1{yqdDmkIjR;Jcm&#EYELmVSK6 zl4ba{rIVB#vEsiY&N@7>1~vv^A#XT&1AF+r^=5Cr_t)*!8=o_t=J=N9oK$JN`ScKl z=s=Kk#n|;DsY087pMromY^WaX9m!XxHj<**YqTcd& zNnsoq_}r{d-v4<(tme30MATl@g}J9NlpwXs^SXhKv4T!$chjX>c?bg}T9vW3sD$!@ zw>kE0XKzAwk1QhVm%Mmi8IIuBhU~8-vs=~R88*f0y8bMQ|D1FnR8hr(c`h$KU5De% zIdi_p48IU}crI=8g}q#GocQ#`GxSSnGXRas3K8}Gf0M*WuQ)|;_rd6F0f%q%7l@@6 z==RmRJa-!PuBFL7{&8=k5ThA_c3sx`fIU~4Fx6bYjeCCVbENh9LLtpzmP>P;o)p^d zYZz<1`&h=+b0co0PlGi>tnIb@M#4aMq(vqp;a2?LY>`C5RdzYD9BbJq>IjSZRf{Fg z8V4{nSofKNSB2h>9C$I5cfpwH*rF9@2Nd4ggTsE77pfSn@-iN6g^1D$~sp636@4#^M7?L^S% z9m4_FP+0LpWhL3K(Rs5+qhTDx2x?@b$|D1&PUaEr<#A_R3E}!2rK4JI^NcgPteqU` zH2u@ou8An>AcnI9ZhXBHTzXqF_mTd`-l$%gonBI>?z$_{UJku~se@i_T&dmumy1c9 zzDFOgS_>1@jYgYV#|qru%cC@kP`&#@A#Z)0yPjD9ZNT4#KfyB*se@ko?Ee5SyvLsq zl^8m7^@ON$awJv@7m69ah=%F8!YXjUBpLZfhQCzc={Na;QOyr^Ju zQ3fLbG@`1xYl_ovw#rOsZ9!3G2j*8B;IpLZ8P{fAwY+N1_BEl@Yr~walI{b%{P!Vq zR(|gG!>&lT--sFX+3LReAKSG9$2?z&Pa?!#7WjM3g5_oJym$+bk)7fz76o+X zQPX&RjTe4@*%931)qk$$qw80*NwbgcnugIG|Lr#|f00x* zOcN_I?ml{Lhjy)$hQ>}@`bRa@&$c1W*(ywE85o?Em6u2@@`dsVqZ9NL;tb4mXTY__ zjqOW%%(FE6pL`M;6Y&fGnVRdF$WBazb3C0+{F%;A%4DsGwgq>O5cFKRRU#SEWJGjQ zK7Tasi{{nZmUU%mE+iJ|#$=5t)cV$rN_9(4J;DOKV3VqAviZXoNb;o zkCdHI;N}ZU{V$Hy5Kzw0t?}`T{=}r|BlyB=-tF~5Kt5?#S8uU=BtN`@YX~6Om_Di` z{_MSB-S0^|0t$uT#OeFsT=B3q$;wRvv>g{>-Y+y%P*;7traAdOhge__uF0mZsaQ9< z`YElHL&SJfF2C=D|5Z(l6CqRX9R@=1tH1EAD7BBKm#Tg_zWOHm1Cd&X!Gy1k!Vuag zhRB+8p&CJ6*Y&2+VE(I$66v{QQ|kvek7AQkKbOO~zB;OA)0?Fb!fMbfaaxtI0XFMS z+bKHP3*CQ>RJ-zXlL^pTf3b7dKn>uzux`SVb6}G&6TO|`$)9(Iy_O*Nf5bg2!Ed^9 z#D=ZMX}ZE|9#NKfqFt_|=xVQ*j~_2}KZhMY;;*?WgWh!fW0>>b|%R z?IFyY9i~@cVJrX8{k)`ujL71zk-!o`K|zqOuXw@-1ASbZXOYp-Ht$LYL$b0Cd@U?; zMn*>qw64pZYbY4}3>uLks683&`+4|aR?MqlecR-*ue-)|zgIXFffe3Vcgo|NFi_z; zT9VmxD2MX3q}p=CNla|XrFeLg<)Lq|w?j)uhnK&f=15B&Nb_qzbz)cl9({)czCmT% zMjP{s;q(|EwJ|MGqMYb=c`$I_nH!ZWd>t8G3=lre+ku!0?U+uI#{>r^C{F`4On;l6 z7nc}s)ulk2$k07+ERy#estN*LIU?&SLmiMa!znwckKNxQg!!TMs*#6Eu+;Pv<<{uv zuzQ8qwA|e9Gchn8^zmW(Uve$GK=$^{+*~6c(x?AQ(BHnLct+9C%NiP%pg3fHAP4g0 zh~zUf_mQ@0dM*@39OK!<6h$0WzsU#9@5u^4H`RmB^;@Mb!&rM|09%+8tnWuv(w)K{ z@w&^`j9z$)2d?(nMFXkd1ilJ%a+2OL#k-C4%Hu9w{8^kXDM2rvnmxKaeDAzW=$kZ$ z7C@~met@r{s#@T$N?X8kC69Oo%huG$dl6)SC4b1<3lW#XQA^f(bf_r$h&T!(&e}$52pLWWs-`w7{ zd4#tKz|ce@n*r%2ZKft>eM>6~=dZs>JYjd|>}{wO`nP411i4~jT1Sp&_rZ6%ojzDZ4Xmbd`VX+m#fnEIgH)cScJ;+HVqm zXdbLMYjwt6w#_0+oh(11CD5OW2QnuozjMZ-S;l-b&BqzC)?zRcXC)m-4*giEPSmoTiIToUijiNNjE zuO4CXI+4>8iE}@8tvMS4iS$eW161Ko&Gw|Erp~EaOjuZY4SqucWP*S$^KW*ZJb#auW}8I@gVbmfPDn8;MV<6v;SkaboW zg|5cyZTvwz*B_hh!7{j-)4U(B;OHRb>(hTzt?_jgS%bzB6^yI2CdhMaBjv2yukrsT zo&^?>)v7Bna5&dgw>Pa`FKYxS8=UixV)N>SBu=;p=ZcXQpLkjh3QLL8{X%`8N-i;p zV%VvNvv+aM{uWS@*3cEj)*TmF>tw2cU!24rY?f$8_xW6KR@}0UlRM7nUBqoGi*(ge zu19GsZo`KcP3vz~kFbGb@>!w`4`cOJKk&PTASAH`r(&u3-#00hH=?-Y(b7OeBzECg zzxjTy?$`#J3sW{Pvar6E3H!=Z=CWsQ!*5v-kOrOKo10^`h0cutmEA_0TW|5B0rfewRDqtAod+^;x;z?yKt3=y9r;+S^kqN>pT!qPxp-a50&!yHE$I{ z3d`TNlS8fcB(h%etd}@txld5UZ9p3pxq?#M<4rX&$q@-=Wx2@h;=iF^CS?!V5v=@(mTb?tn`vX;#eF2wyTN9o@A7FmIgeSW1sax=3*8=Kbk;M9(64oBK)w9)aZpe zxgTN68s8KBS*y@-c%E?6%VoC~>J}|1PH4T?8?wdW7DevvfN9_Swmd4U^<-9zjq2~1 z3;Kte>Y^aKkUZ1b{BLkJ2u`@0l9UonfT#jPIO70kz^(-0#kj`#OXCkUc}LWl4x;J*U4DQdcbA zk@`|St8S)!#v%GXeN(68U*k@Foz!|b#*tQPR6?%Kid|`Jd*_-s!i`gW@!@^x40%^X zGJ8x^&md5@Qr1c(OBA;$jFle}4fQL$`lgB%MIe%6%DG?%{4%|c{IC&85jyYb{k56z z#x?M)*Wy@z9AKck%8W^>fBVAsg{+cvq1nZs1!pA(taX0QucT$8%kQvKnp!P%$dK5x zMYus2*Y}HBsnI%x2`D4c+<8UqDQ%K}svL>$G6YE^2f~rvKY_h!8QKuc)@`7B-^Rd< zi;)uN>faog6JZ>wE+wiI-Xue_%vP>ya}N~=IhZs$P9P3Dd~Zr;!%0WlOc{h@p<7EN zg@*%u5k30t^(P@+SwNrtJutEw#buGM9riiz7VUPHM7c00Tin{4)PLi-+2gy}<{iS0 zb~{%8{H4xU^M&j0r;__0ge<0}9f88lA_t!8Tw2=#5C}VbEn{?omOb8I`1>`w&yx##~DNqEE0VCHo;$Gc9uyPV?MUTH_PSn?%DBB zs43V5;?}k-Z_+su950FHgMQ8)-X$TE;8lzGIm**}qD8osFD!u)0h#ZFn-k9F-0P}1 z+IG5xFGO*=f$S}uMFSQRZ+}I|mUc2PE#OBlzqX?z_>4?Q)NMG4_Oa+VbE#b zO^FrmFzb}p98E7p4VJ)5Il(XAAyou@jgIN_w$M>r6LDJZ-(SS|)vH^C5m`2dJO8;b zbbP_HW$8~N3A*>I^NjL7?~!3l`7*QIawMXNT^8sr=A9v4%keyX{m0Ae5yOc zS2emwf)mmz-@E*&Jd;IiLs&__swTNAi?a~0yx^=dfG&YJzlu&OmU5JeI%=k}9W0={ zR~~GGFM#-BfgI5iWOnPWfvtu;r>sFl|3a`B#)&t?3dc4IRd-u@BK$84q{QM@SG&Rm z+u9Y3Yt3t1*xZagO*Ejol_$Q1XkLy+-})sE2eaONrKKmP4oALjp-QQcuk_0vskj#n zL8`;oP7UKIf^Gf53lg3UBj2LAdA@^UhU*_lahNE>op@AxzWIt@&n@Mcv7YC_0&2wP zvITZKe*GZg*EAeKb57!MWcA8Sgl}>tEyT%%TXKj_Z|OP_UsIk6ej#2S3zJm!1RP2| zxBMZEVdy=5O+)YtxA#}5jDu@^)9}o@40EURuR<6X7UO-u?sHaW)hGqTTYg(hJAFbw ze)FCx%R7^pua3C2KXTBd1y&UMTcyz`>tcvCh_66w!}-dql$fR7Y=94Nn1~H`HsfG0 z)8b~lu^W_3k3Jj_uS8pW*`G6Pm(^ZQP}qz8UyPW_P_u1_%x zwD@lpCGHgr`e^`Tq$SE~Z4ad0-F3;ky>0R0o&|abcnUIeBe8q)r7+g&ru}<1cz4#-L z3aV2A+T3(8x(2UrUBvd-!H!y)_(%0+Kc4l%(i#%=R1z<7(zRb9iab|V9@#RLS#73Q z9%sK3P+)=`p4g{VS?sz*t8)b`5_FYxZO@wxjUtssN`;5`A4AzK2Xrq(?!KVgJkaL7 zRLuGzh|bA!(IE%O!KH`mJNYSoP}w1VK=c;Y2HikD*Ax?5jh>*(@BI$Q-nyRV z7T<%NRovL6;>(q}6Hh^b3gfE&Uju#F1 zlsr_rZMvW*F+Gd;ZS}TeR;Be!Y`wtoII3WN-IeoE6J?cDCgxk#Vc*M;w0SpMBc`r{ zA0rb(-=Vx1XL)obl>q4=&^C|GTrC~-!u%P3aHX6ezZiWmxMArJY(84WgJ3!iOtrF+ zinzDAs{!8Cd#u^|;lzI7$p52Tg+& zIf>3YzY`!g2DFh;v!;OW5ufcv^J;9zp!LhXoI@&hSgb+<^2n$d*|z)Bq0b5dq_iE? z-UjZ17OuV*(|QoFcVSxT3L_A-+DqUQFyE;}evMlD#cKoJP+W%3y%l{Tv#vo9fIM&Y zz`f3^UK(fSvcahJZ6L~LYgQB;M+bB#Ky^~wsuRp3dD|bg(s85TlWxB~X5z$(Xn0-> zu0*D`0+Yp;Ml)f{JQ-~-q67HTPv-iUS3HiLQUn)hN;B%hRcSPVv*B=Zbi_HTNT^DDa;luHhhe>29*5W?8bv4Vqjn=?>=SIk|>t4XFTP z0G(Zp2rImV*VL|}new!;^aRe+K_=m{>i7F5q#LJ$VRN>$X6qb}$sat^N@{`VlPz*X5%RI{ z`O7GF_i@`dw49rYz0vASa(+37@6V}(Y1ZGi>fiNz6|f3;b1lvwF3b=tJj14a9{xxd zDV>2Yp7C>nA;MBsW$r`L%ovao_udl+jiImiKQMX^ zw!6s!{})R~tecxObVE37L;OU?=jN8nHXfe%TpkCi^~x=>O}1^Dq!oaf$1{^g{b2%Hxzy+BMqmn!bD zx;Q;PyJDT}9%e4K71vQ(@WMDacdJ z5(6eqC+yC6J_^d$Pk~~R*k5&byKz}bPWLJhed>sz9d!nL)>1x*Rw7#0eten(j zJ~)oVY0In46c>_(Wn+9~Vry4jW!_G!Tp3AmTZ@stwd07I)?d}3U<=n?BQpwZb=3n$ z?`138Nw9A%X^lVXmjDILNaIZJ*S4v;=>s?7JkNSZ8XiAT7i6*Gsp*!~xiL1h9Cs2R z8Biw-5Zk@AsVd7p0gY9>`)dX1CkX;?O?i+W=fD3b?oXg|{81t}nRfLZ#m#@ZhxtsI z+faskM$FgSU$=%+{*xa_{;smb_J7c8|EA3s@SlJ{{fW5VeI$%Ne}9C!LuFh{{9uJE zx(AomQaDa!m*Q7;v}p>ySD(*t-sWjuH1T~Lxg5$2Q|eYZZDp$Z`8nO5SMtih?<{Jb zZ!y8eTULQ`;UgBDT>dTfGrPB5m%}Q4hZM652?RsP$2*3R^lyt>RGIjZg0HJSz4%jrDllfL`l%QdAc;Pa#Ajl&Zc9h0|T3}n-ea4Bvwhz z*nlwj{ehL=Dh0&?06ZQ7=1%Kz5naY%5NF<_VVyg1Z5OIsf8(cAoU4a0EKg6b| z@6!KGPM)JU^^hoHQpo-D3sO-Wd5l7`hJMu4t^t8 zf?NRmK_Bi}%Zy`uj^zMpxCWPXC3;)0uTAX7P_N

    S>YfK1?BVjb|bGpYQC-OP832 z?iQ-tGt%ou>R*Uccf7$!pS~DLc5w-_Gx}WjtCqUSzr>h`!Edd5m9}KM-7!+?A1{k2 zOAn+&g40I*dBw(rzNJFY)*p)kK zPY^(P`-v71egF%qr8m0UW+0422sZ`|0jrAs$18So^*V@>thh~F>-Rwbp16zdUnS|*PjI=gYXA?`X9&~yPL9|yiX-CG%(33bnM}o&c0s=4&t{MeS*_Z)q)j~XlQvEL8A!FAa=6|;yoGDdP} zXoTUvz=&9}oVJm-tFsEbz8M2c+eZKP)HNU@ZSM<)75o@9(zYmJMaOjVzKFTJJ8Ell z+wjtO>isd04L)Ci7_AqrSkd-g|AVN%iRwKWmjhVK2#}X7^f7=XLo=Wu@Kop46v>+| z;C&ZuX3*z_Q{6V}wBv+Q$~KuH{U`+C0&_(3aW*vMKZR6xQO1gjuulcA)m1)k0Q;Bg zCxuKJF$UfBeIfX^a6rMGFAzp+b8)(ZPP_A#eq946x-i3+)7JS^*`=5^5o&`+WO#q{}&hvDn@p2^qP{&H|C+xnVA>nmtaru%tJQUg@ zomMl6d8hU*HJx?4< zvrHRFN-B89Ga8)p(nTK?N1IH+7wIeO^PZRKoU5^8RvPubPcC%N%{!}kLk2&N2ecZu zL7#`U0@H@Sd+u%Ycy6WBkgzf3d>7PDV{k59zdg;ToQ>Ki5wZ;l>$#tgM4a)2NfY*P z1su+NlJN2^YPr7uj%#Ort<4?MnH@VH;X52(2wGD-y$?o@zBVA->OMNY$0Rx2W{`^9d z%p^_SpQVs{Cep>vT~H(Lc5AS6lTV3Ik?=fU#Vwes!bo9mJUP|7yP)8}da$esBVNgMUuaN>-> zZC42zaS*H3*uS{(j?Kz+zDw3JX{#~q)`Mu;_wTJx)-g&zM`qnjtPlV1si+U#{Ko=H zvhOc6`@yIqRKT+&{2a2eM%Um~1>mhF2N|}k)yVP6bAR@1MwwUa4B>!^l>Ci*3B-+> zxLfW2Bz)V$S~)9(7{r!yN`I#Xm(l%C&-pP)nwfzjUx9-^NmN7Dn5sH;!eTJePf|tQ zWvzr+=`pD3_c5LAEne|!ScfDrmJ%;sYeLBIO$5f}pZ_a_?hP@ipSnfao(>mJFq&o_ z)5M6o%YMdIJ}u<^?QpYU{~?n1Hy#chBUp6MCsuWp>Xb1~s;F{$x_NBxRp?3b0F>{q zAwQ&HORHUWB!<>Xv;Q zYE%iEnxlDt7}Z|O8@Xqu5^eFj(pQuPvy2WnX;IJ&#E@4(BPUjP3;sPsxg2;sQ+tzQ#H-2?%>x^d$1cHxg7>NYUmG_CJ*OyBpbb zq30)&ew(!Wc42)sk*VK+KdQ%D%n?#(NHQFfxK3hsr4}}l<}}MBI>xg&>{pPH4u`c( zRXm}qzFJQ|u8z!9vFrvT{jY^~RH4bGyl&Q{H4eG#8zAic^=)r8^{gE7d|>ku z{?v6L8LNX-jBRi1?QK$ysl=M+GLefh$tl1GCxcf&J58*gEZYKb`;6 zdh~LqfLAvGdd>RUyZfhvx6lT=H*c<@kNbc~fmFKm3t>r-n&b%D7zTm`BI753^u4}%}e6)CoQ7dFob_#;~8 zGVbQ5#}g8S-2#};GEg@~p05s0;G5*WqNKOff$J9~=E}27-;bI|N|xigvJG>QWwSir zmeV5!cI{w+K4R`i7I*V8CZn}{q|*JOmi{=Mi&rYwWlr^S8;QU0?pz|P?gk7?i!BKQ z4_ifHg~sBre}UI6CCD;8%S-W~Na6>oIJakPf3;o*Yw~Sql&P>~NPg73;)r+4siP)U zHf(;2uWGW@&0`@58lNf6or9AIoboaSicc}q;J&TOh?TJ@lj05BK9 z^n5tClQCPp(jsQW>eI?NRzR1Q+H0>|iPh;+Oe(^d-VQVo06hWhXFd}XM?)8$j6k_R zg4aqo{ox3(bM2LvTesrd^H2oKV}T8a(sPVg!|$Fzm@#Wgl;QCLe2iV`Vsn z%;BREl=cMG(Z`U<=v34Vhq!nk0_`_qmi~Ac@xBO9OKm9v?SXwyx5=?b+NJXm^sfoR zd!zhd1f6g;=f=V?kAzd%-`%$?xSi+C) z4L#g99S)c*{)pN8}u*4N_HjA$J^xigPDd_4#pV6cbr;mFFk*)J@@l)vX}Qnp9iDf zWK1Nk#;WEtcfXr9SU!)h zGcnf}-*|68#0mG_n|q~sMU6r>A%{%DNu)StUf5^%5TBowc?rubw;J@N!J5Cq`pJf8gP^Z_oX0=H_ra z7j}9k?0s_dXawNNSS?>|uY^9XEbI-txxd|rVEf`PPq&w!Kie*!iwWb&g;4J4ybZNH zKN*wTa}iuGw-ZO7Z2P88w2S9v+IPSGVy5K?_=onLXvYq<_Q-<|2i=cE-v@GsXn!~Z zFSxOq9gQ?1e&R!<)x~`=Q5b2jhkak~?jR)G7HBCAXV1Y_5TFPI&LP{{Rfp10A`aDd zWhsLIM~OIIK~#GB>8EpBg`+kLq*M<-{BUk*njzY*w6#eA1qF^-K>zyJzn;z-UWx}V z+N{pdLzx8xiY+MF5`|YkwrJ2T0KvDDkS4$o{2v&^Q1HR;w9tnq8JL1^`0TOuS}ht+ z1tS3sKN%>%d-y8g!6VNkM8X3O0AKI|jtYRB!Pma_wf5|@&nCZ2PE1GyV1`c)f}-u* zFMjchDF=X;f-=B6{FmgL>~I7{udxC2;Xk?sVL{YZ_@DgApS0imz2D0Ozp+Rb0*)}s56Sjq=Ot%8Z!cts^ z9?bd)Psruk&6)Q0>8tI=t%cy>P`fo76Nd;XV{AR2$Zd|+7E}ecS zR>F((#06UamDt6%$r@CCmW6PQP0au&h(+-yvE z7DK0FVmNvz^q>DY(7y83-)YZ0`}s`M(}!BHCv?_t^Os|y-rAL`bM4m6px?dg2=14! z%m&RP?STiMXrKA)mxK3Dw-9~M7XdH$Gcp=72nW~woT>9!I|b~GZqi$JTDv%3{pwfK zcbVj~Ba>75%H`oEW;Tfqi@ zdPgaP>?&F##c?Q-RbReXW^6Lk_^5}7T6;Ri?^T_zzVcdo>BW~~!Em5G{NMw5>tt^T zeE;74+1}gVE?>ADK{h5Q;TIlz^ojQDGoNk`oOm!+$eyxmkvG|%`P8Q~sGmA{Iwohs z?Nd)Z+rIeuuf*}8cKOmmOb#!F{ZB?vj|uF_3+>9KTd}eYo4K{z#>0+3^XwPer=R(J zOp1@>j*E2das=$KUxD@D{zL7^p(E|SV-eRLjKCXl=2-Y#yGGugCK)T|W74oUeAD5B zQSXt*u`D42Eu|`OE(x?8JcXh}wjCdP?6Gu|0-qy=;Aklk=T9LiM>)|-6(lH)`lUPq zi8d5Y8!I$;%nl3Wql41IL9w;3`;N9^thNOgGtS@r-QUgr zu8oZW8jnZL@d3Zw_rWg)V*K60!*^2CXD-B(P7(v5q z^lxQ17Bu?JsXRZyl|oB{j*)J=KWO!m2R1Ypoy;$VQAOP-3|WsSp0{I}X_^qW)ehe` z(T<)7eV>?bH|H+2t2fWI*G@jy&R%@0?L9Eu9(nx!cHqdKz%vuUGXmbit#)I^mhP?S z+k+<2d#IA%Dh|h_V{&gy)B@M=)J&TS!#)1+bbI32``V|!_;{wzeR;g?KN@2gUvA68 z5ex#)`OBe4S7Wkq{JwVh*nMqk@1eYNcJ9K>2)-+AG8`GdxVRLnurQ75H)q?$D+|ew z6Av7UU^|)P#fRb1(65k>_IR}zV;9u@C|}tSJ&&@9kh?TIIud+Zh{a9FG$so(^ViyB z1Zrt&e`Lhi7M5>?PYhkz*V+RQA8SuM9h2_QJkg&1>=Vt;lyA*l$)wKe@O;W-X*Kw> zdb2GLg|dv(IggMtNKXUt6q}_qT^0ysv%Z>-XgYfY1N( zg?8rj*|r!;?`ifx8n|P68AO=~bSZp55FDZjydl3BwBLe<8*B5kUfL8BTZ{JPg*=)Y zd4^-9g}+&e#YFTzI!;GBcvqmM5P%|ZtQ<5YG6N%cz*$lnfrCRWr(eog&Q{V^5)>&I z$4(IiOf$F&hH!E6pzbqTL7}5o$H3N#z6E{(skX2ws(h<7N5M#YwC*Hu$Y~6NbK`eS zKvg~-{Ft8Jn`8GgA7ihF9*h}(@WMSEytA^!6RUr98KOXEa-*JP+}i0+xjykjAKI%c za4W|f!Ppbtj^t|Bp@KcRX{()nI1;iVTf8h?paUj2WMGyqp%aib84J94Z%4rxCH2t< z4}1mami#_5Z*b&Kd}cGqws5p#ldElS1egOyrrP1-d)u)S2iu{e`_ggyUED+jjlBmB zhm)UfZ=MVX9-jQ6M;?m+6;408nGIt-dFHkD&bhZEkSw)BM<&{s->Zg25RV6l=41Rz zF&*`DS4r@g2n*gHd=yB}2cOTzien}W*h}&SnbjEU!s=4Ha_xFMeSW6xkJa%*j~{4{ zJbAP|{`7tA_yf~zWHM&bmru4AU-@Y}dHSsk{9{wmYdDN$zX6WGJTrHroetVAU%QmS z)jNmhm%QX5PRB`%U z^O?pbLSB0VZA=O#_l`un(944{89TfuWEy&R-+^`@&WFcBe{P&_=P%*Qxi(8Jf-ft> zG5KmUfj@L(WFh3#1==(`>8?N_TSrK**$3S&AIA@V`O9BUT{q#R!~7Q;qUU@U+hyPN zgmO2@?t-RcAE$N}3T%uoQ=c8O$7)mHynp>sLj~FlvJulV0s1Rtu z^U{dDVXMaJ)u@8) zSP8#%vR#NcifCc&6`(aHGDmY75qJ&?zsN6eYpF0l#% zl*KBFQerSA6)4nkbpL`=7dSb1b*=7fr#Ql?A8p+O;l!=1)i-;j(7*lLzny)#_Y1Ff zaN4GEq|ALNMZFsen_oGJV;Vr0)g6P60-<1rm!JO3XOb3t`1#L&k-Gwn=o{boM$T-F z&DOcG0er_FyscHIJS%l$l<>yb^dSkJ47+%%K4Z2$EFi)!c-G1oEdnnYc(@GzfGuaZ z-5zis$rc$}@toXUdtgJLMK32(69e)_%U}G(Ut~FY$wNMQa3~uch}R`9FU2e|9P{GR z`EaghV|5l2uvtF^S!fU3|71FzZM`The(n-@mdy7d#9v*)c?&j)Q+!k`y}mc!v>yjF5NXu005UtMj74nEYr^rhc! z_doDR1jv0^&kA{TJRHX8zG!=`&CIU0Yu7KeQ}3J#yB=+iJo;GZPT1_wR2!c>5UYhl z?ev+LFuif6-I`r#pZ~&_l8!6E)0bWjXBW%nk(il0{K%uhv;DDJ?%sj^#HXH&3Est^ zXQ4gw>{ARQx1){o%9Trz_nFX1uc}CsxWAFI^6v%(S=9T#7nY z+IzxTJ`l1x7?19X{dLFN&p#M+y6K_1#q>qx!%X<;qTtA` z=`nr&joXI&koPKF&a^Ugp)Ib^pL1<&+-fr>T@i>++B>7{9}Df_M~}5*_w8*DJbX0#$o2f0(!-A)4LdRkz8ZRes~tSL*!ISRcY0q;B*quR zw%uEgMN0(vz58OZIX>U6-mez6pSdK_5z4H&@zj{OiZ}2K2*&-hx-hmwFi~(4gbgh z@9;%^^3YaL#5Z|@seFcSMT%B5D3drIyr(O83?JUt?gE;%gBQ4#FL>*}_%7f1%JR*y z*K2XS5{CI|TN-|`%`E<+UA;Wp&YZg59ytDF=-{zvu@FJxR0Q%E*K|0b)rofM&0FpH zU!IGgHru}R)yLZxA`OpvG03@a?pNBv{9;=Ur@m)$x*a_dEBOnVg0q=){;7mh$(h`wtv!hhuqZcjJ2SkDUBg6K~1N+nJ8VWa%9f zq>#_CW5+{Io=sQ^xzFZPns`1wcuD)-gY&T(9F71q6~SjU%CF_aQbS88+9MBrDrWoL z1nAuP*JI*xAy%`CZDM?XJNf3t;N4W49CuIuM%dV%NJk?;yT9tqWDx|f-)cYl(NALX z^iJ5;RQr$q>7PWfuv>901EIHPnYf&Yi3Q!i6nS&=b1_N#bhHUOy>YqSfB(^tuceQt zOhdoVoNu4|+!vxxKZCj)ybHO<>UlEkV&A^$I8KBdW0igGbWASyhyKj8+4&p6heN^J zz4=onKP@?M;Qlr-^qaxmuY`ksFtF1np_L7GsXO1yzBd9pue1($;J38KDG0JpI$tYK zcF$(mBU`i>pzmxzJvKwv`7XLIUjY5w=RTMIj=k`8CdYgi+lCVkZB1ZnC0srkZ0@r@ zLO_cfl2)#(9p9VJ;0@c^x)qo2MA^xxaX)B?3s4$ z=Bds%?7uH3)o;H3T6_Glhok*M1jb9T8jS!KI>8T~ITL_C%3!%J6LjSx-!IRb31Gk?~O~wlDe0$@yYwgTC3+|gV zL-2jvcKn_QG%?=b$KHJ=4IQ6+>FII=A^e%1KG?kAVm#>af(pO?rDvm)9j&92UJP(K z0#G=giLsbj2aWUlgZYP&{?SoeZXTSv65;7u8=LTkrRm^_AK;I~LL_u1R=Vy-c~`UG zj{a-0jC|{@lkK_Zo{wI-=OMoEg)gQpnmpc`35T^DD~gyH96IDZ=8Kuvuow|0{^`V@X8NTkz5>(!%PJL;+F@p13p-=BTY%tVm9 z78A#?l>>q2@PW=xd3J(c8)5gQpH2to=L7$U>zIVaa9y0=sL2mu;rW^c9q zVb}X6E~Z>>3$zr16YL9kP`oDKa{~#*JRk&63T^x_jAZM!R~>S?Ww7`qUwip@gO{!uEl?NE3Y^7TJks8z$u)pWyQ&AYQx8AotE+FRpnt8u z3bcSR7;8Bqc+dlnAH3(6KUQPH&`yW4o{big&(Z}=t6s{Gk0}KhzYhk?wU=LhBZBRX zFy5*5+rRVsZE`w-YXrlQ@fgqacylK4em$s z`&;(`gRi48-Wc=J^3__sz{~ zF~RU)S>FF1nro9D*2oVY#N?($FplxBMBl^B)9T^Gf-cT!YRXT*E(dSBH^be3;zaIT z9XQxMwC8F1{F+WURS&FqLY(9E@d7Vv7clMIn1JZ9(T z6@a^X_`~5XHt)LS^d`I&sCj1Nfxu?G>g~je7OkBw(|KUBOOIWfc$CcmKCk?nHf6Kg z&~^Tc9kG$VJ-Rl*F8je}Z43H+^z%P@zz;S==E1M!;JK%by?Qaf-otmDi?TCuJl$sI zUv5`!{G#nY(D61xYy?pc!>+dB@tCxZTnRhA753nnp77K80g16tCqCcLL%R<;_|9_o zo_KmDhIA7gawuQob(!qVMD*anBl$VZ`Or`Ana4jbm`I-%2t!n7K3HP43o?E`zX6ItE9zl03ChjJJcEG%{)#n|%uXDk&(hg1kBxRa` z7QqlY$}FWan9cyZAVA3J7ze_p5Rx_<^9zT332q?YHAe}zHk7WCYs@oHimX2T$)rKs zQglan%>G>K7tQ6sox@jj71Z^{{0_?CZa2L50`&PUtsCokJ;=+xt2}7yKHp^J*?n+8 zLaTaN9^*C+bQ`~R5GUxGLZv*$W+?TR)9E);O5kEchUSl7(4-q8p#Ry_! zaQV_vII)S*1Cbvi33=INp_5)U2yDUms*cx%TA5GB1Z;Y*_d^E{eQetkEIGmGoNkwv z(g_N>zPQqT8qWkHW+N#>KyHzuULJ!V^^-T(Rsqgk;*l51%Y)y)(cnjZ+AOQ{EuNm1 zx=D<5Hv?_vgkBVMv~|0DYyy;@L9epX=f3ZfS9Za6*rvML$#-N!a4FLsu*HrKgBQAB zOh6q!9ta&8$bqp zZ&(T6IUIg`#I2Z^z&yY2KEm+|zCQ(faIUiP8tXm7kgefgD&x6X?XWwg$# z4+%XRSO3bZkD{?~fEoiRUKW1ss-8M@3@z}$2aH!eA6u}M>Ps_LoGa~W;J6;j8RJ^< z-cn9kP>A+^Ydf?U#uk$aj(5eDoo%G(R}g@EIGmO3tXRRt^eqB%1l?t`Qx94M&JJGCJDmVh}#O8uFTN-M4_1 z3k(8Jq`Zz}$|Y9gOFlK$@ilpn+hUXP%ttvg*KQtoYhkMXtf#0Md zaKy~l$KHoW1*70kFx!2cq2+L1BVDjfgS6!(Kt?e1&rg0jh^wTln_w_v91gq=L33M~+oJ~jY8yWA)*MJJdb#fR98B8Jwnnj1lT8%#Qo|T{;`3p-o z!`N>`-KG4o|3q#>+rsW->)V~(r}2V6s0`=gQ)BeRmv}e?1o+PFI^Z!~>l{?~`8u{t zZ%qh0`h6kD#KA|dO@wmQ?DbL6)BJ)h?2t{+DCoL>m5WTf4FgBjBEb5P_DaYE;H4Eo zoD3K+fS9PHql`Y$O&8X@cJVHbw&l@Ack=Uu;TTtkcP`Lc&3KRwAJI<7%cjsMb^6-* zF8agl+OkXd;8mZ^vOni#SD=m`2MDmCG5IgTU+7y*@PZ{J`uu%u z!K$EkH451BU`4xfG}7^mbIYrj1Islg6?(BJj(ad5g0Qb=@$YQOIq3{qvzTp!Z=d`RJH3uS;a9p9D8U25q|oIMRqVsY>jHJFJ|_;G zbGUsa5+LA~N15b1ul}lC|0rKwirWtu+R3Xjif%m4H{vX)>y7yx)Yvv3<7S{Qedcd! z11G%l&@L67agr-2Pn$9x_iU;hI5Jpu$zv@D1zu2N1nN|({(z(4SF>REVBLR(qwrO` zqOX!V+B5PBu2tq7z~NeZG}br^Z=d%PP>y!>0*8Wx-i9uC_Z zT8Klu$Q9_&%{Dp_6R_o2{l?7NJCS{Zc45H-D&7bclPnJ}4b4W|`8FN~HX>l=Rv?-@ zw1Ae-m0ZzwJ1Gfh>CIH}!g#zD%2SL!O1@;JnyX0lLoQ3P;vB6lQ{&?FqaeIUZpj*B zS33Z&;worbSa9Fly&!xSWFx3W;G3SF%6mysGr5v4%~%#Z>`uVk^<$MQctIZ|#mW9(6PX5Oa>eeG&0`J&uv+<3jA$BMV>$5@g@`Dby? z8_sToF8g{=@Q*{(i9i|k+%p^H(E?HzWQPMPcCZzqy-eq4pt{pglc3WRZf>ICiN!m;Zi%m`dx=@2~V!qPvvaln<}6YFE%d|ENKbjqo37A-ENMp@%UM&IM?YRoq8m-lk|*LxflJMGzf$ z(ec4#_44w~wzv{2-iXfmdB+T9T8I4yKLlAr&EbX)n`omT{R9P#e7v#p6#hM=hmWbN zVTX85kE}##M%0dWW9`=U*)}_Oy&XCy7yx^cnsBkj6CNL3eMV!naK;5)aYLlNZjGhV^NMTlax8G(}F3|JmK>iCgHZKk>+&~`eWtLgEn zkfm9CIKD78ww`oFcdNrucXT$e!y!0EAMxKRjc#<~uL-8WVT(NEz3Rz%4mI>#(DSfQ z^v#I#zEs=S7M6nttAaee4*K)+dR_3c@HJFpkTRx4M)nzF7Q_W2JT*DstMI#<=?6ta zv3l?#h!qp;kv2YT3oim)T=@*)=zvFpR&J4ZjZ&x6rk6OIx$flyw)Zl?8hc;}!L4v& zYs;LV$*7~O{BF0UO;0*L(@D)eRnB3OEe5;atd2=W65d_KAF1%84z4b3KhT0Y1`RPr zld!sX4@?Y#fkDT>rh^C0`KFqfX1y3w*=pYooUdQg3+Ot0a8!ABpT6_0%F9+k_3?2) zOot-K#st?JnnF+9AGhT@9FyI#AS-`P8}*XJpxrlVmshSf-=9rbIntKr_k=vzaFqMa zZOBlN^-!MR4T9~#`=yw?S_}lQW8%9oKNtFKr&67c|5n4D&X~}IZbizc^7)OxNQU)L z-O7@u7$Tg`m>9PfbI%Uo7^Rm2tr*qmfWK^Ebu|`)3-r{tZcTd778GzTQOD3q<#S_7 zV}FQQfFAD_G$r)}M03yx?JLMeAnX!2B%3)>cq*yeuUEKT>+?>1Rei@&TC{0s;fXODe9yp`Uz(|l8!=;>cQOw%G#s-GB&=EqE&pdp%c<)u-Tms335~vHS81x}x1`tYTxFlXH-IY?2jICyG0`R+>5)LoqRtr>rY~?|&Wc_e*GauN33nBpHXv zq#mI<^Z&O19Ru6I0=XbstUD!)sfF9^0K1;*zAqOq{w@alsWU0Zx}JHo<6qOJbf zq8$r;7z@2}8z|d_P5FQUeI1Vp89R|rAEI>}gED=FpNxxq1KRYyPF~uX1 zdX7Qm7PdhK7(-;o;>kD$d2Av&N?Ga9K%@cWiZ)LIS>O3>6{?N)TZIqW=Kbn_5WIJW z?epSJfUF{^JKvnXt&DLaY#j3k!SV4!-$@khopHTO3|S@qtUdWFOB+@|>(iwTz!@jm zrLJs%cP(uO+7*^MR{eoXS??q+U2sNs!q-8{Dynq-YqK$dGFJ5>U}t}fUYo(#234!K zwYNez@1xIfgFB-zw|QD}O+G59;b&1(79h&~Np>c3cM|tseTI=DLi) z#v|zC?dNY+_x<4AwB;B!%m1)2AZrIOC#>-^Cx!i9dgp7b*^G+!&U4mjj37ieyXaFW z`^T7)#owj%?(D>vY|6+?HUnd4Q>BIPhR~GsYtH>CdN$I!S^LTh&TOn+kOkeSZilYz z?LH%}2h}#~Z6laOCGGJif_=A=vNGC*UHEvQg6;dmRuufh!qzA$7*MpmMjtzTkO^5% z7CvF{LB`p+{cyf_d$>Ugl)YaL-F3)y*kJc%^8v`~=hykhV?kY8({}6HPn;SgJ9e7r zfpB|ZXK^jix@T&;u^wRBg!gl!hNer?D+t(L? z*5U4sx#FMWPH{K*j?C#j{|ZGbE{4*oaRoO`PPHV<_7jjf!#p+(ZU)BcZ!^~m2BBa z^|(=Xo5(V^P&cbz=e9uuYu+#aq`_w6x|^`h_da;_>{_4|U}boZ@h}<2nC>8RNfq;c&eF*^&}4Yt2F zfi~)Qo5wpK+hE~NYE06-*1=}-l6QyvwEzn?o(IyE4OKo-uyK5M5$@mzydHQh(C$7A zwF@6VRG@u-NOgXDbU?+4q>E0oAylsuY6CLa%d?ZA_oALF&fef@xWLVkm!Y+K|zz9MI zx3{9rzdHj-%XZ-12KGsSUzZi_w#OOujk40+1e9djK{oQ@wX%Ib*qk$)x9sW;RTWEjvih4#Mt=b~A`T8`X{W zZjU%MC6FdHJHgICT$Z#Y^ie-)NqFy8YcvZSy;h$L*fK{x1mMZ-e7P;q%Akm!WJB78 zPda=QhOkrcZUftePd4nNHkPLBgvKP@@n=)oH|!sLMw3`Lox~})t_CXsDQ90K8brbO>Gf4STACK#L2us^)C%?Y(18*Oc z)kg;4(nfNw3@z19pN`FFx*MP`a3}m#4yw*Z8l6kd`*rGk$xF6_7sWeu<$*pA3i{{j zR(~ZQ*I*;hLH}CXh`Vrs;<*HuG6`+<&Sd$ZzD!j4UXViezAm)(Nw<)7=@XpwuIz&P zfP)vjm)=x)(W%CIi@~^*#W}oHugcWV7sdzBxf%;vi;nK25VzMwi;q}$s#yYlfdK$9SXOfULx& zzAqW&SDo7WJLfk8b#L#lqr39x=SE$sHfub_!+|c!FFPn)g}drk`)b#(C*QaXi0$_K z&JwtSC+j2bp!*`wQkxiG|1wj@*PtuTwOtH{!Q02N(@_0x?9Vki`m{Ok^R+;} zv2m3BF&0$)l1rsN?mleHb6$N*Ro=%{GINfO&2T$MpE}B`PLY$M7f z-!=_N=F#=yGM^VXvaYhw(Wt)!$DmDzqiZ91f3Uhqv!GCEK-W;ziPcp&{wnM8jbSeZNl{JRat0^qLk=@UPcIah|36xLwO{aGEF@vc6^Zj91KP^bFSzQ5Y*kFEMF&_*i3 zqXn(SEBU^M>9^GC;k7q~_4%wG+I`)9PmU zKDX9=+A6Z*pINqX(}C2LNb1fnSiQydp#K8>>lfalp9c5{vwqA@%|44ef_citx3dC# zMWy;LC>=EGH|uqdAMp5cPZVdrQt`q$y6aoauKiBk7`&EEpGCKN=q;Xt(jj&53eWcM z-=F>J9~fu7;!Qamz;%rs4)sgsC2#fB)28y!q@HWwI>$Mn-+7h&s>4#~O08C`NJo6C zCBR3;yDu4ayDi0gUzv%@QG?^{Ryrnbct@`J3C&1kArv~N8+1~8KsPC-YYERQe7laHov|@r0b7^NXy`5-U6WGasEH!b&WctA6Gb?!=J zfsJ#3BXQa8iF5zdtu_lmqkwFy4QfV_*rTofa^)Jd3F^7U7uV$sv>OZDHD36P10BW~ z9VUKx>P}8fCV!$Jal_T;O+SDtL$7*{1?u+sQss^kp6jn46hS`^j_O~k^U9Z;!;daB zmhF{X;6tl(;JWC5%XyXksso2?%huMRZ_=7%fy@hiq)R4xbkMo)$9A7m>-eV~Ju7a> zhr^1!|3;ee7KInXQeVw-92u@2Qzc|mPOmrdKwUWs!LT&0tby0)(u zV|AUn9jU&(EQrWmR6@JI6103Oy%I4&)>vKm#H|D{&kKKOp^Dst+9TL7ukV_|^lbywbS>b)`O3UZs+UbNnxQ zLG}G>55WeU2&oQ~h+Jawk@BTCU7*Y$7V->cMiL0a59BrZSp9@e+x3Y2)DyVW8>AtV zJ%LZ~f+J)z6tZy~4*5#U(eYCB8=4wa(7Vv1LFzOauCSXpOB{hW{)8^lVKx=Gf`)Dq zz=ld^qgK}K%GubMy`JqD^<~5?Hr~^;pp_FTGQz>>gBodR&1i?K9dr zFPx>bK$&Y$I17K}^-~{`o@CF!2M+Rqer*l21xb1CLd0?HT3=C@kCB&lmpp_NmJXxq z{y4#HPaPM+n%x_GXt0j0r-v=wt#_ij#S+~Z;CGMYqqT4l4Z%FXom;LLmN7j75%`qzLZz{q7TpqbtIrq z<1_Z@>24;gjX*mW{K>JRCGvCS8OE+o%6fn==^E5oh#5Q7>g0F^yh2O$>4>H@;z;_= zm2I@ahpJ=Dj%KvAMFfNGKxOcQq&L#7TeH~@yg3sNe9k53#-cAYYmZObUAlBB%N}{; zku_XW$r%lFN`I1e=q!0FzkdCCp35(L1&%e2x~>G2p~-5(R-X3yRgUIrUv2v5zYee% z!Bh|xw5$M)+ciB~Tm6L0Z7Et6@=0_659xs2qVciLHo(GSxAQh;YvG3sN-j-_F$d*Q-`M5rF8dEmf-Ov(^ZQ1=_*k*_cPI2Sw( z6l395=2{ts!v)F_NZL}8V%T5^*;dk49>!D|Plz*jUb693CUrP+H2HW0C!j98 zXp)a6b@fLv9)JAt#DkAThk6GO9&9I0oET8B&hHv09tiTr;sX_>A84Q#`YT;97P2JY z+R6%43G&RE17X&C`<-`^_T!-+@JvokQs-Pb2!#4mzkAxUlly$|5Ix3e9NmKqVQBFW ze`?(F^f57@3k~kqE<_u&3gYnSi-VmFyw`$PU~f3rBZrT)nc%5=TX=B#^y%aY{%P-i z7bol*9-!ZMVoYzp{dV^Km9Kmy`Cg8v0AjI}QjCX@vUUeJi@oyUuY{Y$(WNNYHezF&Pxl%6kLTJ%8K*x#zYzW1TKm!(InoQd zMwXez#@l2Zr>6GAHGQB{c7`G_j`B}*(5;V{CBHtsAU(>d9o<4%ocWprFd?n>YgLAe6kF9yU zsa>e5V}jyV5d3JWet^ly%^Nq{)oWMV-jHqjwy>YtPG+ZYI$jSydFkTicHe#Xr9IVR zv+Vv|D_V_y{_~%=^XJc}QU2y{{${&)@nU=7g%{eZufE#;@DKm6J@(jRDd?A8dMODL z1TYE%AAR)EBoZzFJ!ZHzVAlo&IPvG6doFQtNWc5LzngR*l5jEDb+s!e0hi>wkGr58 zmG*<-B@}b-CiKSzjLo^RnXquC_=k_^KX>k2PFU~@n8-Z!)KfXhFrI4n#v5;>bA+FO zzwm`GqyXUn6pewu`R1D`2SJdMl7;pRP#u9rKAQB6ulVg6PWTuC+2Rj_wXbKhQ>Wf;ue|a~+715D zJrfLu#`xGwXXxESXk=kU3u9aDfnp2fil6ie-vqUV zh3+|vqhZ5GkH*S2ShN@js55pEmm|&%R4dwdN4v6of90#k)z2-gx2r5hZ7=)|d$ zry{4dH{N`s9XfcZ9X@h6bpz0YsmZCdlj&&>;{`pjs0@*I_@Yk4)|ixL_3S76j)KuR zUxdT8wUK{vFkJRqN4fbW0*`{}Fx_>cd%J@d>n z>8t3O81S>7{j9whHvV7!m;YssgU<6s{KfI(#}hXw9W321U6torKB)Y@-W!cP38FIQ^6`(M#FjHyHh4D7t0@Yr&*CB3z4qE`Sy!HGicXmXHuUO?9{l1Lzeq(l+eDju zIMJc5U||yW)1Uq{%jKIz(iin=vYSla{1cr1xBu;bOGiMz9)J9aoH%g8c!-|@Ek4m<`T8T9{;HK6@LxUh zF*fxa(W_j)=~P2L@EW^(JeAO^5B2G`JmnHx_=5KWgF5Q74`ZYwWc#U4eJXWJow6-Z zc30Ox`A*o-y$Avfmwj_~wY_utOnc+4Q|)Zn>cnI?+ok1@$vbT*oUx!Z8_`(a)Sl^( z zu~LiZALQo5;nwVOOazAFxDWw-sf|xYL5Ni_z7aw7W)LtR`PvOdv_+@uD_5_ynb4i3 zSm~9oE1jWpbqz`nl?hmM^RNEuuiC%;xBoU{gkUAnPjTfh{^Bp%Km5Z#v~PUl8)%af+|N9mpc0JI3>s#My|KeZ# zizI^cG=t;ht!xAY1LtG}UXDQ-0w5J65Upd#fB3^6w%1>OJ=>V2m_1_{1{22jzW2R! z&YZ7ugj)%j*{jRZb1s}2$Acz=DJF6*2FwX@a&W2N4fy4xS6%JUirHYNoJ0i-$8u2m zLOU7-sV{x$OG&%n^~EoKF=uKNz!)i<2QceH?m*#jgzeCi|gVSAQpHSdz@q$r=!m|UVo##{m$EMer`V7n+fj=oEO6B z(Jzw{^u8SZ&4$cp!;oA9_nhbio(sy*{~&a;R-T?DW~k)zV(1VWUwuX0>urw-LG*_X z^jR6-4EeqO#_OTqKT7!;8{Iz`D+)5umprRPycfXqg^y%Q#>Rj@Xi^`~tc>(+EP@}q zP^Ts|#as2XQ;#judG+Z4d7;I4*d8Y#kr|njGg?f5;8#X&Cb!z5%b4htW9cy<8+ny} z)xp$)E4H>-S{-WFZp>x?8y%ZyPe1c)1h4}Ue9wlC?2URcnF~j~XYalY!ZQ)PUU=!1 z2+9}QrOQ{^#YiKgyiI*d*#*F+v#`C1nG|+e)9vc@ z+4f@8ldfF3mcegj#p-da#o{?u(4!%%y`dj=y7q_cuZCXPF?pgr^zb90^F!^eQ*XD^ zXD{Ru_RU!NUcYgx?cH}M`WtDlzj?C#d z(pLGYD}ndT@FCxialI6A2;T9afuBAd_9#yMN1FLF;$E{q6L{RiysGGnJ8loBX62IDW@7z3rST2z-zBucIh{FD|C$%LX+ z@Ws2o`J2DV;LTa8kG7Jj0E{*?o0wD?r|;aPNuL6RYxVG1UH#!P8tIDhFcAFKm-^~S z#-pvtgJhiQ7`HyG8u0~A+s5*&JoQa)4uoU-LQDeiflk43DEh>k)W^tU80RmXZ|6hd z?FL*9UG#9m%-IqbDc7klSjbw&v{Qnq6hL8EMR6d#6+B@P@ooP4-918lz#;0;+x)^j>P2ZYZY?IUbbCPf>g63NhL{FVQ9|8Dc(0aYC z2JKgG%(ORx26U-&F8aB6`Fa}-ybCeYkoVeKZ@0J4oNs5&Uu>_vaWW?rd-v^4+oR+B zM+MwI(5JEkwlC3bF@(<5VvcWugRQ_x7sUd$APAdG^J8=u)NL6y$0o!CcE`5VrRVU& zMgPSdwqnAroZXwKyYKpZGitMp4&UCKX$wXbtd$AY7-uCdU%)VPQO=>j%~7ID zP$ek1F_+^sxC%%F(pQ3y!kJ)tG2XZ-7lq?oDMKlr6+{I&AYVH{2<^)78vT-dIE+Cm z$4&{zsuUFe)KiWRW>)w|G1cMFId?ef{s&p013&TDxjZvANA(4IG!%XCRnpw0-FAf->lTO@%{+j(wU&`l~~2jg|m~inTfXaN?_Ion618U zbsYiwfd?K8-rXPcujIXByai-teA?ho$rzs`dCH6#2&l%0zw}vKdQYBgM4(kprus0> zl7)olCR%`u@tF;gap?*jP{!HN54$IJ1=uC~AcLY8IM%uLpss(Nz|d{ux<6|5=C;Pg zSf!pne=hyqp6NZQ_nsoQ?RY)(>-?pQ?aaBenXb>=j9?cN=PQ@ml^fS17+-A{uU?5D zHr|dNKh_Q(JJPO1-u%)+{%-ZbhaPO#ZeEYz7L&Ql7u)DWEKufW+v#&>BCvJ)% zE@)aE3R{Y_4020TWvvYy>Y&#XUbM5A>Hab4pjvNcW zJ2f3E+Sv@CZ$v;fQ5YVZY{!m2(DofT660EKCr^c+J%71fzZnzfx$p~NGwhD;vAxo5 zKC1MjY{oUemNp)VJ7sbRm%A1V_%m(kIh*DC1yczw!B{;<_1F)9lkX9@wPQbS zal*%r1z7oKBY1n5%zgE%F$qc=zi~6{;n@hb52o)h>6U`IA>aM!XYRlMf#~x@1lwcn zNCaHA&+ifh`=Kl7tKZVfLyPeiWT5RoiPb%wxg4{W>2@Rte*XFA!l=(jCr5Job7t1| z=PT_>5H9#0I4}q#OI9Y`iw}<9cRU9wS#8F|*Kz=a;|(17PAJ?JpLdRT+}4_yuKdN_jWRQOVXb8K>=9X)Yh~CtLkHXa4?f&ZJb0j;c;KN}+3szZuf;;;;-$7SG!pp_w?`kpuRZk0<89x; zBT;siq7J>ph~CNDEno{Y>Pjk^XiBd zCX#T{uWBb7me~^#1KM(`lAIfnff*gak zg5?Y{s6?O^oOJ>yB}P`lFavfpDD^O6qsSl4C4*T z-~UJs!Q?(@b2p(JP$^hH&$aPTAP%e&gRK?0F&mR>N~euF@+cS{;SZ(4EA=G& zQ%4Xt@xWV-le5O3;v-rp8JXEehUcqa{b~kLd=iue&)@l--^m9N@ET3%;LKfr`O9C< zzzZ)$$5UH5g0KFK-FWGPz64YE{sat(!s|odln^*dc%uzEi3T1|{0Z77Oa~4eOv5oD z_~IA8l;u`+f}Dq>+#7Lk8GdD+%0xe0cw}OCGiLF(A}KQ_<=m$r&1pRO}Nmwxg6gUPdu6YBPV@Tu)-hx=2lh6$T&+U$QGZB z8;{jhMkmOc-b;9jPP{2+0Y5owFO^-<4@dpTFaH0*AN)byCnq=g`a>suF`*KawW+|W z&q@Hjzph~I5p3xqSMb9VwtAbM`^MKIpgk0;$B8x@bymWw@|S+-$}wvv*~Q7lO)O}RMeu#((TCd?zVwCm zm9Ks&pMH<{7{R=w%LB6BG9`IcB0s$-@W!0UDwo`l9pcUxSO_TeZSP(ya6d5&e{*&w zCXd&0D_Gv)BN6=f?vJs|<`%a5%O1Kqa^!fFPv%2i?kO8&K5csk-RS4jE%wGoNOW9Y zExh<7x{o$MAL((@ALYu}7aZ(~o$-Nm)v;`g{^Gm(CiU>>%TZk`;IDn{Ywb_}^iR_V z3GjTchoi{ON|uihx6me;n5RGk_!2%zUxKQ>;dd?{{b^r;2mR<^=Y6;>(5jFFkC~Ui z<~M@wQSFZ<^urPH4@N+P&=Z+%24ez8z~J|V5ch^-uz!DFtY~#E!G}@WaqNuV;4zJ( zX7uU^mYleH9FCwv5S$HXZ&raO*XnYta1jbd3iwtK`an}TG(y-(Ksy?YsS>C>JTL)3 zw-tyn8kb-}SXO^%6u69;Fe!ufl!ntaCha&$0Y>5|jn_Dhoec1WlITyMvLYfQ0T?YD zzxw*1r0_8Sj@q?4`W74=Ic9j&fd>r|3a7y@~ zf3%{pf+0Ng&&(Pvb^#<45Qc|G>f=YrQvdLnb(0O?K#UPi{n1hV;|rcyF|!Liv-%`E zyiL0cnqBApqDa~l|L_2P_+$L|hjuiTUKkhMu`)LvIN{d5Xe;^vUKUi|uLBr0$H-L< z$FRrZ&)z)~?V%IL+e5MXeBi!A?f9YL7Flg90-N%wv5|K4(19pB)(*r zx5KwwI@iXc-J=iO*FN>w!|lGq2ip9tSV5k9r`^1IsZETmwkIA5e-ioA<0CmPFX6Dl zFWu7Fj^w$oR zdTflps+DCwHo&V58*y6&ZnnhcBzW~Nc9o53t50~@Dqq2dYn;l|(GG57D9ERd!;IQD zzxl29t#5s^V-i)1qYgMP52BbM9}Gqqq za6|^m(Fp*El*b`*8k`ZF22erRks$p35@R?AjN~XWzZ{JfjeHKyOofwC|F?eYw{qYc zm7%UT=6_h|J0rLWgyRLZBE$pEQ~=`ufB*M?Kj}p~z7R5+1ya1G6x!Nu5hy8yw#JR$ zwW`rKg_4J-@CiPyZKqHMIMvl2p9=KjX;gWX9pCI2kb$4oP+GDSWYFT8G7B)2o05^I z@sg!6`|T_FRiDPKZ7Cpn%CQ>@g;x*Xl+io#wvt7E?O4Dq8G~~5;Xo^1sH45{Tlu4# zzGzPu^+7kJ(hYPQlRiy=st&ryrt}mpdMD7rsl7VtJ4$$oHc30dnEvV?E_LObB;X(U z*k;!^Ug0Ynz-zxN*N5@qnZEG}kLeD3A@`abpbL%qaDSJssIMN!p+6G6~s!0_` zqMdv^F&5xl+AR3~>OzdyFk{Fo%dO4N#!56+pL=3edLkAP2lh`!aCJ+emv(N1%wd2V!CLl~_67A2j&- z(Am@PByGd1%Ta%S`}}90ZF}i?1mwve;Gz4&hfT-oaiAlmADe-Eb=VhQ?V5hlIkw>1 zLPId*L+GAs`P$HTiGH$g_ED=;_1OS_<;bt_uY7{Ke3^VZoci>TlnEw!_*lQ?Wn1jj zlf`U;U0L~}2VSye6MUh7t6%k$Y0D&mx>a&g?1~@r*1Vq5G z8Jlb4;4~=*exL5#C*gxU?cq@mFW|>3 zWi`9RCpgqA9P%adlt;PIMG4VBp5y=zdCN0qV=`{-94R_lfc_+PobLHBRJDoQ!eQ_}4>ZwH69EmMnG)QpjhmO+?*T$l|n& z$yXQd5?DEA`PI%5tx^dAW0X1XLn%fbKMa&W%lVbFDo5qon2KL$?(;w$^c8;#;2>yt zI9SKR4NCCES8Z!NRTqAFc%WQcwCJxCDNsi{ zbSXn~)hj%X1@a|Oe68!E7f^2b_y;$T`Q~c(rZv-lnQsI`b zZRM2{la#}Q7Ij<~@9{@lPQYs0wlZV2ZEU5lJvz`@^vSDh;2aM40o(v?w8%Fm{nk-i zJXEfpymb6QH+*nN@VZv6-@;XW7q6sWRWQa5LMKAqq!2>{*iMI(3PAM|3I5TO$xE?f zBs+X_6BTdO^*X~nv65Zz5L2uYy#yh@3>7RK63L@+@igm489DJOY+ms86B2mI0e#BJ zi=PF4hT=H_eF66x%>YIsZ(=+q-Sg`{hAA=a#UMx?yb%`j34J?~CJ&2?%lQ_l(wouI z$cqVpk7-QUHV&GtZmnq1tzKUz;H^ZL@TK&%^t-N=(@En&i?KPvr>-)1>bmq<`_fNs z%0~e01y3^Q#=QQq0t+730(jwqmrvlk)T^-+ztyWgl+`4^aMxIiPW7c4H#ufm{0SKo z_(;1ob2AxOgsV)kqGl=r5{eKxUM}q#QItXlDy9H62vA;a5L}Ffy9S^gGT;G)6JVGm z4>RD_R#K-Jt`6K4WR>?B*oUI0jvod#I=^yeCA3PQ#*c2}0BMv#ziWJPF2TXz;H@AH zlE(qYr>%C%IrzTt)z_YK)eKO-^0h-t;f2dM;F9Dim+xFX=kV&IXjE3TNQJ*r(F&AF zKwJIbg?7%XTs!nRFP_39p{e+)UCFijhEE-Umqlw$hU66#&KgTW(NIUATwVPDbUCj) zNnPX6XCFt=E$QEi*X&%rAZw?n_@Ryb(gSTAYs|){Z+L;a+7-C2vB-B_=Vc$tix1A> zgWI`sZQ!pyE6K0(UsWjH0fEd@rudK_4v1jtsnq&~h6jT@01B)O<=f89k6T2Zm91|j z!|CT_oTuMvhGw)Sbwal6s(YVs_qH!Dt`7#MKIzvBRXok=Cq!fdm%!WCfpv=GJn)bq zUmml7tZy5c%<@Y@8R5IS4%+&@tQWl)8@ztrY3wCy{bl_)R~AUKrS?@v>O<*W_CL@Y zfM)0Py689V8c(&WdRDc@Lw~I{3zXrJGJcCbS0DIR6Yy%|Ts`^fnrNb}{Gk5itH)OW z*XWXG!9!MjsCH$S+Li6=x2~0?-o*KuKaM}axh~Mo&dp?jU`t`VFIHz7L8j9>=1bRu z7)*eIGEpo7B`8b)>euQPfd*U-9v(@)>%Ie!kI-Vec0hkcd@;KmseHH#ue#c9gv#5j zY`c)`8-PCR8gBG~KL6xN&gGSo$TP+gSb=(=l(F!uubm{na61+b=adOws()pm@aj`L zyy`1_Uw+D}Z}?op-l+=Zj`0e+wiE`3#dZP4HvttM3^f1tfK z=mk|Dz^@GN3t#mGk23A?L%F29ctW3RZ0hyFb>XPV4S)mvQqjxc%QgzC?|#2!*k$<6 z0o;;2cx!xBZtQUB0}fEQ>se|T=SNY2`>?GQ%!NSxa#^whFost+G=2N~1@XP@u%p!=jel$3iy3hCZKmHJUxF|4 zYKyz#6Fi{CQuv)0zm3JQd`xn@8rr%LWP#r@QjQdGC`B;|6ygF(l?-zc&1*nXC&YCq z9951WM+0^wU&pGAd{D9lRZn@z z0Td1nz_u~jsAFu}!cl!y--TZtb%A5Q@8VCL7w`3DoQ2=9k6$XBpvEdyAN}%QC$K{8 zzI4;sM(VsEm!%>9(19!qUUfk+K1G-Pb&!4dlRyX63Asn=j^WUw9G&uP^LqG6idjS67p^kNwMA~04aF)f)Cqka zs{JR&qiJAx2-ZdM_=h~`G(R%d|*TBsRLZACvT&DtD`NQ zPaY0vAVc}`1X}h`?VYQqZPB5xQ5R;sJ^7aSCBQ<2#rQ66alpoA{)m- zE~PS5+xTw_BrcLbLNDc%3V-3)2*m*XcI~@WjyxbQ`yABk*TIyUZ77GMpz3`TP<)X< z@vz2=j-o|g@ur|ZKA^6=&2Us%<(16jY42$4MMKrAW0e8*OEI-8{MyN@RQYtGkF)3~ z8k8A_vVyA9$Ej|=J&;#Hsh?kcS9`~e_=_$$HtL6?I*tH+>I3=xzLaTGvZ(7imq4|t zaX3n#+SGW;;H!W6>bRDV-lDnaDg6CB?fT_+s$Z$-b*`-==+_7R{NmNGJ0vgYn!p%= z(nCWX1h106biMO~`6)#sd#Gghln(gZQ#xL4t6in?k@9PGt8Tw9=Y^}<_s`4TL2ezd29tfYe`&d!eNzBW%-Mo)W7!X; zy(I(Uz>>ms?i-zP7R-+h0;$hM`SGvqV>jrtgQ#CjD&{zs4-#j9eD#XJDzANXvx;&| z#Q@;C2IL%$s%LdnPO=ZxwvHbLivGe?V?=ZHtxnYgH9PAIquTUotug?A%4UFv@U;QT z@zmJV0ptpA;Z|22`6f=qx5_Ww zD4f*?o=CM-t)4oiWBoA#__b56zWl;j0Jl_afVu^h54XO_qHt87^7W-IKGl|X(OWbq zhg-W!`c?-XZL5x1I6T!?=~$K5SV3R+3ul3LKv}f~)fQC!>g(45`aH@}$Dfo<{8Kg` z{;hixP-lw(53OuHge0FX2$~*J(uUuH3ud^w?P&TH@(MZNx#wW$0{OyW(V%Y81Amd0 zvK+_@)Hd*Kkd-6F|E2WFo!_wK8Z!rq+kAW@14yJK4w3ZMj#A*{`{Pen25Jz4`@i5e ze%(P&)Uo9ZjJ51keMdHe4rTPW^tF$#`cbY8DBV@IvA#O$O88nh`=Aax&|d$bUq>1I z5>QVY2|l1s*)S+Nizcu}WBgeaV8=$sLm=HJh!m)xvZv*|{ld&`Bd811ladk9b|iv! zbuPa;b}Za|kXM7Kehc7K-e;EUKJ@dYy4H3hKCton!$8rpkp`*Xchv*NDZdh^Hg#Rl zzb<|QxC^H`)xMx`Z-x_8{i;`apnoluysEs8rEpcR`U6!4>pGk=R3m~8)P8B< zm^=>|mEWS51?x12Z2ilXV*JaMtQ8o2>1?MPT1Q3pSwlrjSD3JITqx~JJXhL5tM>U| ztNMa`y7p0RqDpkrHxSd$~OBTA5^=#E}TI7KE0duQRB@(yBvYmkENHE)_;=mF4zRgogjvl zf42%Xh+X*Afii@x0;Tr9Be1 zMvYoQyDi);wGbro@8J6VpbNBHw!S1`>y)DeZ?+1*?!LVi0JlALYzuiaP-UwOQ)|U9 zy|)3P{&pSnE_}4GRrwd}v_sy7UD!$B3G=6}-DSc?jm~Qo;w0~N_Tas=Uz6=w)7GKu zHy!(X(r_DW%T~8jcl+>3_A{F;7H(V7u1268jzGI|hd{e6SmV>Z!+>4*@bFP6^mdKx zlL+_P1Y|or|8=1qR*Bo(tcQ)5Zo7^Kcj`%g;*OKe@ZJs3N2RU8cIs{ywrkVd)vjHTp>UGDHo4pD*d5j(@{{gJRkm3jc^&SMYgQN_ zd@sm)@4|LRP?P03+T?vdNP4!)^ZeV@-3mn?#HO{`Ngdcp*v#j77|wVy(4Iekw%vE% z{q5YjGlSyWVLJoDqwYa~LB5UeSRM0-FU|?`}4p-5aC3unW7e3%jrjI|#X=y?ps%J96Y$yL9QoAp3R@ zk+(X_FgqUh*!VW)JzK@S3m+eBch_ONTb{c*usQ7HZV#UC5%-zFK z>-5xF9((HQ+Upc=EAKOp5S6;0@w`9OR`gc3q(3O!D?0E& zU^7~3MVo=vJC65EO}Cj@Uw+sGqN2)MgOuEDiuiu8Q;uX8?jDfQcI32meOZSO(&kqg zJ}SGoSNOi&@$MMiK?l^`uU&7aDX*feavi(0zExYtKGc@7!YC?fWelYI^O!wJNa(+=RMnH@GgAxu$dCQ7wpRO?!ZpZ*f+bc z^l`y<#=7G^BXIXMzTeYry;h~ZecZ`ZM1<%PUK5bYv`F!MGXZ&Gju0sOoK<0Ss)r4Bmy07Cy;aI`gf4Hs&{*6}=mbb8xyv81hQoEp7+H zyMy@j89eJA7TXALc-N=)??ppL>ssBoO#Ewd8SrWVHMSsNjdy*> z%P1&*x(+JyT3xA|sSV2W@8;0Qy$KuM6Yf;KFV6z~_~tSFsQl`CW4%r;oBxDmqptM9 zb-#_epy~s4q~wpR4Q&d@%16Tcd?Y(KtDkzWY+lo&tkpsFQ}5Ni6V!MH#N1}bechDx zUU>R|_IxKV+7p+V`#Qh+IQ0o`&)XcTPC@aZkJor=Ot;g2dp~y{;E!?VBT<9CN+Qws zdjDiL09i#(S3H1To_2ZZ7%BB(09n=>&!CUY%hL_z?*-d^%4&!BXb5=K`Lyo5W?qdZk7u;!Qg2Mkb; z0s5>{F)S4_$J!e_=2EJ`z}J{P5J3HQ%GX9T^&taaADNn*$~O8{o{WxvD}$G-yY55L zRAt@oc{`!h%f01E^6EEO^(78fC3=wTry~gaYu(*&s&98|J01xv^Hog-X`RXq%4!(ra zT}9ol zEnW5nlgUZnpN+hz>_g$cc13USp8WI)-}rd<4dH_N@Ob_9B^ zarbSj8`I`nb$18QO{+rx2R^Zzh;|=NVHfE1={)1b>#j~WZuG00Z3aGWbvdxnu^eOf zm=*hV9T{um&ucyB7z3a7eKuzKR$)7Jw*o;3S_fC}2Yds5ksnBV33-y6kH^zfx@Amw zSMuy8rk%cPqmCmTsJzb3)^(+?J78z^W9v|K-4?U98bTV0&!B&7jK_AeEaluov0Yxt;I@AL-rmA0M<@`ZZ zS<6=sk8`|nEgy8WcTiIF#}BS9nXB>DtQ@$=}(rlEqeQqxZ>E!An=7u$$%4z z!YubCm^$C+bkWdO!Q^U2FK9^{{a?hp8z{r7OGgO~H6lRo99%%p~sgwLnW zN=7v%BSAmsnmRx~0#WfzeTi+A4B*-b@+9;*YTvKh=V71by9+s*__rK3S(BHJhpa}R zC8xECZj8%ESxV-e&fTsD$RmD^a6%=D^l z0h~D?G!CwdX2*hlUeXaX>8q5yUw5leZQ$w)y&(I_K352oB6@Ku2>+)75L=oJ82n=RTrIO?}Doq>MjKDtA5EfSF3PF8??zot51TdzZC6U zulLjOFaB>EGEnMk0C2)zdgz+d$ET!g(1|wm))<^ij5`fF>g0+y&~~fyf$qgoDx*!_ zC*8Lb-oM^h2FSof$hh$=PGVAmkL%+o{-~!f0GF}hYwCF%*+n{^0jR6({QO+z>#Jxr zHmRV-lsXaRiy$}_^!uxSI0epH_2T~;z~>r{z$s8W*UmK{m*PoRx5Jyh z!F7P^N&rp$)XxJYpK4S5O`93u0DYW02c7;`KhEc3Vv9bLN;H)o1w~O$i*77&B`eOm zcB!uc=1GzXQ}I!IawdlwKhUr94*w?R3Ed+6e3cDGh9cvUgs@J z#T&dU{(-_*{B*3cj|)0!4?vKco1IM~?1E-Ds4~KwT?e>Y8+eqbvBptK2Omx&Ds)Mk zfl?{A4OWB4EKbq3nk2|CS(Od?D@Fl-J6bx1rNfC-P&gec0ft&mPB|dxnn}rbE!mpr z&#<-%g}a2!h`i&{%)eWOcH1QBkmKmuQC(xu9&e|nCiBQ?TOFZ0@rUz*r`kx`j9RHg z-Bh~3Ly3(+dwAs+sGogtgi($jeUY)1%iP>-;=%{VY#%FGeNBu{WPYH?YpYlRKu}5A z!*M7_uXB0Zh5l;P)*~ErgW-i1rTmSj=n^EPS&A>U@Xc%>ETMZmw{40ks5_t>ZP|zW;6ll+Jpp9Vy zb>x>Y;8G@E9^feZupNPvfZ;6O0Oy6DgUOj~@Jaq?7-l)gF2HpC)l4~83z^gLKzYaS zu6-XkTy;2l4&FqjIL+ByI|f;IPl7m;i0iF*W}mW98I<}tGpaK zo)w+Rg8gcNyP+oE&UpV2$^P(;L56A1iD_Nt-80D)2hskBP)!OMq1tjhD z+)dKfd7WFx0h~Rke%0mRlkP~)(Pf3prqy$s!u?uytqmG#y!z00@j`ukR~NnHn-jUv z)5VZajwb+3*(TbvOE}zjCQbP71UbF|Z}nYAxN@9vUim;>Gy`?s3-^bE=x5oE4ZaQT z6Aol#H%H%7lY3&KGL!Z*IWZY+LQk}eKO|gq%c~KfA0K6wO#3`2-Ck=u$nQg+A0G#V zrXy@{_1<7?##`gy+uiGT-SIT^IZ`bm=u~G<9be=X^v7Mg0grP&pU$QK*`!{<$HBXz zGe=_336Yu3CkQMe(_jZ%Psy~XRt(UtRt{J|x^*+h(A~>Lb4RySw05h>&KbC_l`vlBY6dRyjk0Pd$anV^ zIbJivZgrSkhCkZXsu=&epe#6dj$S_J3rBZvHdeVYLCbCb9O3pMx=R|nJ~|v|h^$WM z;@r6KE9on~#(8d!#j-0( zGI47g#|-Gb@d(=8B(Td%h0a)pczeAZ^YTBq~!0UT>G8sI=fr5Zzrqw^V+ zU$`8LmP!Tk%W)U}odSH3toqSOhMYM*gHHE5y^GpOTk<@Tpj=~(5#>L_Fjn-}xFwJ} zf^T#pD)#x(AO9x}&|dbKvW>jrOX_Q+wK0-^_!8h+e);aivw#!m5oeyySa;Rr?@BcsxQN&4g@h>TMy=Jpwl z!8Nln({W9S(WWnXgr+{j>1N;S!FD?WfrB#WU!O%o;nt7-9bIDy=Xh)8R<78L@4$im zgSsA|;?S%FI=mMyTxfgtOt(Xa4zA7m;09)c9CX*`aykU^nu-;mF;ZIfv(td0P5<)o z4{fzI$yx5-w{LA6%5H^x(Xlu3ldj;6y0f!$*(XPH;J|_CZ$8E})28?ANj}%ZJlg?c z)-OHc-~?@sKDW&S=S0v2N`B;&t1Dv+5G?47z?!lTI_U};(O!euCiW?2`|`6 z$q|PfB{Hb7tA`gLWfSEEmH%-;P?);06-a#x8?K!f_Q6gL>^~6v41XB5Jrmb-1y9)x zUWyr|tHp18!3zoWdB#V9Dpyy+D{bX{Tzo5??gH&R<=qnlo67;b^2#fz(44`84?Wm! z-Mp1f|I(#P?dfNpX-5tpZZ{(6zJ2Oc8bSuK2%g7}9dAdE9Od=an9JcLlPJqzupA&Q z!}zz~emf1{J0Tx`;_zKh z^TQ86)Q%oKmiK2nr!*9GF1J%BPqi~=PN(wSci(;OvBw^d`g_*KX55_9wQJYf>C>mP z?a`x0+P-jf#<_RzbUS?La0KZ?S*G5(bLV0bb-mqp{JwVo{r9JgPo6y4&YeG>+p^Du zY>!7@R>iNs{(8FZr(8-h`Gvc9k?dsKb_Uzf@-@^|-+#ZTVZ;b6~jKxnY9)0A|bnJLv6CN}f7aq%h z_S2uv$sdCYF{RF^;~J11`M?Y0jvPsOl-vj62!6fR-hA`T zcJScAr1wb3fyoK1rLwk7CNqou&WuSCUJ#CHu%$YOo z;-!l*`I&B?{>-P7787MWeg669(*fcO9em=6CsOY4-;7DNqn|9j{@UwV*M#d2|L_mn z;UkBmY&?UDU}}Y|&#NJ;x5KVXyq|gYne4M0kMVZnKv(i1Xf}qT8Mu}TI=&9IQ{i9O zE1t4Zle#MF*T4Hf3x$-Woc!V&|M&9CFSlo({d9XI^v>-jdUGLc=gO6+MA8 zn>g~$+o_*VKKWGEtJ^%rp1g`wHXxNs$YA z`?Ej)vozk<-*}^)499aml!$`A6OR1nKl@pG?)m51p-_4bo`P{^R=*7H#?2eyiqtkyWt5(wCiFp80IYL6b*obwAWywH9Y zeB-1!XA1XnOkxCjoQigWE~6*|ITiGn zdu0T1dxHj2%BlPfvpjV*3KlBif@${{? z-VFIJ#>{ws?znWT`_2%_n*+oXvNoXzb`4S|V|WB+bW1f^F?Q|g4X3V-1kZPar{smt zM}v0-X5d$^UP<15{|7%vUEUMHOK=d#@XD-xE_VUeXXW?~D&XTETHtq1e+4w#%%xX$ zBj7XnQCC}KfR0x}@8A9X-?bnA_$R4f4@D3#CacqzLawid-3o@rVd8b_?Ng~^2V=}+ ztgqY=2!6TWY~peM0}mt)G@;#5IU#$1QUIqD4?Xx`(z9;E-R&D=C!apO${gX*XUUHo z@PMxV;upWja`IrW&ed@&Tsr~o&zg*Q;LxPy$3OmY`-{K$i=c5hX))n42|(kkufEnE zee}`PQ#7GJ?I?Gxx?f1}Whu+hZaV<-)Ghx(-lYSe${hRSl=tz%)`M)psaQERKs%|++0i&)3FH9#e4vLTk4?*w2a0rKEWv-6kP|8dgeZ}4i5Iiux zG8+90Rwfd7`Q(#NX3%`$g%>kuQUZ<$Z>*jeE+;1ltN&K;kn!T-xpQZO=hN-L!2@k7 zcn`X*)y4Kk%n+Y@?zxy{KN90yPJBQ4$xo7>$BrM%$qQwEE$aQ?hd&Ib@M=0vy9a2^ zTLTd+&YeFOtH^6Pfk7ME(W5TMj3@fuZ`&tUHC8Vs1jbAT%3q8iX#3b$CMIrwFyZ~c zWPogo_Z`s+p(#gfvpGH)Y}-FMVn_hOjdsK)9_89w-#jL z27CD7kABpyh8{fo%(Hph1drHf>VNoc{GsP;NTPen@fttyiC*9#|0iFY@=NN_ImeHh ze*iB*(7v|?S_bs5{?)&Z%zv4LF=R@F=&yeDtGObzM7QsQcQ*FeE_@(>Nar z;y#7|`{Qu*0)_3kmtT1~9gurh$}vtLcM_{AWJ%nfC0n&t`c!t5WRk3ZgGO zbfSU7=bRkTp>JEq9PMkbzt;ZX5B?yxVoe;(h&jRsVm9Z#4(E>V4DQkReen(_WC;a&1k7Xb=TR(N`?c~2n%aJ38bH<8~?mHif zeg(s=f}IW~oGYdHXO&II-V7aiG$s*GJo!WhE~{($=$@@{S&@+;nmITtU=AN&7^GVk z&pr2i8YW{SYdbMNj7f)EB>2Ig8LDK}B*=0A|M-vpI9Rc~nhq6DpMLu39B+TNee%@F z+&aZS+w1s?MV)*lP?`GxkR7UD<04}I{9Ge9etsr#&4y| zR;|h}MW4^V@OF3pKRUQA(7HkYumAP`Gcx`KkC%pR=4>T(?AY;K zL0~{_AtBrhgmbgq0hJ{-nl2FqES z(NehA-+UvL>$9KzOa`f3eFQCMgO++S_d=|`e*UwcueGJ@j5X_qL0btjPDYKV+GezdU=w5^k>{~npGLQ;Q3fMwVQ*L_&2`sjjUIzCG;L~ zZ#$Iu_1E7BsoUVI^SkFn7e z6RH#Uod{#?#_CoG1C|6tx#8Sjxnz=0?zL2SQ*of%)$DzMB&r_5{~YV}i*!pvf3bD)sZ3Pk%c2 za3-A*e)>%_Te1!L+%KO?de{I*=D|Ue2;=l{(!)Uy9pJ3sLMuKxYG)@Un3&_HXQ9zq z56$Q&gI8XDC3OQ2o)727p?xia3OQdme<69!&ICsF1aFQ|5Tf(+P+|uhB_1i~NKJx` zS^xMe7_m?CCqs0)W*_8WETtcJ!(qa;IYd5%9_sA60xffYz>Z!7T9Xezc5Y*k+pA$G zw&tID>Z#z@qsha+|Ms_&KgMSQrC#3u4`hNx1qs{I>e0pWWqgxcKko-0ZScLFXSZE# zh7i2;1|YhTN4 zkk?~SwnhxtLm!+12TtkSk1{~_=_Jfkhw_-wc<@FbhtJj($4A*XH34ZRW{nITqYuSw z+?F2!d3yBf)oUrVbLY;dB2s?aHnycO5+2S0lg)x^T*?^r=Rg1X3@{X!@B}1%=C~tq z_7Y$u<@k+_@G2N^0FrCv1^OdQftDc6R-J2ar3U2Zc4x0${(L4@?y}T{7tK*SmDR%m z#%7|Cd6`;{(>+4UG%+c_O(*ZH{NTq6v%J?{eJvj#^7OF&tpf3mve!6(?Lzm#O`s^R zdyLnvUklmX%yFX$jkY@T3Gn!r_euhfaq2stB#gk=AKzAh-lGi<%LtNBakP4-W1Ul5 zNQ3qyt%--4R_k_71Xp!Dv?CDUKm8+fIxV=;8#Gt2Q7#b3m*}A&LC?^k4-*s4kqq#m zKwl=0^hmHUS@cw~mA=WJdr|Vx=)phtFHhWmB6MUV`!W^|mu_8&KFO2AVJq7F|J%Fo zXUVSXKJ-oGG{7KZK;#^mz$j9ZOOmB3mo55LS>->*mMyAemH!RD^83xtc9nzlOe-)4 zfFwu|B$0C_at2iIBp^ZT*t9Bx&0i-4dDpSuIJte2Bj3$#x#FVzccYJJue}^z0FW$%E&yuM}Mp zg@A}=lM@p%y5fHx_uwB-0A1wkrAZSr1@5eD`5qeerx!H!#H#d11|~ET5*u`%eBh%G zZR6L60#o~R{=QOwWNJL}K?6H6`881@)826?x_vy4-I#dV9=_)4YkHzU_a;d0nPi*r z*txrUo^0ugA1acFaqvt2&XuXX0kj=0Kt@H-RzcYg8P091UyQ8c1-o-fw`6FgZz9bO z$Okrd^Uy;Nx2#OA$dJ!Tu6&Y>u|Ja!6FTuu{N^vQd$MC|Y{VoE9b)n{$$l8n7K<4` zsRYA72t+cp6=w?!W1p&-2xe_zaTwb~XYW0`1FgP9jZp^aIiw;m^y}PZjG`$4cw>}7 znf)6>Uk3Zu+rBL0#GZk;XZ1!o=)3;<>sk?JE*!d(O9@o))J&6-Je zz^Z$M>?p9>w*8Yo`IGL?u_YojDV$jW0+jPD+G=dFp*T+GzN2dZKhQ?Ke)?0kiHF1_ zQEDfc_+kk`RnpWma`9|)INE4$Y%klOS0dy1ael^2uKm%F!mHo-vV<{?zLEf4b$}~F z6c}yIaBM4}8*9b%na_M?YgYJh1wp$FpRP&O)ipCWR=)sJIurnnaqBI&%x?SCZM}-L zZSOGwo58c)5ii253MLcn5XDcg2+6gIRm{yd-#q*M-~YYYKlvyBq-nk6(o5PV%xc*W z-hS|dAGE_>dda1|J3tO-@@BGYwn88DMmB7WZ6skkV~c|lfOE-K{ID1>dBc;qCeEPSbKd@>M9G3pixg+>IkS1TbxM|r z6ZByW*YwUW;W?H8U-{Uda%wHyXpVj_uF2OKr=Kyqt5&3vqy^T9ts|F^A6c?5b^#X~ zP)~krP(2%AM{FuZoTMicY<5J>N78O~gHE&|AV<#V<0hE0CvG)l>Far&*}Pyuh`#B^Gd7OzB^xts?FrQuA7PIbg%`3O?iv5sin*-m(-s{Z zldx^GQ3ip#?%-3a5Xr1(@$&#c0i0Z&*}3-cX{TP{I1-Rql4mJq-rC#ZL9e7qVH9jt zOg?Z#Zh(;}2{zhm$I$lHq=cghgvNQM0vukf*3E`Jqj63a-r|1v;Ya#8ESX$<@xJ2o zj2fZmja_F|=lI-n&o&<|_Zr)b(9F-u^z&c%!t9^^(|bX!51BzYTJLfE_atac7O8;1=D&?nc5SCQDs`Kd}S?BT+TF5DrLWuWC%#ZiF6 zmm*=J%}ZEbwj)zcDY0c2OsKp0Iasy3>}!@m~?&r``>GwYMbCjR%m1!3FHdU z2Co92AiyppOu;mKIkGAD1xC-j+1@|<<3H{duzR+_jBmSEU=;x1m5lV4$UJkF2tA5H zQ?Xn=Gu~EBkfAdxAd^ookz7zSdd2helWJn7pKWO`l<`YR`g5QA-0X{A{Nn6Wx82qW zK6dWC0PXNbCU^bhuAWGf;l6$2&0-(T^Q<}Jo9x==hF9R^4-Y-`VA}z@`X#;M%f!#K z^&!jm+Rvg#en4L)Hz`&o3R@&IH1IJKK3mdc>l(m8Z(ypcbwYV^PyWfoZjhHVjVsWb z)SJkl)g*||o_gA;ZA)Uuz4wln&Lm6kUU*(fxgPD;$=Ru9bea0Ot(0)E8sm0zRK3v9J!FI7)gfYFNWsGKa*$T%j`*x;N!_v z{F3b8`>e zsaLE}d=Y|G1?Ig3WLsJy@bU-e<6sPuu@R0yfB*gW^%kVy*XE+k8bIkJR)Oql7wtia&We!9=(zz zddNV%KuMnZ!htXK>Ej3wr>1w4Ezn7)N`RBo{Y^LD)WOmF2)EvPOD7F0K6b`-1WT)1 z&ysxv#w3>9@G05RgPAvdX-f|h8z2X^uD#D1vPq9$6iLmb1iwW{2XHp;xo+$HhU>3mJZb z_CgMNB`-l0oo0mSW~hu7AMR!dS6|gDA`S{SoDwpblauW$ zGem}bT#7|&k@Q0vBw_m7uO^M&Oiso zd$s~B2k>l?EI#|$&$KSQIA;r)j^XbW&O|QD02=729i#g8*GX0p$lAe*IUjc+9|_pe z8;xj^pwO?dM@hv>?1baTHoJgL2OJiD@{mmN;948VHK&`MTvF|qbCmaXU{Ycjmy`Ww41I_Z_nO#s|u9})_`(;lttR~z^p(Jh_`pyWZ0 z#wU9^YdcvJRGO`Eh92zz*iJ_uJ=4E)JcwKB+P}{{tL5#ZX=oECKmLi2j|oTt`AII( z3%1;H^E1QUQ~I9{GPtsMQGx8H4t2c83Zkp*9#N#G>-iUjS@wg)*KN9DwXOz;vZTCLU7Y2^au1o zPZBM>&fz2n_ux~E*WxRHXL_z=JOPE$8JcbOS4vg{&@V8xBjIJNx{VLW7@Y*?xh{o6e=_YE%s?<%JJtI~U37{eE^;(xgksh9HD#z?f| zb9LloH8|ch{zb3iz0D}m(h=Tl`}v+vddU}VpjUr7M}Nj*hk(xEb}u_5odzYw{+e=wKFOMet0y1DbkuCYb6CYEwQD-$GnYl(g`i!M*WSR0oA-)Qx=L726 z8^<3p{`S|l8qY$Yzh1Fu;e)M{vMnErvaRlO?{w>$|Jlk%zcJXDqxeM^?2BE)Mdwp~ zI=&Xq(d2U;@9E~uwy{~cylBZ#W^|oJz9364&VBd zkJv;9fUU4K#r?!__w}Wdw2KTCZ39P2X2vn@`+mJgFwKmh6KP#{69sW|V%;YQ0wM^; z=*|iKQcJBOYV`?PIMr6*t&_&pGevl-CIW-Q*0hygKWi#ssZ;bHZ%mHw82vSc6&^Gw z#wJKkOhM|YLsg16r~+$?$nj+uT;0w#m(iyKgfcS>bgAd;MZ7(KDXa0b|5wfO`sF z=~8jewR*`EOuv{vZ91{db=>&sXfi<$CP2ZbK3~t6zFSbd~!$C z{dre?-A9iCn*Rd0ozsbS5o&sFQZl^ivCeh9r?jT=a_TLU!Jp?Di_f}Ma zZG;wTAtU$%fADVAqsMn0cfzT0Fwx`B1q_#x0BW2L)CG*4f+AqaFMU&IO#Nc;F?4-{ zTYbQ}zUgl)IMq+vyKlDZdb|ij4h(}~Spki$WGh^&4dd!Zu4aK&yROk6W3)} zi2=RPr8lOh-^;udptBAwJAcJfWEgvkP7TaPeZ;Ka#;tl=!oEmF(96mR{eXPX3#^#n zpi})~ALJ4sXR^=^JpeE2+|$psG5CZgEyH;t8v(aU@syXv@B{Q$BG-P)xZ1aGRbOK` z*Izp}At<+S>OX;LU@{5XxxynS&H9=g>l!_Q4(5_W{TT!OCQsU%$i&9TkDP2{T5*}Y zWX0PuBb(|^zVQ3_4_SG}mY_)9Lw3Uk^ow69p;;Xq(MRZQn&$05$Dq1r%+wtUOyx2? zAHV`jf3uR;yW3xZ>F7%-0N*4hw1|=Tun6D_nb^V8{MSEzNw(~)e^{c<$uzv6!KB$3 zCaSLC#5dVad0yoIaL8j>SS8V-3qOhP^eeuw9rf(hy-eD4)kmC3tRnZexw>{Q=N^}g zJ|lm?=Ngb3U{m^#A=$I}$STKmgK^NfBhmV`3QpZs1&-URu@O`_I-(Kptz$E0&_*cG zmm&W8JwFycW^~7u;ZebBulv5^<9j=-hOho+*yD>AKr`OVmw{DsA*>N_<|}{_nlX#u zuK!I1CtzH3ZqYOsuKu=WY%3&SQV4!1%Qi)X?H-8ZXb<3^RO4ymUV?Y}!j*G0fLx=? zIUbEI823k4D(ITwj%0g6kC7k57nmhb3D;YmJ*lWNWHERK`g-{Y;2G~@HCTbHj>aW7 zv&qn&6%NN2_~C1s>RPZsKg#JEP5KGu9gORo{;GMw=-c{eoPwY2*RdUmH;xcFECXiw zO=F#Rm@EA@{@|zs+eEK=@*2UfO0_|&;+_>*-iSx%n{T|;=K@>vSnU(AU2CH+h+}Wt z-=JelhV#Dafoomaj*^MW)UN4u2c9bZRhNaIKqWOn#kMY9$R5Ass&66b`p6*Q-m7Kf z#_-Y_QrW??vNfR=cf4odmw-H1)W-P3rpJUD&#v*B`%{Q4 z1B=(|gt8g}o1fQlLRz0rXkDbAd`y_dm*fp{We?hlS7gWT$b86qey{ogHb749#cs5X zZ>iTNwvzq_li|7`V|SwUt34;5?8T?C{p$vzbQNo!w88ln5{>NFcofWF^}; z$Vc=mtPIPbwtsCs#fjjaGHnDa0XWU{`&RvDpP$j5L~tCq>IgFiIR&%>3W=b#1=^!O zvqa|s?ScMLqV~Y~pnvc+9lK>!C3V`iY$mv!cLI^%iocd;fdHnh>)_HBE@L?=p-2A# zg{`gyw6S6uhE*IjAALSAw%sK^+jv$Zj9icx0IZndr#!(@qHtdwC+JCz1kk~wn$d>y!pCbdn|+%Cwc?WJTc05(79r~(H6gBNl` zTP9J?qcaeFfYE+?5}51g8ASIj`@&^HsEvsfS)sKjF?Dp`7I|O1UMG}f z>c1hc{(pWB7O#OTb`rp2`!t!&dG3j2fyIv>OAk23D|)}s1$@M0RYK~@_E zoIh6-U?l}Jp$Zxt*l0s(11E@pyIu8(&|M3vQ^7ko<52=rMYZycHNiP`>}lKGO4>{d zaBqA?o`5%kprhL(FpX`%4z|Xv3fn8rb6rSaYMChd>2qSq)Hs9oYFFo>$NA7*jpc8S z2d05{@T-1GKS;gy+KuY!32%XWW}kh}b^W2`0_fp02{ z9`Ufil)eGRD%l)gviXhpL#DRy%cknOlPI3&vg~&0Q?lvzROYf8f*Jm8=RiL)kZ{3n z{N+05t3q(DqYQq?tIG7eioYUyyVUjQhbC3S=DOXy@0hsF?{|bBx^H`{V<0+;oIq$| zM@s4=yT~u)gTS=^2PuJG(W*dX65yf1Txt{eU@Y#0vh9ZPgYxr>B_Ik~7m(fZa5yA! z04P@1!)>sxSC-2IBc7kG36{5;5VAZ$%iGM+Cim4~Ro`39msZEW3Y3K*XnwT>6fK=V zmVkkKez63sTaN!w;Dgx9p~}((0FF+ySypE&(`?}#!9pFH)vdxUy-*QlNuS9ufn8z4=P`_JNuSb_(uTIZ8af5aG$FT|@h8(wc z(&|5OSXZ?0Ij#pHtmTEaPNy8aE(`0FOF{9uK2Bj?ANEyXHJN`fSl(tr%W^bztEK4= z4M&IESA}&ZA8_>e^=h=No6jTRAIBnm7;@aPqE&&2!-05gi@r1t(%Y9vNIPCObu)NKLmgQ&~{xQEeC>%X9{~)mLz;^Wb^=h=No6jTRAIBnm z7;?0Lh3DAYItD9jr>)Z&!Ai<#Qr0J%^>P~Q>m6lTI2=xJAXwgR(6JgVtF z0~-=zy@}1 z9Utyzv<+(sJ_+{6YVaxI*O_eBgmyq=z6tz0Awpk4_{)m0lk7&`8`!|H3On99KHMwX z@yvN$Q9praxd4R8b;4>7*wL~+dK&Xu_+3rrM*@zf7hzV?Ytg+th`k)DEZ6q&o?>U=c(@^qAB)CBChL;Rx`Dhm4*Y&tr@bG`w!VQ4 zY#@1cN20Z&^##vXw=%IhUj*)40ZGQm^sW`FVs*;#$8Z1Ig4Vw0Q=9&E3-}7Z&lmYl z*nB^wcD}zic+e0SeaA0^_^!-V0uNla#^LQTtE4Vp&=KC$gYdWvgx=r<`UiLJ4G7+y z`1AeG`0wxVt-2jJs(*iJeAQ_K+}|3rN+bev&UXX%-#3;r$BQ4b_WiguNROkPFG8== z){9@uFz)mV`r%|hWI2_^vH%Cr7askimno#3`}ytR@m;^~|6bGpo+3;1J6D`*3#T>! zp5Q`9cnM9@`vV3&e$W6OZ5GE581q2)cY`_ETYXmP8=lB9{7-2Q-@!TMH+5;Rf9?e$ zNBH$s`g@z_?V_vw!4y|uiZkbl1)(=KcBCNogWlMr>#1y}yzIu;6!4)e$}{zg_go(c z4mRG01>uEV0CdLxoa1rIn|hFYQ*bYBBOBMjm9iV8-~R5e6GG=ftu@4HoL>V8OqpL~ zLT%rf-ybk<+owYbTQI-wGOyYJyH+j_@N$@xjO~aIg+aKtDg;*`V@>7bIL^m-WNA|4 zyl!kI$NZwoPASZBRDCC9cy@?;)HQzhC*v-{T$_F0Z(?TrDU`|fSi9lq_H)Sn#x`1bRl;wsqc^adJhjy(kbcHUN&mwIQ+$UT_u&9EMTYBu_r=m0XIhRWh`lLb z8J}I`GuOd0Z8N>z4W@1P*XBsTjumYfah?+3Y<>*fFW*=}xF=aSPG_9;f7hAe2ZATe z_AfTf1=PP3P6z13BU??Zdlz;5@W#*}z1n>8H4_EEwIS2IBqQ~$PV$+~~|z5e_LCp(C~1zY`-VBv%dWLtSzX!@%Emd>jHbO893fVOGl zJmcqFKj+a&?g3*sM|X7Yd^f;P+J}aWHEb!{rE^-U1gGu(DFn};;@|+|suRobIOSQ% zH3$zt9lypW-N*LTM~Cjwd-NPW;GE*pPE62G+l&XIt7SkxxPpJNuX`Z0t{cLy@yNmW zk&n9Yxj%mQ$NT=;FGB1ou-NuMeLqaVAKF8oYb8FJy7)Nzo9aD~ehP43N#9&A+Dh7| z?{wTF1)+0CqGd!e93?_>&ow8CGrC78?j=a6Yoqwczy~tZ@A?A4+g}oG7|)olo4ERO zAHdZ~r|yeV<2mhe5d6l62hGmWoUsCpe?`!r+?2@1IK~M6@Fp=1LmE8geg|yy&D-KN zKisVyoM7M>GU+2k1^%BV$WDOO2aleQTZw8Tsq2^RY0&)&&s!C2O+F$c$HrfMt#1AH zEO`6vVFT!HTvfD<4Mc{yUKS!F0H5>d%2<(W!2QTJGz5qGv;pp=?G)6<$wRL(L1az` z+PDthz!!St2XMmiPDZS1kzu0BU6sEYQc1JhUK8yW8 z`t9%jI>C6x??j7HOlF0ugo)fseT1S!FwO(++qyjA#Nh<}1Kf3N$9Fx!qZERzfYc6D z=PimlN(c>AVPXJRi7Z|kKDX~=DK$V5TSjw z6<|*;+&1Hjj@|0l4aV%T>%ZngMFbJYbk4BUW1evdesO}{uB`e9 z&N+1Nykk~7R#*vO`Upn)Ng^SjVb1^7Ouw$(7m>6He&+(uz`2~z;K75WqF=Uq)H%jk zfI1MGmj!ewi@|4lEGQ61Jm<> zK2sc1y9iGA7yBOUdYv$p!7_lh#Xk7rACBxO_LYhC{`i^JYd^KaqZPvc`(B1}NeE#C z%$qdiT>Bu=FF{cdw;~c)KpaCGfkyizT6KbvbM1Pz+UcTjcdr^xnd7g9^JKHUaE*r_ z#TcPyakT`r0co=g-~s)?flhU<6*wjN(@r~e>zS*d4De>PnYK#$6F^U7ieEekhSPDZ znuaQdyt0~d-%(OER-Om9o~l?ao6xi#$h+D&*JnJ7-8nfzzpZ*JW_YZwBPU~_)ioTF zj&pT%xeDm7gumbg(FZvu@oGD0J8s8Vsc(BJNMHOZ?&lh~Z!Goz@DLpEYM1-2wRdlO z>>(?YOJip82}j#lwa+e2Y_4BqTLK1!{vT({fN_=9CmX19W1<&0$HP<}_*2qX0elk< zeR{GrZ=-+Y3a|Pk^3zX0z3V|_99X>gQk%{pXye&@jvgPi+dUDzy z>_#`7(Gi~YpSBAPi+C4t?S^|@fL3K$n6}3YAirsSY-nnm)BCPdK<>GY9R{X-js`$S z(^~(5X3`PEUZxQg2xRZxy)B5>Uw?h}^2;yJ&N=6tep8l#_|+fnG0O-!*%@aHN6X70 zVYs(Ot8Ll?W8{Ynyohu5*=KJNrd@A~R(GG{&pN9)CYwOZy~d*(a7wkadU~bwWPJD~+Be^Lv+1BCL0&sNt4l(Lt5?=1ju&9) z8XxM7Z*pU3ILHv4bY>jw5)k1{Sp}wg2k;q-EcWc#(>52~Mdrp%iTw4~#t&sUKlj{o zyB@t$nv4~_!K*!B!{Hv1#2mI3{TUY=Ob&+v#>hD6B1^JhPiK`cq7l#P z$>5@kE^7I$3i=u+GMn;5?(QwhagpzJ%3%?vayb}ihX?in*d6;L!+hGp1dW}sNAaKE z;78xYf<;?eycd|#2FFw`M^Z*p2rr#z34;+Mp5pJh=bmPs;oNe|Ep71k-FIJ?&wcK5 zvr8_yq=U-+_ut=r1Qrf@;e{8rqn&>Gsat|@G+3NR@M$NlBOJzhr-Xe@3HiF~uWvfM z87qN!cBpM3=r?nRF>>%mwG`luGT_C>V~;)7LG{{euWh;|Bgzd#QOg3}j6rU|G4kY? z0<`hS(RTVX&ptEz;SYaMPWnpo{M*0%+iiHB#hOfz)00m=IlKGryJt^5^;F~e=tn;~ z``qV0-$6R#7*|p-QF-8j2YSqX`}WOFIrWs;cfa%9*+q4J)sZ&~kz<@Pfep>qTyxFr>Z`AA8+-7<2itBW2V*<33vz-3FX+DO zuDkmD;~)R{mX5Un#!={+ebUb_e({UG$0qPWmf8U0{qToBY`!kN^wJKhKz}dwy<4_= z?|t`{9`2u=x#!H;jW^!dv;l!cp7e~H4eMjVxD?DykxAkWIOZJec1=G&``OQ0euCF$ zKl|C{#Wh>`@sEGpa^~Lx9^1U`y6c)ReaX|khaP%p_Jbe%pabN;{Fnc-Wr+UB8{p6V zM<0E(<#f|cH?>`|k11V&MOvpIp~0WvdGEdVw*Kj!JS8{~y>x6?BcMegH+J`$UMGa6Wk5SV zNPa*ZA}=z$vSJf`vK_uhr|gjJur2&Y&xzk4<4^CUE(Ju6?&thS$|+z>G#&qE1)SwC z{^BoY|N3A5>vljvo?%H$0w;rFWZ(JDcRJ7rzJeJ635aH!aB%8#&poFDNj|c|d2C6x zplVQCoRX|@o`2!_+0TFe^G+7Fl?6EM;NrBDWV=&)=LptLLV|ml0`xN;MSu6Z-);UV zI*B%hti86YC?tYZ(9T($Gav!&&O7hy;C9(%m$p2A`qR5Q7~=>u|Rss zB}0EjWCztVPCujhzyJORnvPcsr{G3jR>#$>+nI@Sn4kRQC*2>90`cXSU*0t913#Gx z$g2jy$PnmDHk=Y~#xo8&*^8jgModtQMV9oyInm8FB}VkJU;UzE?bsxK+P>O1bZefF(yerxt@jd^bA>cR^y*wW{# zuf5v1Vpr^WnbNlY-q==4iJYeA(}Kn)o_J#R_kaKQtt;0O1A6Jv9NNi z?K%^QQ%*4<@l8+TBXD+M=#<~1pUmKN#CzVPCu{iO?TKr#N}f|+JXi_9O(!Nx^ba2z zOsde3w$Z^lft*dw>G!|=xBphMIkD~TqKhu<1S_VP)R+vC*CJ256%$4U#5U!LE-cz!!VO)Awp(|Fy4ut&^!(!k8aXF z{^5M;4@&4Drz0(^uYBbzvr4fe(IWaU|MD+qfBL6?+QeE>5smlGD2>+?j7j|Rd=58<@3 z2>u;2=-1o$1!I9i;1$rkNTi>0^d#}=Pht3w#2jsfaTv~#fB?|xe5#O~yB9uEH*IGu z1uzD5g%63HV;cYZ8vB$oGC>?4X6qMJU^YP^tA`$br~}u{H{a3;(z#%B*518i3%S}^ z?UUgHh41kv9-rNC{SDp5mb1iu&N=6nA)nS`KK|I_CCA^?7#GeitN^j+j6EGNPCW6X zZiin%`OLG^*C5^J~)e#v5bHkjOH2qIK{nYH0S6^w~AAW>?JXv(V)cSb$-SG$l-AQP8#XG(eY#ix` z+)Rw|?7j&QodgH@NU}HGd{a%dPOAycLp|v|^UOV^^Rvp1POQoCyR&!SduR4i$?olU z-kM#sPhxq#?D>hJl}-P0_FBn}PAcuso_*%&mh--S7tMb8{ByG>%7$F?H8k@9lS(lH z9pvgB9iSP&6}{`jCh430C2$jYJhBtIcfLO0=O#MuG(9GG694HXFE+&nUV7<;-o;=i zpZLVb`*ZS7RZM%PWbyp-FSMTe<;LSrn7#PIi#6fBzh&<}-tkR8z(h|SxsU<=*!XTc z0|&c4njrav&GSj|o*$VwIkJ6vCMUZgj&x5RvGw@3y2N_2Vqbg!9Wo!1w;ZzOIAGS1(e0f;Sjhv4B9D)GK~W$n+!mlT5(PWQCO7bm;eBrN5Rg? z7k}usRr{$=ezNHXKe_8CvukQH!*Ojv3i!`F{Y)F^XFl_p=KtkaUao%6H$P~0&$Cyn z(5H)6^1JP}Pgg*?qpz0+Y&V+7ql+C@S;vCba&^E@0^``&Uq~# z6Cm3-Xe7rU{_sat|3>pkhM)fQr<*T&!WSEWM=)|OC`KN;mEC~+@kL+883E~;4$x$S zcaFs_&?sP&6+6WnIs|35M!&HK^sBe}h6^5a|L_0(zq^0*W7RL=k_$U9mQ^9g){niS z!^D%Fc7mDnA^^Yn#_K&1@-mSX6;Q1 z=z}cTJ6Z5!e3~HLbn}hX=KPwRJzqBRV)?#nUp`P11Cet1VEmIr!r@j}@$y;%W2U9?NE`^sj%^WAUHzEk`>_uMZ#xQZkET!56| z$7-(JaN?7FZ`zD39P-GATgzxIrJ-v&y>cm$ulFgEZ`?lZt^DQ^`IMZN9aR2O&|9E!oHP^JD87~#u2IY9qK0BU$3dD-O3MHaLf-pf4dGl)D2(OBEl9QyNjgn-EH$|J=OX5hGf<9zn9JG!^SA7bHb8n-1F6$#S8YolGCsaj#aAJ|X|`PF=U;F^-_sUItmN>{eDyCF`dlnoeD!~Q zb@t6~e6xcf+5|d==_M$WsLL)JTeSDwbMNfVJAYip{&3^nw{Ijn`bdyOx3=ge7h}=` z{VvJ_L~gr5D>)M`ur&r~z$_p}ifPSITbT(FY9z>+5yz#_D&|O*i%n zXvVwo#v9t+t#VDEJmZBEO$r;gGV-XvgzSr7{9*?ad>fw*B1ZuUKPDD*OMd(T{d8hg zEnsV-p1!oz&dZAZRiJPA7?}4a*xY-)lC?^oePq;Gaiiz4#~vxXj}_m?&3^y)f3Je# zXZ!KR_iz7h@%wBiq8DE92*?&+CH$kd)4Lg%$tZE!>NAo+AgKvD}8?9e@ zq^mD|=}TQqY{&=Qu?ffZ!g%(M50i*fPC2PpvL1`waKrU2>;Lbs|EeYzPnMi2ewNSL zjj$VqzCZe-KWy6RijKyv)(iboB6}kb6IqE^VvtlM5k4+vk%1&bXZYUDmyQKsqx?EW zJY@Uc1tCNBU_!-4#a!p)g=g~PckDQmOZE$oNu$YrCf8)exA}i|q{KY2Lvn{NKJ#Hg zCt8j-1&m8d9GelCEf5gnuu9-0f&wSWws8Wi1mT4z{gsc_?B7a&voJWg2#b&|DM#CP z(Y~5N@9Dk*1Sb-#E~|T^|F*0C+-32K9v_9W9oz}Vcy(W2D<9*( zU9vs-O={5oORxzF5so(h*4H<_t-P44taHdbQvMm~aDf}XlheBu)w;5=)x zk|ry7(1dRK67)=v;3Hf0^uV}Nmp-ckTuOjGS>gJx002unNkl{KG>pUORkcq1dA5n zzT)LXvXfb^z4n^f6<1zS?N4t0jcfcji%&@k-zT1MV##e^2StVa$(61IRI z(t>8Oh7O}|ZR5+KYu#WR?}v~T{v}j4!-p=o;QZNhzkF_Xcli!k`=}kdvx9N7XyPQ^xaxwxj>mw{oM*$K;enwB5ypidgfurHn3IKu%!+fk} z)q;lrD#+NbBydWxEky|uh^;sZG9KKVA2@a(C<8_>e&AD#$=MnI2pq!^;^gSr&FF(a zM@73NisrM9t~so?tY595Y%KEIQ}Th8!J*eVzC}Xx*@mBfZ?V$f6J3s*1YLvoD%mzN zFjlXS>&W5Bh2bSI`miN5nlvQQW|Gp$ zaXvBfu_K1*al`4SonGU3>vQl(O%gAffuzhf?SSAxTR7DXTE~QiZ3=QJY18&yNY#-m zyEJ*DU$zvvPxXOTIMtJZ@{G;~FLro5 zx;nWFx#gaAj_i;w=$DP#L1E|7*Rcp>qOiLZ{PJ0o5j|ipbMAh9_Yi1F(r3&Iezu4Uu|A&8B6F1 z$oOTfzy!qhKOV@>wfn|n%x38DOWelAFDHm$r%YkDYkf130OXA(_td-ZTs=DIn>>uq zE;&?BC4O@AC|NFQ1R<@6*gj}T+_M`+pSD%uKvROHapG_5gnqPBWA(DXAm2!5_vzwF5`XXq zzu#NNURJbv_k!V`Gxs!YY(`vaz1M<3!aVD&Gn;-kNykZ`cvHxLp2?VO$P$kd$hvu5 z7vK-ijP=w&2?Z5h0|EdiIagGSXh%Mufee7fH2$tv=;9#D?aDXHsLGSFd_qK36 z%ODg^|7Hayt5ya_XbJWbh?!zmQf4{cDz=R!Alb(9g3lGD6fg1EI+k2~u9HzlfmUMz z1-$5`D71Q}OhJrRJN!rpj)ICh!JI?j0S>g|QSwPJMH>ai$(0sf@c>fSJe3hSXAChS zb>!s*8E^WkGY*3=b48zzfIR=p=Vw>dip(3y5+wt%GBC;UhN!oQr6|vN1!DBSPzhNQ z;Qa6b&x6p+$r-NkLJPUk0lf(9jF%44;~cFW_=|6{L>v8UPabBUXk*A^L}%Jtxsj0- zrKF6uDY#AvOt0gRfPRdHX7%W0JLJl_=z-0U3t9wb^m1I20(eYR^koMUmOc_K2Zx`o z=!DGJ3m))DZXDLRAg3KXk}F;5!%pZ1UNS<*wbxx+_%H9>7x=vRClI5TOpTMDKC}wN zDtWukk7pPgem02)AH|ZG@PmG1!i6UKLSys?virghZ@cZb*0r{6M>URXa-?^7Y-jrT z*af98<6e5{WfchX%{;S`$@8smUlZDo6HYb}8j~~yPgh=XW$VHi-UEOKZnRx>)ivE7 zkQIHJ2)oCw@T87j@nKwn*mWi}+K4k`Y`m6N;g6543rYg@--v;)zy4bBH-6HReOoY` ze)<_L19Y?Z>nq-Qxy=gLqn_wIJ~;F~ww~4Fm7ejYO%enjg;(5iEr#l+ePDVH7O#&M zKo`F8M0RB9C@!;W_wdTr$(4U;qn|!xNWT15oZ)M1osF>{wyrH1Y6myFfy0sS8$%n{ zN@SJex?#s#$Eir7MFiziG^en2hf&6Wd5&e)&S^1>0RmufnN@hrALFN=!C1x{blUsq zgXd6Q4$)V8g5*g05ttbwC-Z#Qy?iE7`-?8x*Kg^XL23`@^hFiMt6o6OL;w&t-q3Fb z2`_xEDGYt+*Iu0@0tAq3Q~G7*7?LzAhb0Ag^{pv9Td z0mxT?hF9{EAe;*lWZ|5At-|$H&p8A_FCkbJnY^$QvNF~bR=Fl~kck={8 zYzY?s=rb8)tI+}8*_Ufaj~CJp4mz3An&j=MuYPPPZSjY1GDC~vWg)gsc4+kM+?R&z z-FtQ?S|7uTUE4MkjD33=eQHncr;%rkdqv6l{PWLi|1jQp=Z$TzGpv@XKc7GoxuDsY zaN`HCLGnUlCOhiT8=c|L1Ol)zd|qENYk%;qVBN`?JxAB(%xq^PdNB@?aKE!wrm6WbH~;UY&z z_xX$>>11+2R&eOM2nX_=qYcnTPx!zu8HlI+l|Jbe@9c(b=-fRz)?U4dw*KM*nW&5W z^wFQZ*r!;|M%a&g!1(c*z>$(!677y}hQbI(mLL#^;SlaxaZh`M#_;tKoFlx~UK?LU z2h8jl9=0SDZ^@e7!o{FGuhh@EEmUu6ni2XqkmtJult7}bRq#hXGPWSl!CBE1=TwJg z;2M1#1#kK=Wb|-oJZP&9L>cOwYX>*w!vmrqIPr~->A9n#J;yPwde>G9iZ@Gb^TNeo z$OTsY@M^v6qdu=zKqMP4JE7ed81&78=Btk01pUR&$F~|?dF53-!4M>YKJZ(?ppmhn z1%FEDGA=$DZjV3bCqSk>Ue%KooajQoRg`D;R*-fU-~jIL4Xs_Iy6~oyE=n^@Z(zbR$nh{dFjxLPafO+?ce@w(|Tnk18;77A&;G)qu&`Q9^#w* zB{D^$$pl{Cd(R^lFCdPIF1qj#TKHDSg{nsvKvQ@PFRp=e1!$kL9w__jx39-X{ydH` zVKAOW0A-=iwXalt`>jf>l`!yaYh54hL1GHIu`xQ+Z`jT7`N*SV!JOa7N=e&5V7uXWzSfO{SQ z2#Fv=2WLNHo)`cXst3m(HxfKL^h*#iPH1y9cG@XZg~K&f2pIHlZ+AGRPsUcaMbmtY z;Gd4Ao=lvhYtYD$j+?z!!O~W`kMfWO9<=9Z+FS8*+N#{b)rqaz`fg(2V;Q!OO+MZz ze8#f!5qLSdF~c7x4*lu_?)P{_TO2+2T?756N3`k_y5P0?6+|RE{ne%YBIq-PTt`-D zGKT)KH{i%lfj)`^Ynxy4vFgss7cJz~GOKp@bA%HPG%CiK>J=DYTjRMGe$f)UO5f1v z2L;?K%KC9f(_F=UxJ())U~OFkIPk3KCqcn!M+Oh0?dT6*<1Eld0q9F`HkSIF!yBIT z4gbJB?fjHwVb`MVip`tczFD^Av)n$%?n^8@zOgzmN%n3)lD~d=i{800tj5vdT`F7T zd=*5NXjr5xJmx;VQ`ct1>OS)^<68Xt5grUUZRhHi6>zsLfxP5cZQ zZog0lTstQx?OkUKb&Bh>kAE2h4MTqej+D%dgVyblCxFQa1>wq67$8K4Va%k?dEMwD zk#;|fDRtiW3*2)aVj@T@y#Do{NxdV{Flg5)+7mFEwLvSG((jmSknzKp>(ptJ(zML$ zfx0bP>fRJ*&QtFg=W*S2Rd8VCo;n5S>(ADsBnzu#-1mEoVW3tHO0RyZ-ZMeZ*nD@f zB&+F^4ltDu`qit`rpK*<&)f&82l~3N{j?7d6a``1l4&!Q*%aKH!t{EIGcpF#`p^-% z*($Pv?U&^$$!E2IrqG~o`h_>g*hwHbr!=J>Ap6)-@B{?ayrnDAD3XyP5sh7#kqEJ3 z+Yt_Rk`bH&f(eqk!SD8t5m1LVdXrog=juoMoe;YNX_Iza6RJr!NmRWyeze01%_Er` zZt%U$7uVRsU)Y_#uA!Uah0jFVb<R$Y!bwN7pIAxlYKKXc_w6 zrrp`#r|7J9y~@?TCebF+c9e#Gw`qh6kCB0U1Mi4O^yNBsmhq=DJJtXX(d!iOsJp{M}FaFrinphzbK7K0(;E*@E+_F@OkA8-hqsz~sB{ zj+FOTw_v^2X6-&lLgZ7G9c>=95 z+;grDoj^Zz@Z%?24EjN z?ITC`rhF>;yDw23e|+)audcn6Wi@N3BtFr*D<#MD2gYKnCXU)}^{={Z+q24}ulMU& zJG4cnno$AF7*WoR?19&DAppCxTfXF?t$oKl>@P3Fs!1Np}UZV>Scmw#*h7aLA{Hw#W zde_=3uGu`fkVo3O$7bM$(=qqpbl-L44BS%}n4Yf_Lf8AA(Jm4cC96ZU`?&_L(vrD2j1WO^1I=v3jl?p>1J3oqO9a12`y#&3LCJwZ|298U z*zKNc;CgxL8I`={3 zmT|zepL@niV9_pinm!4#N#sD=oCg<3AIJT*ogTHzePz2JKD4O%K9v21-uW2ar_buV z?sY$%=0|PE&21d&yhkzU+?G=ybVP?!K7jLqWB0ybw|fVJ<@=z|1oT(sgN~zbifev4 z>`(Lh&prNEH{X4)`05>vZ9h>TTiC|4%`=F8-CNYzBDi-TIN1FU3R7BkqiYeSeCCKZ zyiWUvXLTuQr%dIM_PKTpS;Hl-oOWelH-#0Xg6hPxtBhVt7Ln$ zz-sm-8c77=;Ud5AydPI_JF43c4?NboZGD|FZ{2=(DEN2dd!4dagxzT0k!V#Q=unv4 zhTvEpS0~w}n@4cV3-Cw^`@n$7<>j(E;PYtVbpuB~tY(Y0nwJg{<#QhO9Gmty5^b$p z`+OV1OC5JqTg!&mNt+F<42P0~j-EKb4auvAe?{B8t|+V`WThTktG9#0Q6>BjBAb<< z23RNhHNvWTIy{rY!vUdt9d;HT*UamZr1y$;Nm@Gf9EE{zDL}R@<4(4V{JOc5uTHYf zYwGKG05Kg+w*EnMv~J(~Ao%yk$C0+dMcT8X9S>qQuz?M1U;`W2z*=Ap&uEj;SDTfr z*80FR#wi?Kv+55fo8wZzBWZ)X(Y@mttv4RMF75U6!vi(oN-zAZD2x@h zj*l*w%VhI1)cfFQbok|9opKM4M+>j3$^A$Mxr4!KwBWH4?UGx^1Lk%AhrbL3jvn9J zre(_W;o^T)JQl2rAg`ja6Rj_6_Thh@)wHRUqv?S zw)dln7O+Yjn9?)t_hH!HZnBYA)pw%xJ+;2*d-}6hhXys^3ahqN(yZ1yj|Ya`nE&vA zT;|8a4u!bUt|H5$2Uc~AqeriydmVBQk4Foy%gg=42y}-Jibsj|Ba18AIZyAKR8^v# zAIHgoc|Y20{b-_R64Ftj??Wsh@TI!e^JTOc_Qd>FxQf3O z;8WR+{-cE_d9`V*|5_^uo1Y#cz;QV690)#KL;he8nXFSbk;$JvRLo9*k%Lkfc+)fqXm*z*OX|d$HNWBvJtOSHj&B3!9NsOr%E?)$go;$ ztG2zO)n~EaZc0(N=zkxc@>Y%GM{}Y&80^OD;pAr(S?)IOjzsHA|NWwfZ+-zmo{srm zUf(wf+|8GY_jR4W_ulx4E~V=x1j6HI^YRsL+AI>KUK`(GT&=q8*7sZ1Uw_}_{QHdy zc+NdAj{m2; zI8VW|W6N{GzdFZ2cu9LOy+4I1?hguV5KQgIsN>s(24tN2SG0_}&>u*f$cs%o*JjiY zUEqKEebIs7OI^;j&pjoe+16#9`^^WxDGU70E2yqrH|(z}wud_~Yz?z)2jdt2MTBt% z-}4&>fJOenlrMMN->YH=@BQD9Y5y!-{pCB7C&VueQ<($T)4J){tHKo5GVqb(wDmo^ z+dl2jcR^#EAFE?uzy4KX8s0T+ETf1q_x$EicHwK-$ovZ{{F2N7NJmiV#Mpz>bp=6*bcm_`uls)0qfV+#e%<7a*}Ly< ze>|vh%nLUCSb!fz_7hSAFQP_qt(~6<>z^De!_~HfMzzrVy>~}&9DP;;fz_`-I2udw zk*4Me@;T(*2Lb(jJPJ;9CYTSJ#}5MdF$CE2Tb0dQ-vxuOzF+^1GJa&>y(-i8O3SVO z*Cs#F*7vmQy6v$;Pxy6?|EWAu(muTGc7G9qFXMq_`b|N9WkAv20WA7~W7yn#WvlPK zH)tC?Ozcvh<{Mvg+nnEr$2~{=@=G|W$AdDh%X#`lUV(9M+fV%c`qyy3RprgC`d|OL z?EYQ90t0`yTCNms?NR664>WC6H^zRyZLJEOESDFe?b-IH=R%H52&*7dH5IUygE(`kRC(*J}YPl4+jvUR1$1i{Q8MyH?PDW!G z{ac<*+xT6}fW9UuC!RQdehld2ho_O+KQC2(0-xWqB`bK1iypM0MafT5shjc+)afh9 zh6nfcL4*5a=05tvm-FVYihhc^MVOAY2$BOC_}M@|g-8z7p|2Z%@s=MI*Uov`!P|Tm z9wYck#ZFRH(ef>MW^&^?vhW$VMF@@BD!C5-K;6I_IlNaZoEo=ia*alTmp`BjG%kJS z=gUIIUl!mFe&abupNXrVY3$#^E#9L?HcP*eU(?y0i?_LK!)MMx%cK6-9a&86!x64k ze^j9RRe@_d?$obRA3Bx=c$SB1JAWCfV_yxW`>^-%i%U&I{WZN+?6y^>t+Fb8#}2fW zjMH79HJ{rpqiyJ(rQ80wz!Q$|-|E&nnvQC z(#D|S8C%gcMg;^o(96^s$psths7Sd`vnc#pS zyN|T(DRAfy`~D?xcwkKAwkNqJ945WL>Pg86WB3e@;ZL%7rxKdqU$yf>6fKX5O!`=5 zt6yD2X4y(L`RR#9$^V0JyEV@I82ka(i*@S&0`GCdi4+lDWAa3zET>%JanH}dE z`Q3ifCr&=E+5-2w?c`j$1fi6)3FLa}Txqv#Nw9McQV*u%PU}~J^hy7z19osNx_gW& zSTJc3xvAG%MmavRA>G93XkGyk-m$~lt_;MzUMrY|_F zO@354WwA{_9e`6iu-Il1_IFQzc-;3J#Y)qPT=?g7gHbhhSWc)_z8@b?a_c^YBQy^f zWA?oQV`(2+r!?sknMFPzw5f}J6@DT>NVe+73P{a(798DH>;9`wjc;AhW4>4VHcprN zS3H=!buz3Y*`h+*)?3lbhO8XleW&=w2mc=^n@>Ds$ED>m=cDD~*jF{Nt<{QTYnwkZ zTDHLJ*z%hf5Zjp6tsBrWY$3KETVf->s!7Q^vv=Nor;`RCgYXepy#7BKn$HDR)wRvc z{{pSYI=b(1Lnq$IcaA1~4*Zw43qbDk(*f^mal~Q1b^LAxtCPxr#t&1!BQO{9&a=JN zMpp(VsMU?W&-t_wwAvV}og{I>i6?IHMwr7;w;hN>C0I?jgL0jqtzYitTASQo2Htq% zjXs`o$|*bg!5Mt$KU9Dx_y9g!r!)^;N=EY_FQC0$4$FzraPr9~Z{6$dy~4o|$qW6A zHb0C{z{ViQx88btc1rbi-IJg>4US2&c&AHrz?Wj&)H%=fn{U3kb^Y3Ful3OuV~XpQv%c(8^9ifXJqVwo@l{m1p%p0ohN63**hfM>t;al>3^UcBMNk!91C!IVd9-38M zO=Y@0(B@F#aNsz6fXN|`z@lv1i??JkX=)r*|L8TM~e4yX|&@Ndj~|1+=13 z(ar=Vbi?mlUq|;9=WwT}LyvPbEQ0$}m|l}ZQM!dcG8E)(c~0r=Rapi0^lvWbJZ4v= zlU=p*Vx52=THOQFF`OrexBZta9Mwf8APHD|dV)_|6d*R*93)a6|$yTo1QRKyY5?U(l7WFpdIe2rei~2ED0Hd z+=CBYCOGO6Dp4~I|N@ZsO?Q`?6L&3p#{-~I>tqi+?u!K&@o z3%J~tW$Y->rxRI|m6*^_e6S}n)53%wm!+J8qD@YeQ{ z3!tL6LP`o8jWP8$l2w$(0#^w{0R*N_AO!FTZq;-Px~>XbVA_}S41?V+Xi&hEt{D5O z5C>hvv3RZ|IIRM~t1k$@t`lU#M}yNEc8oo?gvYk>$hrHMWa5qQqnTQGB6O3Qst zzsXI;Ori@fqwSFGlsDJYq?`9Kzr?iBmG0$fnd8$^{>fXuh^?} zeWBUHrJ$w83_q^bTS>6dEm_Zd^fqbzjrz!O$PQ$j(2P&THC~mp1!+rWWCPrH-fuS7 zeLE0MTiwgns_P!3uhtJO7h@M~*#R+r6IIYO*W`uGpj{ygajLB88#HV6pE7KpOvfXdytLTX zSbYY4gT^TzQ`lequ?B8a(AH-39f>?f4G2C80NMrjGLU`&c-0w4ah^7g@K3j{4hDjA=*ub&UNV^mWx=@l zoL^fd>UY{{r`44t`}XXWS6`i-b>^8BtgM#CmYM#7V$b#~$mLmO^U*zrtQc|2uIg-; z!kr@c!K2-1JNQ;-TUeVj&NyRB2a$*EW2*^YBc`o-1zn)Gx~osd!EgEpM?igGdLC%{ zd*{TK=b!`h5l%8K85n~MJjSq+AeXGT*`)i0r29CwOnUXZ&6~PWKkUvqK7lRz@Y-)j z);XN`(^dhIA@Fe?pP7x_1jKJun_8%s-J(bsmqsQ8C8$`;cS#bNTfus@j&P*fu|%!=kKv7i@lhqyPu@r31JR^z!=ukD$Y zll$5}_Sj=>_wL)qSGT46kNl?X>eVV_bXMu=^qxQs`v9>ufBr2C@0Zho0cy`= z$&ReZd%>Zzw@4?gr@+wkxF_V3J2EuJ#b z!@tQ6942-zz5LSbjo063AJ(@huX`&nT0quh1gCSfkSjg2S$OG=EYTQ$TLxNBO9S8a zk`DbJ*Rp&4_19)Eyzt`eg7Yt!oqooixN+(aW}-d* z&kDRf_wWAQU(WvRzx_AOoyXE#qgNd1m(FOE0z~k1e?|R<`ko@cfA0P6MeYflo>1ca?EfsTIIqu5pa;4!I{f?a^szhISA{$570wx=GuD#&!!yo>z^_P1AlLM2S2dn>2O13YQ zY$W2Adog3eU<FA}|BM(0^yYIgH zX0Mj-S><-pE#I@FaMFn<^_#Srl)PFKxaXdIu3v<@`s%B+i$;pYcg+#j&0HLFQ0pEcCPp@8CF>ah~@pVQQ80Iz^3MBb+Xuc z-SCyKd}UTCb|l(gz4vY>+CTfVf7`QR4tn4H_qTwqyy~jiqcxlV=C{5z`|AJtU$ZN& zys~G%k5}EDKmKtU+e^sl69^>&M~;F?*Mc%fkyr(6NkNd;Mo@H58^Lla zM16;Ij|8f{BglE`Q?#dO=VngE;w*xY;3Fvr3S%b9Ubd~|{R-SaWL&(ap9J--lG!)D z@r@qu(n~MxiN)PNySsxio}aJDiN1UHp4BTQfrL!%zWeUk9e3Q`xFoMfE8tvy+2y^m zZ3C@(!H|r8_Vb_5zEwO4?(pARLG-I%{c6)gPZwQuQOooG(&yj&&EGWt+Fn_DBopIF zq(3h_`8{HCfx|uY-EqeqJsD9ip_&*yT9Yw2(PJ!q*$qC7DL^g4qD-gP{c(^QOC32r zS7Y3F|9!K&e|mR0;JM8|xZ?+RbW#K+b;hS-TcWn2-mDeIOE11O`}@ED`<@6~bImn9 zlg&$d@UuORZyd70r-`HlgLaF`9;=#kuXj2g(-M1e_wsOEz-`H{U^g2(T=1J-t=pzPuI&82*6n}z5C8XU&z>`8`)cKN!37ue1oigv4Z8o- zCqLOMZ@dh?2ET#uoZ?!+v$A+E^&rQi113E6f7{oK5V|dH_`(1DAOCaqU;pcWZU3?G z5O?|O*T44lo>YDGl1qBB;_({Uo1hN-RmiAqX~@6FS?)-* zi2jSe_;<5^^KbsNgAd2C;==q5*I(a(RUjs?kA3W8Bhi*K3s#crndJl$^qw*_{cr#N z_bV8Vm7HKK!C_jE5}?d#%wpWT^UgcF4+oWu;N|%0IWEEJqpjrST5v#%z-WB zYxQRAR$~lbFyxSmi38`*|ArfG=wPV7Hh__HYJA0^T|1{ZbSijBAJ@ROHXus2T9B9| zq3f=@u8r;CngL&5GClwN3$$!rCH;?n^rO}1xLUTVOSYTfZ-HGvYi zw6i5jw(j8>ezLNPL94_@2lS2)c*(^0bSmhOC0-=)Y`+HJ3*>xybZXpOb2NeW*=L@e zJ@V)yvr8|zv?m7IJoeb*vp0)Y;~4+-IzRcOlV_)$ep)9?@_pv%XL_rb6LZQ3?th@$ z(hKKiOIE1tx_1mpPq~K=@*s0ztR@pCw$9GmzuGxLrpE_IH#(e#a*JnSw`)9Lf%Z5EO)#vV#rR2q~fl1Z(%ddX? zlOOk_)=KK6lTX@u?nQ3e;FI6d*@-8e*b`rRW(U1HQTAo){e~NFoPF%pTl*fl@f|q! zoKXR==zFz31MxFZ7~Qe-l=^G0_pH$Q?fS$;ZTkUGP_a#eV2^ z*xCMJH~QBFMl#$~Zd>R5Zz9twmGYWraocVbncz!o_CAVlEaN|RqvRH`*De;@xVz%| zFMs(wG;JS0Dck3_WW}x=P2}Kv&Ur;b5#7%SaxfBQRaL<*-$!exYvQz8_U z^4x_0BtHhm2#v=fjm;pFlnGLC&1gBIF|^^B>5n!%!HXY-!3v_Bm2sn)@}~ly_HmxV zSr~iTI*;+EUO!_1?K7SNpYbFQ<=k`6n_YU@rAYn9>o zABXmGL6{B)oRGK#AU^3i~otTUvvu?Y#Dx!XpDDX@j(ywu;)sYCTaAj zorx#=ez8{Ta45Hb|MpJKd=D+!!i|2D-)pY9c6N5@hEGWF^y)=BtJ%}a2TY9Fr=Ta$ zc|<`TwumK9lNj6d0wjLm;b#IHT<+n+?gRT|GkCYFV)AQ($c7ZMmPpWM5+G3GkNxMG zevN@o_yKvdRlLywJ{@B(hYPlCalp9R_I)wKB+J(L3v>O^6}n82oA1(_Nm4$$E!Nr9 z;(u(84(TWMfmik7V{DUr;2{&SO^gDuz1ZK;0z2ilQ-)|YnIt2H?Boz}!mgf}K3>ur z>5m<=0r`R4#n307c)aX}+{UA?d&|E)(r}-AC1kREsBHAkJAd3VQ*RgId*AzR$0D|E z2XK+TBMCbat^YA6$a6vgrdJ3>IOqKIZMU`X1fZA7NxYzPX05OU3r1%f`RQ6sFd)HS z5q#hgEX>vjSD+M}&0wsWI654h*m&B1?sK2(Ej;}=A%{cnaP7v0b`jaQ=m;7N)`75#*nlWZ3K=E>J|J?uhmyp zeduCf3{J8Y+|Xo&=IzFQCUn-`?RM{sqOIie`s;5r9$Q*__ntjFuM#fV;$tfrmA>@< z_{TrqZDaVxanFQBaMRCfj6MVdb?(DsY)6IM6#*0<+Gk~pSGKS!=vPAQ75Vro${|;Y z&+1KJyW8&bR*L{*wt{nplGx8{Z!R|=eytSwkE-jifwey`7>ESAHS4*_m*BRzx?v{p`V*nl+50G z`>oytmXBt9NFwUlX4|ok|IlM4PV(S`=;L?KR3iA|7r)qi`Em-6M#!8@J!d0V ztM{j$db;H*IVt>5qJc{?^1cV!j4x2SwvrW0(L)-f#CEOQ!%ipBeq~WfbT$nI@>QkSZ-Ezw<-Hv?lOt)-;OgtjvGi1uv zOiFA`(xs%;DzVXfSvGVh>74euZKP(v5 zIv?Nj7Xj5vCg)eckVwrg7!l+6!WX{KjM^45i)AzdZ3o9P1`KkNbIv(?E6H$nNmDS8 z6bV3ZBXkZV@evp!BYgGns*{8{qhKr0IWk%TvpVB!oYt6vJX$DB5F>av(d8&`q0fE6 zaeoerh6FB!JRE^>wVx_1{q;*ANSz?Tz`~msm;^ES1u=ojibL{)Q-T_JYV11dF9APS zD_3tk`e6YdBT>kQ@krX|oHO2dY`W&OB`FAC9NA<9-+~(X(5vz2=hL75bj#WViQ@|< zU;5IQI`P`}A$Rx$2jg-Afdt)jN+)pRKa;LigM%$5lyAv*-e1zZ^pZ<@tN-SkZ)!U@ z@BErfoPACwurtrx(_73B6;CF5CWPpwGqPlBwz}CFdg(K^a8o5!~(B`@+MU$Uh$lMC16PybU|+*jh0>jDYX7@pCZFq!z-roX)G@6t;zX?lM8 z)4MBqK3Z}(wR!NKz|ifCRwqa^I1bf9t+otIe>6x)f`#__3M>>PiE?blEm6Cl=Y+PS(26z=Dyh3Rdz3WL z3%9Y27rH{X0Av=em>IRQDlnk~ZITEc^g*-Y90=M#T^!$7=+Y)Z0SHp+U6UO?ywPbT zVRcHzjES7I^NhjFmJ|BAw+k*9&r-)14OF17KRhwyS6_W)ixxUGF#_6KVM&YxZqMHhCk@^KWpMb8^=dYLnvaD1qt=H_+C$l9`QmW`GikfFdBPXZV7vBYHa^ z6@8S3_5>!gNUJ-=EZa)J%Ffu%tw!SbNmPMc$AOfVL-Flgkar(F{RU?x1^i3kaKG}( z%WZ6u#@M2JtUt=)g(uF-kv&^8p}`kE;a99kta=zCL$!r$EWD!CQSdi=wAE(?8Xb^T zR(F|A<3$~LJ3*=>Vp zpucMVp+UcOjMcAv<&II060bzcd9N==w%uf_iSxRD z%BiRHtmTFqZfrv$AO^?D8I@VAl`3cA=p0BthUFO|MHo}!bB{7?WpZTwDC4%PMym966JhXJ_O>r-GgYY_j1wB^_B2OW1I@ zwjFH;fV`|o=z`pA;~R@E7gx25=P7|cSLQmkDnp0BeR0X{oO91{t7v|ulNDY$m1j8g zN1j#!pZ)A-+o`;Htlk^Cua^$Ih=C7VlJpL&qBtoX366q1`J*2ng1rfsdlCy7NM3AO z0wCvyAAYEl#;qT_b#{IAH7Oxi@-(ikTuIc*RGl}bO#m(~`TNZCBQ=>4IN>~9JA3mO!jVoRJLP@8 zGJ(bGqXp1qyO`bMg#&vW$wtKSo@|tT(kmOhwQS>p3ofkoulC0fy$Izoq{-`5S6$h$ z&f_<$VG}-Y8XH6Gvxp(XyYKd#{GNVc&71OMXTm5UYa2-&DVgQ1$z&Nj!l@GiVoY|XTO?V7Opyfb>_tML+l#|uH0)b5X2%7;3T!Ls4 z76D}?Az%trf|Gm3mXOfpo`50oaayY}xC99}1WXAWUdq!~y>SH`LB$HhY8p;7WVQ{^ zrp`F}=Dyhx`rt_r0?tEcR&}YTNPHMixvC}@r`9AyfU;7p2K~Yc8RElRbsX`^GAJ^| z2bp^Q!`M8B^=#Hw7Vs@To{M?q-Ag2rh>v3Vh>rw~RzZqP(WT%A?~z9mLU@oQ@QFWi z#k+d4B2Rop#_&m|_#C3#-aC7E+tva;pM z;cTzkn)L#O=a`bqZ++nljZG5t7Ok(wGmdX9%gPI0e9$Yq61>S8;2-U15b&Z?ZOB0% zJhK^iylg@DwotvOM7CM=Ytu=+#ure)*lIniCq&xVPV;SQ@JmknDroBur&YXX@FrsP z^h6~fI8CsC=lfm^;d5*|e9@Dnsm=>fzOgBEkT~7qFFxUO$^w<=+ZuS;jy%49`}cdr z?K6-6{L5eNvAt|%0s;6o`@*yKc<@#!U3j11wBn2XfcTQ61do_OmuMw#_C@w=QlfQ@ zHu{OowWAMxQVu7?uiF-XV{Ez~dh#fTPR={;{N~%F#Y<}R0({Q<*VP?QWM-kl*7y|p z;LANpmA=?FJ(#S}!?30Ca@^E+<9Aco={N7cUN4YQ;Jc8STLuHj{q+|;qSt- z0V`8>CL!V-&pt9Grm1`GxnH*K?dH(GIQYbqPxMFQT(c{-&hFThYl)Yxd~4UKr=HgJ z;skly<(krVq-16s^65nDtHw?|Vf;)U<2GC92iN6{1T*%*%dl%1&tbFy3=bl2jak() z2-{fw;z0EcXipFsbefz9Gl~M7&^27f)&?$4Okl2q&ry4Z+H}-4XVyl4<2cXQ3JCs; z?S3G%P27a!wXYhys03>n21-EUlT+b}V5 zU6hwj{j}Qnq7UsHB{=>CA3f1O{A_}4^baQ#E%?SCU>n+KJC$S+&|98#18iC63ltRN zu~~hr8ol9emw+tPqmxd5@WUTAFSc|)``OPl-TJHZ)_2=_{psW5K*sbK#9QNb8hkxy zS9mb&I8&2?J_nQ3)7*9gr)y8Qbc~ z_=~(TT=I)d@Tt9P^pG*0%%%frt6p33l}xk;bZH#p(X(;1rK>6bi{~lZz(MM-#_0OK zXJ@7KRB{r~;U)`U%zlBbR@WvRpZ(nD`i)rhnke?OwQ8du5cu^Mw1IXCTESLQV)Iq! zUJ@;O)Wv>4k5l;A@6gq7?0%W6u1r4Zg@dD2d#hKoZuDA33flM~LwaF#o%=r%dKkxN z!<51lNt-z;=arQvm)x4m#1vMEq+S?{<0lSPaEhS4T7hZ?*Z+hVE%vjApCv2aU z?K!Mu=stX0Zl0MMDCXuynY-YDqLZdss*Ixjg{#xaypqEuyPrxk3S{|wU30+9vwjPtHYDCSrRU*l zK>_G%ug)jVB_jx;06~H+1b?`lG5>e4D`zerLks)16ZEL2rv?~E)HimVKVzbE)Le`L zK$z`c8}#3KT(P;6*Y`1$XBk%mTAmYhyI}kxLg5INY%yr1Dv#UbqBh+ z>?^z-5PPWcQzNze&vq>-w9i>ODsF)`4;mFah(}6}05HeS!v*l%?!H(Ny@`&Zlm-CA zmTDTzAnQV%z1_$6!?u*MQ32Sqp|ATsYOBsHML}cp4rk|%wq=Kmc>k6Re$*eH#E8=~ zM01>QT>=a|+9EaTWr}c&WsGeHw*ikui+DwF+nk^g{S8|KPWguhkne#`&$Ff3mBNd?Atn>r zTeR3-D=uG#W>J%@L#6s^>teEU*U9508j@~NFE?&0Vj;p%avx{?mRqXnvvY_tYZ>WO zw*Y0~F31zRPpHySV^*b5H*RS)RT^JUnDmMJP<#Ek?3mGIV#{&9vO#)-@P;S6_+`4L zO{d$He#^I5y97;b2}hGg@f&9-$`S;d-iQ0$?IEaSo?5kG8O8A|lxru`9*p;#sU|0f z)kTEe+MLIq5|ydAH&2_k#N#JpJjBZrMfu#6WE?Rd(&7fCq#7f{yy!C*Xr(peI{DYT zX60Nvg5QEhUzOs-nmi=UR$i|RvR|0s zqKJfem$aCi)S(Y=j4b7rQ}n+$%Te7?%))@v*w5{?+=N4$FcjTU_A=K8p9jp4Z9aW{ zp17Waa1DZ4!2TSoov8qLjfzhT+a(q>?Ccm zJ=K-5F3jbV!_dV|S0B3zY!=@$mgh}N_J=WVgKM4*gT+H>5S~QNcH+4Ok0oO*0xz*fz*xie^QOLwpHZ?g-keR)0;(o-+ zJ`P6zsOXy<|1Y*FQ|~V&WtTx4rB8u0a1t681*+&QR|&5aDiu`B3wsY!4|;;HRe&F# zSt9KK&S?1`8WaWSowR?=T10ka@}lFsh=zjLwr8Jje$+ZgLZ#}_-ZKEsGrZ31yw;bc zRPJQuX5U45cr{LC#&^p$=f|6}zO=tv!SxPE2)+iabKj{dMHyfplqKy3DtYj6F zQ1!XB##$vL*|lhb`9oc=ajuu4Sl?A8#4Igl4a{0orXBjf3>~>U#(tW;Qp#~?`H668 z<8Bf5{{XtYw*UVp{1)oZF)ni&v?~Vj%RI4DHRmD!KYPWx*Q=_V5vGBP4w>=**>gVV K=1^ttcllqq{rQ;y literal 0 HcmV?d00001 diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 8eeb11bcc2..f12fe88286 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -56,6 +56,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s - [What is dmwappushsvc?](#what-is-dmwappushsvc) - **Change history in MDM documentation** + - [August 2019](#august-2019) - [July 2019](#july-2019) - [June 2019](#june-2019) - [May 2019](#may-2019) @@ -1891,6 +1892,12 @@ How do I turn if off? | The service can be stopped from the "Services" console o ## Change history in MDM documentation +### August 2019 + +|New or updated topic | Description| +|--- | ---| +|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include additional reference links and the following two topics:
    Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.| + ### July 2019 |New or updated topic | Description| diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 503cd5fa79..c7a8b5e2d7 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,7 @@ sections: text: "

    • MessageDate
    Microsoft Store users may encounter blank screens when clicking on certain buttons
    Some customers running the version of the Microsoft Store app released on July 29, 2019 may encounter a blank screen when selecting “Switch out of S mode,” “Get Genuine,” or some “Upgrade to [version]” OS upgrade options. We are working on the issue and expect to release a fix that should resolve the issue later this week.    		July 31, 2019
    02:00 PM PT
    Resolved August 1, 2019 16:00 PT: Microsoft Store users may encounter blank screens when clicking on certain buttons
    Some customers running the version of the Microsoft Store app released on July 29, 2019 encountered a blank screen when selecting “Switch out of S mode,” “Get Genuine,” or some “Upgrade to [version]” OS upgrade options. This issue has now been resolved and a new version of the Microsoft Store app has been released. Users who encountered this issue will need to update the Microsoft Store app on their device. If you are still encountering an issue, please see Fix problems with apps from Microsoft Store.
    		August 01, 2019
    02:00 PM PT
    Status update: Windows 10, version 1903 “D” release now available
    The optional monthly “D” release for Windows 10, version 1903 is now available. Follow @WindowsUpdate for the latest on the availability of this release.
    		July 26, 2019
    02:00 PM PT
    Plan for change: Microsoft Silverlight will reach end of support on October 12, 2021
    After this date, Silverlight will not receive any future quality or security updates. Microsoft will continue to ship updates to the Silverlight 5 Developer Runtime for supported browsers and versions (Internet Explorer 10 and Internet Explorer 11); however, please note that support for Internet Explorer 10 will end on 31 January 2020. See the Silverlight end of support FAQ for more details.
    		July 19, 2019
    12:00 AM PT
    Evolving Windows 10 servicing and quality
    Find out how we plan to further optimize the delivery of the next Windows 10 feature update for devices running Windows 10, version 1903. If you're a commercial customer, please see the Windows IT Pro Blog for more details on how to plan for this new update option in your environment.
    		July 01, 2019
    02:00 PM PT
    + diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 3535676cf8..08a7fe11e3 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -249,7 +249,7 @@ ##### [Manage updates and apply baselines]() ###### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) -###### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) +###### [Manage protection and security intelligence updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) ###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md) ###### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md) ###### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md index a5e5371afb..2ad4f2c528 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md @@ -49,7 +49,7 @@ The Microsoft Defender ATP service utilizes state of the art data protection tec There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Microsoft Defender ATP service, see [Azure encryption overview](https://docs.microsoft.com/azure/security/security-azure-encryption-overview). -In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) at the minimum. +In all scenarios, data is encrypted using 256-bit [AES encryption](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) at the minimum. ## Do I have the flexibility to select where to store my data? @@ -80,7 +80,7 @@ No. Customer data is isolated from other customers and is not shared. However, i You can choose the data retention policy for your data. This determines how long Window Defender ATP will store your data. There’s a flexibility of choosing in the range of 1 month to six months to meet your company’s regulatory compliance needs. **At contract termination or expiration**
    -Your data will be kept and will be available to you while the licence is under grace period or suspended mode. At the end of this period, that data will be erased from Microsoft’s systems to make it unrecoverable, no later than 180 days from contract termination or expiration. +Your data will be kept and will be available to you while the license is under grace period or suspended mode. At the end of this period, that data will be erased from Microsoft’s systems to make it unrecoverable, no later than 180 days from contract termination or expiration. ## Can Microsoft help us maintain regulatory compliance? diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md index c5b282a4f3..9b2eecd333 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md @@ -20,6 +20,8 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +[!include[Prerelease information](prerelease.md)] + Conducting a comprehensive security product evaluation can be a complex process requiring cumbersome environment and machine configuration before an end-to-end attack simulation can actually be done. Adding to the complexity is the challenge of tracking where the simulation activities, alerts, and results are reflected during the evaluation. The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md index 507fe16a4d..12be9cd0ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md @@ -23,6 +23,8 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +[!include[Prerelease information](prerelease.md)] + Learn how you can use Microsoft Defender ATP to expand the coverage of Windows Information Protection (WIP) to protect files based on their label, regardless of their origin. >[!TIP] diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index 354e205f5a..a18bcddf2c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -44,6 +44,7 @@ The following features are included in the preview release: - [Evaluation lab](evaluation-lab.md)
    The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action. + - [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016)
    You can now onboard Windows Server 2008 R2 SP1. - [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac)
    Microsoft Defender ATP for Mac brings the next-generation protection, and endpoint detection and response coverage to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md index 6d9853ffb9..805f9c697f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Apply Windows Defender Antivirus updates after certain events -description: Manage how Windows Defender Antivirus applies protection updates after startup or receiving cloud-delivered detection reports. +description: Manage how Windows Defender Antivirus applies security intelligence updates after startup or receiving cloud-delivered detection reports. keywords: updates, protection, force updates, events, startup, check for latest, notifications search.product: eADQiWindows 10XVcnh ms.pagetype: security @@ -32,7 +32,7 @@ You can use System Center Configuration Manager, Group Policy, PowerShell cmdlet 1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**) -2. Go to the **Scheduled scans** section and set **Check for the latest definition updates before running a scan** to **Yes**. +2. Go to the **Scheduled scans** section and set **Check for the latest security intelligence updates before running a scan** to **Yes**. 3. Click **OK**. @@ -99,9 +99,9 @@ You can also use Group Policy, PowerShell, or WMI to configure Windows Defender 3. Click **Policies** then **Administrative templates**. -4. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates**. +4. Expand the tree to **Windows components > Windows Defender Antivirus > Security Intelligence Updates**. -5. Double-click **Initiate definition update on startup** and set the option to **Enabled**. +5. Double-click **Initiate security intelligence update on startup** and set the option to **Enabled**. 6. Click **OK**. @@ -143,7 +143,7 @@ If you have enabled cloud-delivered protection, Windows Defender AV will send fi 3. Click **Policies** then **Administrative templates**. 4. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following: - 1. Double-click **Allow real-time definition updates based on reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**. + 1. Double-click **Allow real-time security intelligence updates based on reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**. 2. Double-click **Allow notifications to disable definitions based reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**. > [!NOTE] diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md index 4ef46be432..ca75fa1e6f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md @@ -36,10 +36,10 @@ If Windows Defender Antivirus did not download protection updates for a specifie 1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**) -2. Go to the **Definition updates** section and configure the following settings: +2. Go to the **Security intelligence updates** section and configure the following settings: - 1. Set **Force a definition update if the client computer is offline for more than two consecutive scheduled updates** to **Yes**. - 2. For the **If Configuration Manager is used as a source for definition updates...**, specify the hours before which the protection updates delivered by Configuration Manager should be considered out-of-date. This will cause the next update location to be used, based on the defined [fallback source order](manage-protection-updates-windows-defender-antivirus.md#fallback-order). + 1. Set **Force a security intelligence update if the client computer is offline for more than two consecutive scheduled updates** to **Yes**. + 2. For the **If Configuration Manager is used as a source for security intelligence updates...**, specify the hours before which the protection updates delivered by Configuration Manager should be considered out-of-date. This will cause the next update location to be used, based on the defined [fallback source order](manage-protection-updates-windows-defender-antivirus.md#fallback-order). 3. Click **OK**. @@ -55,7 +55,7 @@ If Windows Defender Antivirus did not download protection updates for a specifie 4. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates**. -5. Double-click the **Define the number of days after which a catch-up definition update is required** setting and set the option to **Enabled**. Enter the number of days after which you want Windows Defender AV to check for and download the latest protection update. +5. Double-click the **Define the number of days after which a catch-up security intelligence update is required** setting and set the option to **Enabled**. Enter the number of days after which you want Windows Defender AV to check for and download the latest protection update. 6. Click **OK**. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md index 48167c31af..146b92de6f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md @@ -37,13 +37,13 @@ You can also randomize the times when each endpoint checks and downloads protect 1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**) -2. Go to the **Definition updates** section. +2. Go to the **Security intelligence updates** section. 3. To check and download updates at a certain time: - 1. Set **Check for Endpoint Protection definitions at a specific interval...** to **0**. - 2. Set **Check for Endpoint Protection definitions daily at...** to the time when updates should be checked. + 1. Set **Check for Endpoint Protection security intelligence updates at a specific interval...** to **0**. + 2. Set **Check for Endpoint Protection security intelligence updates daily at...** to the time when updates should be checked. 3 -4. To check and download updates on a continual interval, Set **Check for Endpoint Protection definitions at a specific interval...** to the number of hours that should occur between updates. +4. To check and download updates on a continual interval, Set **Check for Endpoint Protection security intelligence updates at a specific interval...** to the number of hours that should occur between updates. 5. [Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers). @@ -60,9 +60,9 @@ You can also randomize the times when each endpoint checks and downloads protect 5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following settings: - 1. Double-click the **Specify the interval to check for definition updates** setting and set the option to **Enabled**. Enter the number of hours between updates. Click **OK**. - 2. Double-click the **Specify the day of the week to check for definition updates** setting and set the option to **Enabled**. Enter the day of the week to check for updates. Click **OK**. - 3. Double-click the **Specify the time to check for definition updates** setting and set the option to **Enabled**. Enter the time when updates should be checked. The time is based on the local time of the endpoint. Click **OK**. + 1. Double-click the **Specify the interval to check for security intelligence updates** setting and set the option to **Enabled**. Enter the number of hours between updates. Click **OK**. + 2. Double-click the **Specify the day of the week to check for security intelligence updates** setting and set the option to **Enabled**. Enter the day of the week to check for updates. Click **OK**. + 3. Double-click the **Specify the time to check for security intelligence updates** setting and set the option to **Enabled**. Enter the time when updates should be checked. The time is based on the local time of the endpoint. Click **OK**. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md index a76cb6ae4a..ee825e3d08 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md @@ -93,7 +93,7 @@ The procedures in this article first describe how to set the order, and then how 4. Expand the tree to **Windows components > Windows Defender > Signature updates** and configure the following settings: - 1. Double-click the **Define the order of sources for downloading definition updates** setting and set the option to **Enabled**. + 1. Double-click the **Define the order of sources for downloading security intelligence updates** setting and set the option to **Enabled**. 2. Enter the order of sources, separated by a single pipe, for example: `InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC`, as shown in the following screenshot. @@ -101,7 +101,7 @@ The procedures in this article first describe how to set the order, and then how 3. Click **OK**. This will set the order of protection update sources. - 4. Double-click the **Define file shares for downloading definition updates** setting and set the option to **Enabled**. + 4. Double-click the **Define file shares for downloading security intelligence updates** setting and set the option to **Enabled**. 5. Enter the file share source. If you have multiple sources, enter each source in the order they should be used, separated by a single pipe. Use [standard UNC notation](https://msdn.microsoft.com/library/gg465305.aspx) for denoting the path, for example: `\\host-name1\share-name\object-name|\\host-name2\share-name\object-name`. If you do not enter any paths then this source will be skipped when the VM downloads updates. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md index 342cc01fe5..179c55aac4 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md @@ -56,7 +56,7 @@ You can opt-in to Microsoft Update on the mobile device in one of the following 5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates**. -6. Double-click the **Allow definition updates from Microsoft Update** setting and set the option to **Enabled**. Click **OK**. +6. Double-click the **Allow security intelligence updates from Microsoft Update** setting and set the option to **Enabled**. Click **OK**. **Use a VBScript to opt-in to Microsoft Update** @@ -75,7 +75,7 @@ You can opt-in to Microsoft Update on the mobile device in one of the following You can configure Windows Defender Antivirus to only download protection updates when the PC is connected to a wired power source. -**Use Group Policy to prevent definition updates on battery power:** +**Use Group Policy to prevent security intelligence updates on battery power:** 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. @@ -85,7 +85,7 @@ You can configure Windows Defender Antivirus to only download protection updates 5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following setting: - 1. Double-click the **Allow definition updates when running on battery power** setting and set the option to **Disabled**. + 1. Double-click the **Allow security intelligence updates when running on battery power** setting and set the option to **Disabled**. 2. Click **OK**. This will prevent protection updates from downloading when the PC is on battery power. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 8d774b3037..a39cf22ad8 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -94,7 +94,7 @@ Important tasks, such as controlling product settings and triggering on-demand s |Protection |Do a quick scan |`mdatp --scan --quick` | |Protection |Do a full scan |`mdatp --scan --full` | |Protection |Cancel an ongoing on-demand scan |`mdatp --scan --cancel` | -|Protection |Request a definition update |`mdatp --definition-update` | +|Protection |Request a security intelligence update |`mdatp --definition-update` | ## Microsoft Defender ATP portal information diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index 52e8586de1..a371aaca96 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -1487,7 +1487,7 @@ Symbolic name: Message:     @@ -1498,12 +1498,12 @@ Description: + + + +
    MessageDate
    Advisory: Windows Kernel Information Disclosure Vulnerability (CVE-2019-1125)
    On July 9, 2019, Microsoft released a security update for a Windows kernel information disclosure vulnerability (CVE-2019-1125). Customers who have Windows Update enabled and have applied the security updates released on July 9, 2019 are protected automatically; no further configuration is necessary. For more information, see CVE-2019-1125 | Windows Kernel Information Disclosure Vulnerability in the Microsoft Security Update Guide. (Note: we are documenting this mitigation publicly today, instead of back in July, as part of a coordinated industry disclosure effort.)
    		August 06, 2019
    10:00 AM PT
    Resolved August 1, 2019 16:00 PT: Microsoft Store users may encounter blank screens when clicking on certain buttons
    Some customers running the version of the Microsoft Store app released on July 29, 2019 encountered a blank screen when selecting “Switch out of S mode,” “Get Genuine,” or some “Upgrade to [version]” OS upgrade options. This issue has now been resolved and a new version of the Microsoft Store app has been released. Users who encountered this issue will need to update the Microsoft Store app on their device. If you are still encountering an issue, please see Fix problems with apps from Microsoft Store.
    		August 01, 2019
    02:00 PM PT
    Status update: Windows 10, version 1903 “D” release now available
    The optional monthly “D” release for Windows 10, version 1903 is now available. Follow @WindowsUpdate for the latest on the availability of this release.
    		July 26, 2019
    02:00 PM PT
    Plan for change: Microsoft Silverlight will reach end of support on October 12, 2021
    After this date, Silverlight will not receive any future quality or security updates. Microsoft will continue to ship updates to the Silverlight 5 Developer Runtime for supported browsers and versions (Internet Explorer 10 and Internet Explorer 11); however, please note that support for Internet Explorer 10 will end on 31 January 2020. See the Silverlight end of support FAQ for more details.
    		July 19, 2019
    12:00 AM PT
    -The antimalware definition update failed. +The security intelligence update failed.
    Windows Defender Antivirus has encountered an error trying to update signatures.
    -
    New Signature Version: <New version number>
    -
    Previous Signature Version: <Previous signature version>
    +
    New security intelligence version: <New version number>
    +
    Previous security intelligence version: <Previous version>
    Update Source: <Update source>, for example:
      -
    • Signature update folder
      • -
    • Internal definition update server
      • +
    • Security intelligence update folder
      • +
    • Internal security intelligence update server
    • Microsoft Update Server
    • File share
    • Microsoft Malware Protection Center (MMPC)
      • diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md index 10f61826d3..b7114cd1fd 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md @@ -124,20 +124,20 @@ Scan | Specify the scan type to use for a scheduled scan | [Configure scheduled Scan | Specify the time for a daily quick scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) Scan | Specify the time of day to run a scheduled scan | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) Scan | Start the scheduled scan only when computer is on but not in use | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) -Security intelligence updates | Allow definition updates from Microsoft Update | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) -Security intelligence updates | Allow definition updates when running on battery power | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) +Security intelligence updates | Allow security intelligence updates from Microsoft Update | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) +Security intelligence updates | Allow security intelligence updates when running on battery power | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md) Security intelligence updates | Allow notifications to disable definitions based repots to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -Security intelligence updates | Allow real-time definition updates based on reports to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) +Security intelligence updates | Allow real-time security intelligence updates based on reports to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) Security intelligence updates | Check for the latest virus and spyware definitions on startup | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -Security intelligence updates | Define file shares for downloading definition updates | [Manage Windows Defender Antivirus protection and definition updates](manage-protection-updates-windows-defender-antivirus.md) -Security intelligence updates | Define the number of days after which a catch up definition update is required | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) +Security intelligence updates | Define file shares for downloading security intelligence updates | [Manage Windows Defender Antivirus protection and security intelligence updates](manage-protection-updates-windows-defender-antivirus.md) +Security intelligence updates | Define the number of days after which a catch up security intelligence update is required | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) Security intelligence updates | Define the number of days before spyware definitions are considered out of date | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) Security intelligence updates | Define the number of days before virus definitions are considered out of date | [Manage updates for endpoints that are out of date](manage-outdated-endpoints-windows-defender-antivirus.md) -Security intelligence updates | Define the order of sources for downloading definition updates | [Manage Windows Defender Antivirus protection and definition updates](manage-protection-updates-windows-defender-antivirus.md) -Security intelligence updates | Initiate definition update on startup | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) -Security intelligence updates | Specify the day of the week to check for definition updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) -Security intelligence updates | Specify the interval to check for definition updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) -Security intelligence updates | Specify the time to check for definition updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) +Security intelligence updates | Define the order of sources for downloading security intelligence updates | [Manage Windows Defender Antivirus protection and security intelligence updates](manage-protection-updates-windows-defender-antivirus.md) +Security intelligence updates | Initiate security intelligence update on startup | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md) +Security intelligence updates | Specify the day of the week to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) +Security intelligence updates | Specify the interval to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) +Security intelligence updates | Specify the time to check for security intelligence updates | [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) Security intelligence updates | Turn on scan after Security intelligence update | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md) Threats | Specify threat alert levels at which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) Threats | Specify threats upon which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index 35d9a97b4f..6333dad0ae 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -85,7 +85,7 @@ This section describes how to perform some of the most common tasks when reviewi 4. Click **Run a new advanced scan** to specify different types of scans, such as a full scan. -**Review the definition update version and download the latest updates in the Windows Security app** +**Review the security intelligence update version and download the latest updates in the Windows Security app** 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar). diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 1ecc5091b9..6f92fd0056 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -6,6 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium author: dansimp +audience: ITPro ms.date: 04/09/2019 ms.reviewer: manager: dansimp @@ -149,6 +150,11 @@ Pick the correct version of each .dll for the Windows release you plan to suppor + + + + + @@ -885,6 +891,10 @@ Pick the correct version of each .dll for the Windows release you plan to suppor + + + + @@ -1499,6 +1509,5 @@ Pick the correct version of each .dll for the Windows release you plan to suppor 0 - - ``` +```
      diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index 3029df4d23..7aa48ea40e 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -11,8 +11,9 @@ ms.pagetype: security ms.localizationpriority: medium author: levinec ms.author: ellevin -ms.date: 11/29/2018 -ms.reviewer: +audience: ITPro +ms.date: 08/05/2019 +ms.reviewer: v-maave manager: dansimp --- @@ -22,14 +23,17 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. -Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). +Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. It can be turned on via the Windows Security App, or from the System Center Configuration Manager (SCCM) and Intune, for managed devices. Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). -All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder. +Controlled folder access works by only allowing apps to access protected folders if the app is included on a list of trusted software. If an app isn't on the list, Controlled folder access will block it from making changes to files inside protected folders. -This is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage. +Apps are added to the trusted list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization, and that have never displayed any malicious behavior, are deemed trustworthy and automatically added to the list. -A notification will appear on the computer where the app attempted to make changes to a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. +Apps can also be manually added to the trusted list via SCCM and Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for the app, can be performed from the Security Center Console. + +Controlled folder access is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage. + +With Controlled folder access in place, a notification will appear on the computer where the app attempted to make changes to a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. The protected folders include common system folders, and you can [add additional folders](customize-controlled-folders-exploit-guard.md#protect-additional-folders). You can also [allow or whitelist apps](customize-controlled-folders-exploit-guard.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders. @@ -43,13 +47,13 @@ Controlled folder access requires enabling [Windows Defender Antivirus real-time ## Review controlled folder access events in the Microsoft Defender ATP Security Center -Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). +Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings would affect your environment if they were enabled. -Here is an example query +Here is an example query -``` +```PowerShell MiscEvents | where ActionType in ('ControlledFolderAccessViolationAudited','ControlledFolderAccessViolationBlocked') ``` @@ -60,15 +64,15 @@ You can review the Windows event log to see events that are created when control 1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *cfa-events.xml* to an easily accessible location on the machine. -2. Type **Event viewer** in the Start menu to open the Windows Event Viewer. +1. Type **Event viewer** in the Start menu to open the Windows Event Viewer. -3. On the left panel, under **Actions**, click **Import custom view...**. - -4. Navigate to where you extracted *cfa-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md). +1. On the left panel, under **Actions**, click **Import custom view...**. -4. Click **OK**. +1. Navigate to where you extracted *cfa-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md). -5. This will create a custom view that filters to only show the following events related to controlled folder access: +1. Click **OK**. + +1. This will create a custom view that filters to only show the following events related to controlled folder access: Event ID | Description -|- @@ -76,10 +80,9 @@ Event ID | Description 1124 | Audited controlled folder access event 1123 | Blocked controlled folder access event +## In this section - ## In this section - -Topic | Description +Topic | Description ---|--- [Evaluate controlled folder access](evaluate-controlled-folder-access.md) | Use a dedicated demo tool to see how controlled folder access works, and what events would typically be created. [Enable controlled folder access](enable-controlled-folders-exploit-guard.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage controlled folder access in your network From f8f330f20bdf267346bb56162e28e48aa022c577 Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Wed, 7 Aug 2019 14:14:51 -0700 Subject: [PATCH 05/53] Merge changes from master to live branch (#854) * Add Deprecated tag to 3 deprecated APIs * Status and description updates (#853) --- .../release-information/status-windows-10-1803.yml | 5 +++++ ...tatus-windows-10-1809-and-windows-server-2019.yml | 12 +++++++++++- .../release-information/status-windows-10-1903.yml | 2 +- windows/security/threat-protection/TOC.md | 6 +++--- .../get-ip-related-machines.md | 2 +- .../microsoft-defender-atp/is-domain-seen-in-org.md | 2 +- .../microsoft-defender-atp/is-ip-seen-org.md | 2 +- .../microsoft-defender-atp/oldTOC.md | 6 +++--- 8 files changed, 26 insertions(+), 11 deletions(-) diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index fccb71eca1..fe9a0bfd6c 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -20,6 +20,11 @@ sections: text: " Find information on known issues for Windows 10, version 1803. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s). + +
      Current status as of August 7, 2019:
      +
      Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running Windows 10, version 1803 to Windows 10, version 1903 (the May 2019 Update) starting July 16, 2019 to help ensure that these devices remain in a serviced and secure state. For more information, see the Windows 10, version 1903 section of the release information dashboard.
      +
      + " - items: diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index de3ecd7333..ef023a5f81 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -18,7 +18,7 @@ sections: - items: - type: markdown text: " - Find information on known issues and the status of the rollout for Windows 10, version 1809 and Windows Server 2019. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s). + Find information on known issues for Windows 10, version 1809 and Windows Server 2019. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s). +

      For nodes, other than CodeIntegrity, policy leaf data type is string. Supported operations are Get, Add, Delete, and Replace.

      +

      For CodeIntegrity/Policy, data type is Base64. Supported operations are Get, Add, Delete, and Replace.

      @@ -186,6 +172,8 @@ certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
      Current status:
      Windows 10, version 1809 is designated for broad deployment and available for any user who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel. @@ -65,6 +65,7 @@ sections: text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      + @@ -79,6 +80,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 17763.652

      July 22, 2019
      KB4505658      		Investigating
      		August 01, 2019
      06:12 PM PT
      Apps and scripts using the NetQueryDisplayInformation API may fail with error
      Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

      See details >      		OS Build 17763.55

      October 09, 2018
      KB4464330      		Investigating
      		August 01, 2019
      05:00 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Mitigated
      		July 10, 2019
      07:09 PM PT
      Startup to a black screen after installing updates
      Your device may startup to a black screen during the first logon after installing updates.

      See details >      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Mitigated
      		June 14, 2019
      04:41 PM PT
      Devices with some Asian language packs installed may receive an error
      After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F

      See details >      		OS Build 17763.437

      April 09, 2019
      KB4493509      		Mitigated
      		May 03, 2019
      10:59 AM PT
      + +
      DetailsOriginating updateStatusHistory
      Apps and scripts using the NetQueryDisplayInformation API may fail with error
       Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

      Affected platforms:
      • Server: Windows Server 2019; Windows Server 2016
      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 17763.55

      October 09, 2018
      KB4464330      		Investigating
      		Last updated:
      August 01, 2019
      05:00 PM PT

      Opened:
      August 01, 2019
      05:00 PM PT
      + " + - title: July 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index b2ca8f3142..2a401ac28f 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -18,7 +18,7 @@ sections: - items: - type: markdown text: " - Find information on known issues for Windows 10, version 1903 and Windows Server, version 1903. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s). + Find information on known issues and the status of the rollout for Windows 10, version 1903 and Windows Server, version 1903. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
      Current status as of July 16, 2019:
      diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 08a7fe11e3..cf6a9871cb 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -394,7 +394,7 @@ ####### [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md) ####### [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md) ####### [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md) -####### [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md) +####### [Is domain seen in organization (Deprecated)](microsoft-defender-atp/is-domain-seen-in-org.md) ###### [File]() ####### [File methods and properties](microsoft-defender-atp/files.md) @@ -405,9 +405,9 @@ ###### [IP]() ####### [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md) -####### [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md) +####### [Get IP related machines (Deprecated)](microsoft-defender-atp/get-ip-related-machines.md) ####### [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md) -####### [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md) +####### [Is IP seen in organization (Deprecated)](microsoft-defender-atp/is-ip-seen-org.md) ###### [User]() ####### [User methods](microsoft-defender-atp/user.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines.md index 2e00867ddd..c247c9aa81 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines.md @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get IP related machines API +# Get IP related machines API (Deprecated) **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/is-domain-seen-in-org.md b/windows/security/threat-protection/microsoft-defender-atp/is-domain-seen-in-org.md index 408e800158..38debbe291 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/is-domain-seen-in-org.md +++ b/windows/security/threat-protection/microsoft-defender-atp/is-domain-seen-in-org.md @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Was domain seen in org +# Was domain seen in org (Deprecated) **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/is-ip-seen-org.md b/windows/security/threat-protection/microsoft-defender-atp/is-ip-seen-org.md index 3239831649..f112796be2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/is-ip-seen-org.md +++ b/windows/security/threat-protection/microsoft-defender-atp/is-ip-seen-org.md @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Was IP seen in org +# Was IP seen in org (Deprecated) **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md index 35d03646ca..48dac8442f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md +++ b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md @@ -392,7 +392,7 @@ ####### [Get domain related alerts](get-domain-related-alerts.md) ####### [Get domain related machines](get-domain-related-machines.md) ####### [Get domain statistics](get-domain-statistics.md) -####### [Is domain seen in organization](is-domain-seen-in-org.md) +####### [Is domain seen in organization (Deprecated)](is-domain-seen-in-org.md) ###### [File]() ####### [Methods and properties](files.md) @@ -403,9 +403,9 @@ ###### [IP]() ####### [Get IP related alerts](get-ip-related-alerts.md) -####### [Get IP related machines](get-ip-related-machines.md) +####### [Get IP related machines (Deprecated)](get-ip-related-machines.md) ####### [Get IP statistics](get-ip-statistics.md) -####### [Is IP seen in organization](is-ip-seen-org.md) +####### [Is IP seen in organization (Deprecated)](is-ip-seen-org.md) ###### [User]() ####### [Methods](user.md) From d30776d66a23d147d1a59f5f4aa4a44ba2d43c9d Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 8 Aug 2019 14:57:17 -0700 Subject: [PATCH 06/53] v 1.6 --- windows/deployment/upgrade/setupdiag.md | 1062 ++++++++++++----------- 1 file changed, 538 insertions(+), 524 deletions(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index c9dc96d32e..78a75cc04e 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -1,524 +1,538 @@ ---- -title: SetupDiag -ms.reviewer: -manager: laurawi -ms.author: greglin -description: How to use the SetupDiag tool to diagnose Windows Setup errors -keywords: deploy, troubleshoot, windows, 10, upgrade, update, setup, diagnose -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.topic: article ---- - -# SetupDiag - -**Applies to** -- Windows 10 - ->[!NOTE] ->This is a 300 level topic (moderate advanced).
      ->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
      - - [![Download SetupDiag](../images/download.png)](https://go.microsoft.com/fwlink/?linkid=870142) - -## About SetupDiag - -Current version of SetupDiag: 1.5.0.0 - -SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. - -SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode. - -To quickly use SetupDiag on your current computer: -1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137). -2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142). -3. If your web browser asks what to do with the file, choose **Save**. By default, the file will be saved to your **Downloads** folder. You can also save it to a different location if desired by using **Save As**. -4. When SetupDiag has finished downloading, open the folder where you downloaded the file. As mentioned above, by default this is your **Downloads** folder which is displayed in File Explorer under **Quick access** in the left navigation pane. -5. Double-click the **SetupDiag** file to run it. Click **Yes** if you are asked to approve running the program. - - Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. You will need to change directories to the location of SetupDiag to run it this way. -6. A command window will open while SetupDiag diagnoses your computer. Wait for this to finish. -7. When SetupDiag finishes, two files will be created in the same folder where you double-clicked SetupDiag. One is a configuration file, the other is a log file. -8. Use Notepad to open the log file: **SetupDiagResults.log**. -9. Review the information that is displayed. If a rule was matched this can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below. - -For instructions on how to run the tool in offline mode and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below. - -The [Release notes](#release-notes) section at the bottom of this topic has information about recent updates to this tool. - -## Requirements - -1. The destination OS must be Windows 10. -2. [.NET Framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137) must be installed. If you are not sure what version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](https://docs.microsoft.com/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed). You can also use the following command-line query to display the installed v4 versions: - - ``` - reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s - ``` - -## Parameters - -| Parameter | Description | -| --- | --- | -| /? |
      • Displays interactive help
      | -| /Output:\ |
      • This optional parameter enables you to specify the output file for results. This is where you will find what SetupDiag was able to determine. Only text format output is supported. UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path. If the path has a space in it, you must enclose the entire path in double quotes (see the example section below).
      • Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same directory where SetupDiag.exe is run.
      | -| /LogsPath:\ |
      • This optional parameter tells SetupDiag.exe where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag will recursively search all child directories.
      | -| /ZipLogs:\ |
      • This optional parameter tells SetupDiag.exe to create a zip file containing the results and all the log files it parsed. The zip file is created in the same directory where SetupDiag.exe is run.
      • Default: If not specified, a value of 'true' is used.
      | -| /Format:\ |
      • This optional parameter can be used to output log files in xml or JSON format. If this parameter is not specified, text format is used by default.
      | -| /Scenario:\[Recovery\] |
      • This optional parameter instructs SetupDiag.exe to look for and process reset and recovery logs and ignore setup/upgrade logs.
      | -| /Verbose |
      • This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.
      | -| /NoTel |
      • This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.
      | -| /AddReg |
      • This optional parameter instructs SetupDiag.exe to add failure information to the registry in offline mode. By default, SetupDiag will add failure information to the registry in online mode only. Registry data is added to the following location on the system where SetupDiag is run: **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**.
      | - -Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag. -- In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0 when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter is not needed. - -### Examples: - -In the following example, SetupDiag is run with default parameters (online mode, results file is SetupDiagResults.log in the same folder where SetupDiag is run). - -``` -SetupDiag.exe -``` - -In the following example, SetupDiag is run in online mode (this is the default). It will know where to look for logs on the current (failing) system, so there is no need to gather logs ahead of time. A custom location for results is specified. - -``` -SetupDiag.exe /Output:C:\SetupDiag\Results.log -``` - -The following example uses the /Output parameter to save results to a path name that contains a space: - -``` -SetupDiag /Output:"C:\Tools\SetupDiag\SetupDiag Results\Results.log" -``` - -The following example specifies that SetupDiag is to run in offline mode, and to process the log files found in **D:\Temp\Logs\LogSet1**. - -``` -SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1 -``` - -The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the resuts to the directory specified by the /Output parameter. - -``` -SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery -``` - -The following example sets recovery scenario in online mode. In the example, SetupDiag will search for reset/recovery logs on the current system and output results in XML format. - -``` -SetupDiag.exe /Scenario:Recovery /Format:xml -``` - - -## Log files - -[Windows Setup Log Files and Event Logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, you should run SetupDiag against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to your offline location: - -\\$Windows.~bt\sources\panther -
      \\$Windows.~bt\Sources\Rollback -
      \Windows\Panther -
      \Windows\Panther\NewOS - -If you copy the parent folder and all sub-folders, SetupDiag will automatically search for log files in all subdirectories. - -## Setup bug check analysis - -When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. It is also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error. - -If crash dumps [are enabled](https://docs.microsoft.com/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup will extract a minidump (setupmem.dmp) file. SetupDiag can also debug these setup related minidumps. - -To debug a setup related bug check, you must: -- Specify the **/LogsPath** parameter. You cannot debug memory dumps in online mode. -- Gather the setup memory dump file (setupmem.dmp) from the failing system. - - Setupmem.dmp will be created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs. -- Install the [Windows Debugging Tools](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-tools) on the computer that runs SetupDiag. - -In the following example, the **setupmem.dmp** file is copied to the **D:\Dump** directory and the Windows Debugging Tools are installed prior to running SetupDiag: - -``` -SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /LogsPath:D:\Dump -``` - -## Known issues - -1. Some rules can take a long time to process if the log files involved are large. -2. If the failing computer is opted into the Insider program and getting regular pre-release updates, or an update is already pending on the computer when SetupDiag is run, it can encounter problems trying to open these log files. This will likely cause a failure to determine a root cause. In this case, try gathering the log files and running SetupDiag in offline mode. - - -## Sample output - -The following is an example where SetupDiag is run in offline mode. - -``` -D:\SetupDiag>SetupDiag.exe /output:c:\setupdiag\result.xml /logspath:D:\Tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e /format:xml - -SetupDiag v1.5.0.0 -Copyright (c) Microsoft Corporation. All rights reserved. - -Searching for setup logs... -Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_6.log with update date 6/12/2019 2:44:20 PM to be the correct setup log. -Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_1.log with update date 6/12/2019 2:45:19 PM to be the correct rollback log. - -Gathering baseline information from setup logs... - -SetupDiag: processing rule: CompatScanOnly. -...No match. - -... - -SetupDiag: processing rule: DISMImageSessionFailure. -.. -Error: SetupDiag reports DISM provider failure. -Last Phase: Safe OS -Last Operation: Apply Optional Component status -Message = Failed to get the IDismImage instance from the image session -Function: CDISMManager::CloseImageSession -Error: 0x800706ba -Recommend you re-download the update source files, reboot and try the update again. - -SetupDiag found 1 matching issue. - -SetupDiag results were logged to: c:\setupdiag\results.xml -Logs ZipFile created at: c:\setupdiag\Logs_14.zip - -``` - -## Rules - -When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file which is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. See [Release notes](#release-notes) for more information. - -Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term "down-level" refers to the first phase of the upgrade process, which runs under the starting OS. - -1. CompatScanOnly - FFDAFD37-DB75-498A-A893-472D49A1311D - - This rule indicates that setup.exe was called with a specific command line parameter that indicated setup was to do a compat scan only, not an upgrade. -2. BitLockerHardblock - C30152E2-938E-44B8-915B-D1181BA635AE - - This is a block when the target OS does not support BitLocker, yet the host OS has BitLocker enabled. -3. VHDHardblock - D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC - - This block happens when the host OS is booted to a VHD image. Upgrade is not supported when the host OS is booted from a VHD image. -4. PortableWorkspaceHardblock - 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280 - - This indicates that the host OS is booted from a Windows To-Go device (USB key). Upgrade is not supported in the Windows To-Go environment. -5. AuditModeHardblock - A03BD71B-487B-4ACA-83A0-735B0F3F1A90 - - This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state. Upgrade is not supported from this state. -6. SafeModeHardblock - 404D9523-B7A8-4203-90AF-5FBB05B6579B - - This block indicates that the host OS is booted to Safe Mode, where upgrade is not supported. -7. InsufficientSystemPartitionDiskSpaceHardblock - 3789FBF8-E177-437D-B1E3-D38B4C4269D1 - - This block is encountered when setup determines the system partition (where the boot loader files are stored) does not have enough space to be serviced with the newer boot files required during the upgrade process. -8. CompatBlockedApplicationAutoUninstall – BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5 - - This rule indicates there is an application that needs to be uninstalled before setup can continue. -9. CompatBlockedApplicationDismissable - EA52620B-E6A0-4BBC-882E-0686605736D9 - - When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies “/compat /ignore warning”. This rule indicates setup was executed in /quiet mode but there is an application dismissible block message that have prevented setup from continuing. -10. CompatBlockedApplicationManualUninstall - 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4 - - This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This typically requires manual removal of the files associated with this application to continue. -11. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B - - This indicates a device driver that is loaded on the host OS is not compatible with the newer OS version and needs to be removed prior to the upgrade. -12. HardblockMismatchedLanguage - 60BA8449-CF23-4D92-A108-D6FCEFB95B45 - - This rule indicates the host OS and the target OS language editions do not match. -13. HardblockFlightSigning - 598F2802-3E7F-4697-BD18-7A6371C8B2F8 - - This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled. This will block the pre-release signed build from booting if installed on the machine. -14. DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E - - This failure indicates the system ran out of disk space during the down-level operations of upgrade. -15. DiskSpaceFailure - 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191 - - This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade. -16. DeviceInstallHang - 37BB1C3A-4D79-40E8-A556-FDA126D40BC6 - - This failure rule indicates the system hung or bug checked during the device installation phase of upgrade. -17. DebugSetupMemoryDump - C7C63D8A-C5F6-4255-8031-74597773C3C6 - - This offline only rule indicates a bug check occurred during setup. If the debugger tools are available on the system, SetupDiag will debug the memory dump and provide details. -18. DebugSetupCrash - CEEBA202-6F04-4BC3-84B8-7B99AED924B1 - - This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details. -19. DebugMemoryDump - 505ED489-329A-43F5-B467-FCAAF6A1264C - - This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details. -20. BootFailureDetected - 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7 - - This rule indicates a boot failure occurred during a specific phase of the update. The rule will indicate the failure code and phase for diagnostic purposes. -21. FindDebugInfoFromRollbackLog - 9600EB68-1120-4A87-9FE9-3A4A70ACFC37 - - This rule will determine and give details when a bug check occurs during the setup/upgrade process that resulted in a memory dump, but without the requirement of the debugger package being on the executing machine. -22. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC - - Finds fatal advanced installer operations that cause setup failures. -23. FindMigApplyUnitFailure - A4232E11-4043-4A37-9BF4-5901C46FD781 - - Detects a migration unit failure that caused the update to fail. This rule will output the name of the migration plug-in as well as the error code it produced for diagnostic purposes. -24. FindMigGatherUnitFailure - D04C064B-CD77-4E64-96D6-D26F30B4EE29 - - Detects a migration gather unit failure that caused the update to fail. This rule will output the name of the gather unit/plug-in as well as the error code it produced for diagnostic purposes. -25. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043 - - This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It will indicate the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes. -26. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14 - - Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It will indicate the operation and error code associated with the failure for diagnostic purposes. -27. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549 - - This rule indicates the update failed to mount a wim file. It will show the name of the wim file as well as the error message and error code associated with the failure for diagnostic purposes. -28. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E - - Determines if the given setup was a success or not based off the logs. -29. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC - - Gives information about failures surfaced early in the upgrade process by setuphost.exe -30. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55 - - Gives failure information surfaced by SetupPlatform, later in the down-level phase. -31. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD - - Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly. -32. FindSetupPlatformFailedOperationInfo - 307A0133-F06B-4B75-AEA8-116C3B53C2D1 - - Gives last phase and error information when SetupPlatform indicates a critical failure. This rule will indicate the operation and error associated with the failure for diagnostic purposes. -33. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48 - - Gives last operation, failure phase and error information when a rollback occurs. -34. AdvancedInstallerGenericFailure – 4019550D-4CAA-45B0-A222-349C48E86F71 - - A rule to match AdvancedInstaller read/write failures in a generic sense. Will output the executable being called as well as the error code and exit code reported. -35. OptionalComponentFailedToGetOCsFromPackage – D012E2A2-99D8-4A8C-BBB2-088B92083D78 (NOTE: This rule replaces the OptionalComponentInstallFailure rule present in v1.10. - - This matches a specific Optional Component failure when attempting to enumerate components in a package. Will output the package name and error code. -36. OptionalComponentOpenPackageFailed – 22952520-EC89-4FBD-94E0-B67DF88347F6 - - Matches a specific Optional Component failure when attempting to open an OC package. Will output the package name and error code. -37. OptionalComponentInitCBSSessionFailed – 63340812-9252-45F3-A0F2-B2A4CA5E9317 - - Matches a specific failure where the advanced installer service or components aren’t operating or started on the system. Will output the error code. -38. UserProfileCreationFailureDuringFinalize – C6677BA6-2E53-4A88-B528-336D15ED1A64 - - Matches a specific User Profile creation error during the finalize phase of setup. Will output the failure code. -39. WimApplyExtractFailure – 746879E9-C9C5-488C-8D4B-0C811FF3A9A8 - - Matches a wim apply failure during wim extraction phases of setup. Will output the extension, path and error code. -40. UpdateAgentExpanderFailure – 66E496B3-7D19-47FA-B19B-4040B9FD17E2 - - Matches DPX expander failures in the down-level phase of update from WU. Will output the package name, function, expression and error code. -41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636 - - Matches any plug-in failure that setupplatform decides is fatal to setup. Will output the plugin name, operation and error code. -42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC - - Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes. -43. MigrationAbortedDueToPluginFailure - D07A24F6-5B25-474E-B516-A730085940C9 - - Indicates a critical failure in a migration plugin that causes setup to abort the migration. Will provide the setup operation, plug-in name, plug-in action and error code. -44. DISMAddPackageFailed - 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9 - - Indicates a critical failure during a DISM add package operation. Will specify the Package Name, DISM error and add package error code. -45. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960 - - Detects all compat blocks from Server compliance plug-ins. Outputs the block information and remediation. -46. AdvancedInstallerGenericFailure - 4019550D-4CAA-45B0-A222-349C48E86F71 - - Triggers on advanced installer failures in a generic sense, outputting the application called, phase, mode, component and error code. -47. FindMigGatherApplyFailure - A9964E6C-A2A8-45FF-B6B5-25E0BD71428E - - Shows errors when the migration Engine fails out on a gather or apply operation. Indicates the Migration Object (file or registry path), the Migration -48. OptionalComponentFailedToGetOCsFromPackage - D012E2A2-99D8-4A8C-BBB2-088B92083D78 - - Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package. Outputs the package name and error code. -49. OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6 - - Indicates the optional component migration operation failed to open an optional component Package. Outputs the package name and error code. -50. OptionalComponentInitCBSSessionFailed - 63340812-9252-45F3-A0F2-B2A4CA5E9317 - - Indicates corruption in the servicing stack on the down-level system. Outputs the error code encountered while trying to initialize the servicing component on the existing OS. -51. DISMproviderFailure - D76EF86F-B3F8-433F-9EBF-B4411F8141F4 - - Triggers when a DISM provider (plug-in) fails in a critical operation. Outputs the file (plug-in name), function called + error code, and error message from the provider. -52. SysPrepLaunchModuleFailure - 7905655C-F295-45F7-8873-81D6F9149BFD - - Indicates a sysPrep plug-in has failed in a critical operation. Indicates the plug-in name, operation name and error code. -53. UserProvidedDriverInjectionFailure - 2247C48A-7EE3-4037-AFAB-95B92DE1D980 - - A driver provided to setup (via command line input) has failed in some way. Outputs the driver install function and error code. -54. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960 - - These are for server upgrades only, will output the compliance block and remediation required. -55. PreReleaseWimMountDriverFound - 31EC76CC-27EC-4ADC-9869-66AABEDB56F0 - - Captures failures due to having an unrecognized wimmount.sys driver registered on the system. -56. WinSetupBootFilterFailure - C073BFC8-5810-4E19-B53B-4280B79E096C - - Detects failures in the kernel mode file operations. -57. WimMountDriverIssue - 565B60DD-5403-4797-AE3E-BC5CB972FBAE - - Detects failures in WimMount.sys registration on the system. -58. DISMImageSessionFailure - 61B7886B-10CD-4C98-A299-B987CB24A11C - - Captures failure information when DISM fails to start an image session successfully. -59. FindEarlyDownlevelError - A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52 - - Detects failures in down-level phase before setup platform is invoked. -60. FindSPFatalError - A4028172-1B09-48F8-AD3B-86CDD7D55852 - - Captures failure information when setup platform encounters a fatal error. - - -## Release notes - -06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center. - - All date and time outputs are updated to localized format per user request. - - Added setup Operation and Phase information to /verbose log. - - Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below). - - Performance improvement in searching setupact.logs to determine correct log to parse. - - Added SetupDiag version number to text report (xml and json always had it). - - Added "no match" reports for xml and json per user request. - - Formatted Json output for easy readability. - - Performance improvements when searching for setup logs; this should be much faster now. - - Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information. - - Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** - - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode. - - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date. - - This registry key also gets deleted when a new update instance is invoked. - - For an example, see [Sample registry key](#sample-registry-key). - -05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center. - - This release dds the ability to find and diagnose reset and recovery failures (Push Button Reset). - -12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center. - - This release includes major improvements in rule processing performance: ~3x faster rule processing performance! - - The FindDownlevelFailure rule is up to 10x faster. - - New rules have been added to analyze failures upgrading to Windows 10 version 1809. - - A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure. - - Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode. - - Some functional and output improvements were made for several rules. - -07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center. - - This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed. - -07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center. - - Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues. - - New feature: Ability to output logs in JSON and XML format. - - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic. - - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text. - - New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive. - - 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed. - -05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center. - - Fixed a bug in device install failure detection in online mode. - - Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost. - - Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing. - -05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center. - - A performance enhancment has been added to result in faster rule processing. - - Rules output now includes links to support articles, if applicable. - - SetupDiag now provides the path and name of files that it is processing. - - You can now run SetupDiag by simply clicking on it and then examining the output log file. - - An output log file is now always created, whether or not a rule was matched. - -03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center. - -## Sample logs - -### Text log sample - -``` -Matching Profile found: OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6 -System Information: - Machine Name = Offline - Manufacturer = MSI - Model = MS-7998 - HostOSArchitecture = x64 - FirmwareType = PCAT - BiosReleaseDate = 20160727000000.000000+000 - BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70 - BiosVersion = 1.70 - HostOSVersion = 10.0.15063 - HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834 - TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534) - HostOSLanguageId = 2057 - HostOSEdition = Core - RegisteredAV = Windows Defender, - FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo, - UpgradeStartTime = 3/21/2018 9:47:16 PM - UpgradeEndTime = 3/21/2018 10:02:40 PM - UpgradeElapsedTime = 00:15:24 - ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde - -Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F -Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again. Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again. -Error: SetupDiag reports down-level failure, Operation: Finalize, Error: 0x8007001F - 0x50015 -Refer to https://docs.microsoft.com/windows/deployment/upgrade/upgrade-error-codes for error information. -``` - -### XML log sample - -```xml - - - 1.5.0.0 - FindSPFatalError - A4028172-1B09-48F8-AD3B-86CDD7D55852 - - Offline - Gigabyte Technology Co., Ltd. - X470 AORUS ULTRA GAMING - 1033 - UEFI - 20180808000000.000000+000 - F3 - - 10.0.18908 - 18908.1000.amd64fre.rs_prerelease.190524-1658 - 10.0.18912.1001 (rs_prerelease.190601-1739) - - Professional - Windows Defender - - 2019-06-06T21:19:10 - - 2019-06-06T22:21:49 - 0001-01-01T00:00:00 - 0001-01-01T00:00:00 - - 0001-01-01T00:00:00 - 0001-01-01T00:00:00 - - Offline - MgUweCZk90KdwUiZ - F21F8FB6-00FD-4349-84FB-2AC75F389E73 - F21F8FB6-00FD-4349-84FB-2AC75F389E73 - - 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] - -Error: SetupDiag reports Fatal Error. -Last Setup Phase = Downlevel -Last Setup Operation: Gather data, scope: EVERYTHING -Error: 0x00000057 - LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] - LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] - -Refer to "https://docs.microsoft.com/windows/desktop/Debug/system-error-codes" for error information. - Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel - -``` - -### JSON log sample - -``` -{ - "Version":"1.5.0.0", - "ProfileName":"FindSPFatalError", - "ProfileGuid":"A4028172-1B09-48F8-AD3B-86CDD7D55852", - "SystemInfo":{ - "BiosReleaseDate":"20180808000000.000000+000", - "BiosVendor":"F3", - "BiosVersion":"F3", - "CV":"MgUweCZk90KdwUiZ", - "CommercialId":"Offline", - "FilterDrivers":"", - "FinalizeStartTime":"\/Date(-62135568000000-0800)\/", - "FirmwareType":"UEFI", - "HostOSArchitecture":"x64", - "HostOSBuildString":"18908.1000.amd64fre.rs_prerelease.190524-1658", - "HostOSEdition":"Professional", - "HostOSLanguageId":"", - "HostOSVersion":"", - "MachineName":"Offline", - "Manufacturer":"Gigabyte Technology Co., Ltd.", - "Model":"X470 AORUS ULTRA GAMING", - "PostOOBESuccessTime":"\/Date(-62135568000000-0800)\/", - "RegisteredAV":"Windows Defender", - "ReportId":"F21F8FB6-00FD-4349-84FB-2AC75F389E73", - "RollbackElapsedTime":"PT0S", - "RollbackEndTime":"\/Date(-62135568000000-0800)\/", - "RollbackStartTime":"\/Date(-62135568000000-0800)\/", - "SetupReportId":"F21F8FB6-00FD-4349-84FB-2AC75F389E73", - "TargetOSArchitecture":null, - "TargetOSBuildString":"10.0.18912.1001 (rs_prerelease.190601-1739)", - "TotalOfflineTime":"PT0S", - "UpgradeElapsedTime":"PT1H2M39S", - "UpgradeEndTime":"\/Date(1559884909000-0700)\/", - "UpgradeStartTime":"\/Date(1559881150000-0700)\/" - }, - "LogErrorLine":"2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ - gle=0x00000057 - ]", - "FailureData":[ - "\u000aError: SetupDiag reports Fatal Error.\u000aLast Setup Phase = Downlevel\u000aLast Setup Operation: Gather data, scope: EVERYTHING\u000aError: 0x00000057", - "LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ - gle=0x00000057 - ]", - "LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ - gle=0x00000057 - ]", - "\u000aRefer to \"https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/Debug\/system-error-codes\" for error information." - ], - "FailureDetails":"Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel", - "DeviceDriverInfo":null, - "Remediation":[ - - ], - "SetupPhaseInfo":null, - "SetupOperationInfo":null -} -``` - -## Sample registry key - -![Addreg](./../images/addreg.png) - -## Related topics - -[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/windows/deployment/upgrade/resolve-windows-10-upgrade-errors) +--- +title: SetupDiag +ms.reviewer: +manager: laurawi +ms.author: greglin +description: How to use the SetupDiag tool to diagnose Windows Setup errors +keywords: deploy, troubleshoot, windows, 10, upgrade, update, setup, diagnose +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.topic: article +--- + +# SetupDiag + +**Applies to** +- Windows 10 + +>[!NOTE] +>This is a 300 level topic (moderate advanced).
      +>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
      + + [![Download SetupDiag](../images/download.png)](https://go.microsoft.com/fwlink/?linkid=870142) + +## About SetupDiag + +Current version of SetupDiag: 1.6.0.0 + +SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. + +SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode. + +To quickly use SetupDiag on your current computer: +1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137). +2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142). +3. If your web browser asks what to do with the file, choose **Save**. By default, the file will be saved to your **Downloads** folder. You can also save it to a different location if desired by using **Save As**. +4. When SetupDiag has finished downloading, open the folder where you downloaded the file. As mentioned above, by default this is your **Downloads** folder which is displayed in File Explorer under **Quick access** in the left navigation pane. +5. Double-click the **SetupDiag** file to run it. Click **Yes** if you are asked to approve running the program. + - Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. You will need to change directories to the location of SetupDiag to run it this way. +6. A command window will open while SetupDiag diagnoses your computer. Wait for this to finish. +7. When SetupDiag finishes, two files will be created in the same folder where you double-clicked SetupDiag. One is a configuration file, the other is a log file. +8. Use Notepad to open the log file: **SetupDiagResults.log**. +9. Review the information that is displayed. If a rule was matched this can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below. + +For instructions on how to run the tool in offline mode and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below. + +The [Release notes](#release-notes) section at the bottom of this topic has information about recent updates to this tool. + +## Requirements + +1. The destination OS must be Windows 10. +2. [.NET Framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137) must be installed. If you are not sure what version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](https://docs.microsoft.com/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed). You can also use the following command-line query to display the installed v4 versions: + + ``` + reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s + ``` + +## Parameters + +| Parameter | Description | +| --- | --- | +| /? |
      • Displays interactive help
      | +| /Output:\ |
      • This optional parameter enables you to specify the output file for results. This is where you will find what SetupDiag was able to determine. Only text format output is supported. UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path. If the path has a space in it, you must enclose the entire path in double quotes (see the example section below).
      • Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same directory where SetupDiag.exe is run.
      | +| /LogsPath:\ |
      • This optional parameter tells SetupDiag.exe where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag will recursively search all child directories.
      | +| /ZipLogs:\ |
      • This optional parameter tells SetupDiag.exe to create a zip file containing the results and all the log files it parsed. The zip file is created in the same directory where SetupDiag.exe is run.
      • Default: If not specified, a value of 'true' is used.
      | +| /Format:\ |
      • This optional parameter can be used to output log files in xml or JSON format. If this parameter is not specified, text format is used by default.
      | +| /Scenario:\[Recovery\] |
      • This optional parameter instructs SetupDiag.exe to look for and process reset and recovery logs and ignore setup/upgrade logs.
      | +| /Verbose |
      • This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.
      | +| /NoTel |
      • This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.
      | +| /AddReg |
      • This optional parameter instructs SetupDiag.exe to add failure information to the registry in offline mode. By default, SetupDiag will add failure information to the registry in online mode only. Registry data is added to the following location on the system where SetupDiag is run: **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**.
      | + +Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag. +- In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0 when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter is not needed. + +### Examples: + +In the following example, SetupDiag is run with default parameters (online mode, results file is SetupDiagResults.log in the same folder where SetupDiag is run). + +``` +SetupDiag.exe +``` + +In the following example, SetupDiag is run in online mode (this is the default). It will know where to look for logs on the current (failing) system, so there is no need to gather logs ahead of time. A custom location for results is specified. + +``` +SetupDiag.exe /Output:C:\SetupDiag\Results.log +``` + +The following example uses the /Output parameter to save results to a path name that contains a space: + +``` +SetupDiag /Output:"C:\Tools\SetupDiag\SetupDiag Results\Results.log" +``` + +The following example specifies that SetupDiag is to run in offline mode, and to process the log files found in **D:\Temp\Logs\LogSet1**. + +``` +SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1 +``` + +The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the resuts to the directory specified by the /Output parameter. + +``` +SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery +``` + +The following example sets recovery scenario in online mode. In the example, SetupDiag will search for reset/recovery logs on the current system and output results in XML format. + +``` +SetupDiag.exe /Scenario:Recovery /Format:xml +``` + + +## Log files + +[Windows Setup Log Files and Event Logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, you should run SetupDiag against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to your offline location: + +\\$Windows.~bt\sources\panther +
      \\$Windows.~bt\Sources\Rollback +
      \Windows\Panther +
      \Windows\Panther\NewOS + +If you copy the parent folder and all sub-folders, SetupDiag will automatically search for log files in all subdirectories. + +## Setup bug check analysis + +When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. It is also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error. + +If crash dumps [are enabled](https://docs.microsoft.com/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup will extract a minidump (setupmem.dmp) file. SetupDiag can also debug these setup related minidumps. + +To debug a setup related bug check, you must: +- Specify the **/LogsPath** parameter. You cannot debug memory dumps in online mode. +- Gather the setup memory dump file (setupmem.dmp) from the failing system. + - Setupmem.dmp will be created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs. +- Install the [Windows Debugging Tools](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-tools) on the computer that runs SetupDiag. + +In the following example, the **setupmem.dmp** file is copied to the **D:\Dump** directory and the Windows Debugging Tools are installed prior to running SetupDiag: + +``` +SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /LogsPath:D:\Dump +``` + +## Known issues + +1. Some rules can take a long time to process if the log files involved are large. +2. If the failing computer is opted into the Insider program and getting regular pre-release updates, or an update is already pending on the computer when SetupDiag is run, it can encounter problems trying to open these log files. This will likely cause a failure to determine a root cause. In this case, try gathering the log files and running SetupDiag in offline mode. + + +## Sample output + +The following is an example where SetupDiag is run in offline mode. + +``` +D:\SetupDiag>SetupDiag.exe /output:c:\setupdiag\result.xml /logspath:D:\Tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e /format:xml + +SetupDiag v1.6.0.0 +Copyright (c) Microsoft Corporation. All rights reserved. + +Searching for setup logs... +Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_6.log with update date 6/12/2019 2:44:20 PM to be the correct setup log. +Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_1.log with update date 6/12/2019 2:45:19 PM to be the correct rollback log. + +Gathering baseline information from setup logs... + +SetupDiag: processing rule: CompatScanOnly. +...No match. + +... + +SetupDiag: processing rule: DISMImageSessionFailure. +.. +Error: SetupDiag reports DISM provider failure. +Last Phase: Safe OS +Last Operation: Apply Optional Component status +Message = Failed to get the IDismImage instance from the image session +Function: CDISMManager::CloseImageSession +Error: 0x800706ba +Recommend you re-download the update source files, reboot and try the update again. + +SetupDiag found 1 matching issue. + +SetupDiag results were logged to: c:\setupdiag\results.xml +Logs ZipFile created at: c:\setupdiag\Logs_14.zip + +``` + +## Rules + +When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file which is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. See [Release notes](#release-notes) for more information. + +Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term "down-level" refers to the first phase of the upgrade process, which runs under the starting OS. + +1. CompatScanOnly - FFDAFD37-DB75-498A-A893-472D49A1311D + - This rule indicates that setup.exe was called with a specific command line parameter that indicated setup was to do a compat scan only, not an upgrade. +2. BitLockerHardblock - C30152E2-938E-44B8-915B-D1181BA635AE + - This is a block when the target OS does not support BitLocker, yet the host OS has BitLocker enabled. +3. VHDHardblock - D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC + - This block happens when the host OS is booted to a VHD image. Upgrade is not supported when the host OS is booted from a VHD image. +4. PortableWorkspaceHardblock - 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280 + - This indicates that the host OS is booted from a Windows To-Go device (USB key). Upgrade is not supported in the Windows To-Go environment. +5. AuditModeHardblock - A03BD71B-487B-4ACA-83A0-735B0F3F1A90 + - This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state. Upgrade is not supported from this state. +6. SafeModeHardblock - 404D9523-B7A8-4203-90AF-5FBB05B6579B + - This block indicates that the host OS is booted to Safe Mode, where upgrade is not supported. +7. InsufficientSystemPartitionDiskSpaceHardblock - 3789FBF8-E177-437D-B1E3-D38B4C4269D1 + - This block is encountered when setup determines the system partition (where the boot loader files are stored) does not have enough space to be serviced with the newer boot files required during the upgrade process. +8. CompatBlockedApplicationAutoUninstall – BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5 + - This rule indicates there is an application that needs to be uninstalled before setup can continue. +9. CompatBlockedApplicationDismissable - EA52620B-E6A0-4BBC-882E-0686605736D9 + - When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies “/compat /ignore warning”. This rule indicates setup was executed in /quiet mode but there is an application dismissible block message that have prevented setup from continuing. +10. CompatBlockedApplicationManualUninstall - 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4 + - This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This typically requires manual removal of the files associated with this application to continue. +11. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B + - This indicates a device driver that is loaded on the host OS is not compatible with the newer OS version and needs to be removed prior to the upgrade. +12. HardblockMismatchedLanguage - 60BA8449-CF23-4D92-A108-D6FCEFB95B45 + - This rule indicates the host OS and the target OS language editions do not match. +13. HardblockFlightSigning - 598F2802-3E7F-4697-BD18-7A6371C8B2F8 + - This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled. This will block the pre-release signed build from booting if installed on the machine. +14. DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E + - This failure indicates the system ran out of disk space during the down-level operations of upgrade. +15. DiskSpaceFailure - 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191 + - This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade. +16. DeviceInstallHang - 37BB1C3A-4D79-40E8-A556-FDA126D40BC6 + - This failure rule indicates the system hung or bug checked during the device installation phase of upgrade. +17. DebugSetupMemoryDump - C7C63D8A-C5F6-4255-8031-74597773C3C6 + - This offline only rule indicates a bug check occurred during setup. If the debugger tools are available on the system, SetupDiag will debug the memory dump and provide details. +18. DebugSetupCrash - CEEBA202-6F04-4BC3-84B8-7B99AED924B1 + - This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details. +19. DebugMemoryDump - 505ED489-329A-43F5-B467-FCAAF6A1264C + - This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details. +20. BootFailureDetected - 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7 + - This rule indicates a boot failure occurred during a specific phase of the update. The rule will indicate the failure code and phase for diagnostic purposes. +21. FindDebugInfoFromRollbackLog - 9600EB68-1120-4A87-9FE9-3A4A70ACFC37 + - This rule will determine and give details when a bug check occurs during the setup/upgrade process that resulted in a memory dump, but without the requirement of the debugger package being on the executing machine. +22. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC + - Finds fatal advanced installer operations that cause setup failures. +23. FindMigApplyUnitFailure - A4232E11-4043-4A37-9BF4-5901C46FD781 + - Detects a migration unit failure that caused the update to fail. This rule will output the name of the migration plug-in as well as the error code it produced for diagnostic purposes. +24. FindMigGatherUnitFailure - D04C064B-CD77-4E64-96D6-D26F30B4EE29 + - Detects a migration gather unit failure that caused the update to fail. This rule will output the name of the gather unit/plug-in as well as the error code it produced for diagnostic purposes. +25. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043 + - This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It will indicate the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes. +26. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14 + - Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It will indicate the operation and error code associated with the failure for diagnostic purposes. +27. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549 + - This rule indicates the update failed to mount a wim file. It will show the name of the wim file as well as the error message and error code associated with the failure for diagnostic purposes. +28. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E + - Determines if the given setup was a success or not based off the logs. +29. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC + - Gives information about failures surfaced early in the upgrade process by setuphost.exe +30. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55 + - Gives failure information surfaced by SetupPlatform, later in the down-level phase. +31. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD + - Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly. +32. FindSetupPlatformFailedOperationInfo - 307A0133-F06B-4B75-AEA8-116C3B53C2D1 + - Gives last phase and error information when SetupPlatform indicates a critical failure. This rule will indicate the operation and error associated with the failure for diagnostic purposes. +33. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48 + - Gives last operation, failure phase and error information when a rollback occurs. +34. AdvancedInstallerGenericFailure – 4019550D-4CAA-45B0-A222-349C48E86F71 + - A rule to match AdvancedInstaller read/write failures in a generic sense. Will output the executable being called as well as the error code and exit code reported. +35. OptionalComponentFailedToGetOCsFromPackage – D012E2A2-99D8-4A8C-BBB2-088B92083D78 (NOTE: This rule replaces the OptionalComponentInstallFailure rule present in v1.10. + - This matches a specific Optional Component failure when attempting to enumerate components in a package. Will output the package name and error code. +36. OptionalComponentOpenPackageFailed – 22952520-EC89-4FBD-94E0-B67DF88347F6 + - Matches a specific Optional Component failure when attempting to open an OC package. Will output the package name and error code. +37. OptionalComponentInitCBSSessionFailed – 63340812-9252-45F3-A0F2-B2A4CA5E9317 + - Matches a specific failure where the advanced installer service or components aren’t operating or started on the system. Will output the error code. +38. UserProfileCreationFailureDuringFinalize – C6677BA6-2E53-4A88-B528-336D15ED1A64 + - Matches a specific User Profile creation error during the finalize phase of setup. Will output the failure code. +39. WimApplyExtractFailure – 746879E9-C9C5-488C-8D4B-0C811FF3A9A8 + - Matches a wim apply failure during wim extraction phases of setup. Will output the extension, path and error code. +40. UpdateAgentExpanderFailure – 66E496B3-7D19-47FA-B19B-4040B9FD17E2 + - Matches DPX expander failures in the down-level phase of update from WU. Will output the package name, function, expression and error code. +41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636 + - Matches any plug-in failure that setupplatform decides is fatal to setup. Will output the plugin name, operation and error code. +42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC + - Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes. +43. MigrationAbortedDueToPluginFailure - D07A24F6-5B25-474E-B516-A730085940C9 + - Indicates a critical failure in a migration plugin that causes setup to abort the migration. Will provide the setup operation, plug-in name, plug-in action and error code. +44. DISMAddPackageFailed - 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9 + - Indicates a critical failure during a DISM add package operation. Will specify the Package Name, DISM error and add package error code. +45. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960 + - Detects all compat blocks from Server compliance plug-ins. Outputs the block information and remediation. +46. AdvancedInstallerGenericFailure - 4019550D-4CAA-45B0-A222-349C48E86F71 + - Triggers on advanced installer failures in a generic sense, outputting the application called, phase, mode, component and error code. +47. FindMigGatherApplyFailure - A9964E6C-A2A8-45FF-B6B5-25E0BD71428E + - Shows errors when the migration Engine fails out on a gather or apply operation. Indicates the Migration Object (file or registry path), the Migration +48. OptionalComponentFailedToGetOCsFromPackage - D012E2A2-99D8-4A8C-BBB2-088B92083D78 + - Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package. Outputs the package name and error code. +49. OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6 + - Indicates the optional component migration operation failed to open an optional component Package. Outputs the package name and error code. +50. OptionalComponentInitCBSSessionFailed - 63340812-9252-45F3-A0F2-B2A4CA5E9317 + - Indicates corruption in the servicing stack on the down-level system. Outputs the error code encountered while trying to initialize the servicing component on the existing OS. +51. DISMproviderFailure - D76EF86F-B3F8-433F-9EBF-B4411F8141F4 + - Triggers when a DISM provider (plug-in) fails in a critical operation. Outputs the file (plug-in name), function called + error code, and error message from the provider. +52. SysPrepLaunchModuleFailure - 7905655C-F295-45F7-8873-81D6F9149BFD + - Indicates a sysPrep plug-in has failed in a critical operation. Indicates the plug-in name, operation name and error code. +53. UserProvidedDriverInjectionFailure - 2247C48A-7EE3-4037-AFAB-95B92DE1D980 + - A driver provided to setup (via command line input) has failed in some way. Outputs the driver install function and error code. +54. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960 + - These are for server upgrades only, will output the compliance block and remediation required. +55. PreReleaseWimMountDriverFound - 31EC76CC-27EC-4ADC-9869-66AABEDB56F0 + - Captures failures due to having an unrecognized wimmount.sys driver registered on the system. +56. WinSetupBootFilterFailure - C073BFC8-5810-4E19-B53B-4280B79E096C + - Detects failures in the kernel mode file operations. +57. WimMountDriverIssue - 565B60DD-5403-4797-AE3E-BC5CB972FBAE + - Detects failures in WimMount.sys registration on the system. +58. DISMImageSessionFailure - 61B7886B-10CD-4C98-A299-B987CB24A11C + - Captures failure information when DISM fails to start an image session successfully. +59. FindEarlyDownlevelError - A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52 + - Detects failures in down-level phase before setup platform is invoked. +60. FindSPFatalError - A4028172-1B09-48F8-AD3B-86CDD7D55852 + - Captures failure information when setup platform encounters a fatal error. + + +## Release notes + +08/08/2019 - SetupDiag v1.6.0.0 is released with 60 rules, as a standalone tool available from the Download Center. + - Much improved log detection performance. What used to take up to a minute, should take around 10 seconds or less. + - Added Setup Operation and Setup Phase information to both the results log and the registry information. + - This is the last Operation and Phase that Setup was in when the failure occurred. + - Added detailed Setup Operation and Setup Phase information (and timing) to output log when /verbose is specified. + - Note, if the issue found is a compat block, no Setup Operation or Phase info exists yet and therefore won’t be available. + - Added more info to the Registry output. + - Detailed ‘FailureData’ info where available. Example: “AppName = MyBlockedApplication” or “DiskSpace = 6603” (in MB) + - “Key = Value” data specific to the failure found. + - Added ‘UpgradeStartTime’, ‘UpgradeEndTime’ and ‘UpgradeElapsedTime’ + - Added ‘SetupDiagVersion’, ‘DateTime’ (to indicate when SetupDiag was executed on the system), ‘TargetOSVersion’, ‘HostOSVersion’ and more… + + +06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center. + - All date and time outputs are updated to localized format per user request. + - Added setup Operation and Phase information to /verbose log. + - Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below). + - Performance improvement in searching setupact.logs to determine correct log to parse. + - Added SetupDiag version number to text report (xml and json always had it). + - Added "no match" reports for xml and json per user request. + - Formatted Json output for easy readability. + - Performance improvements when searching for setup logs; this should be much faster now. + - Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information. + - Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** + - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode. + - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date. + - This registry key also gets deleted when a new update instance is invoked. + - For an example, see [Sample registry key](#sample-registry-key). + +05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center. + - This release dds the ability to find and diagnose reset and recovery failures (Push Button Reset). + +12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center. + - This release includes major improvements in rule processing performance: ~3x faster rule processing performance! + - The FindDownlevelFailure rule is up to 10x faster. + - New rules have been added to analyze failures upgrading to Windows 10 version 1809. + - A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure. + - Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode. + - Some functional and output improvements were made for several rules. + +07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center. + - This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed. + +07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center. + - Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues. + - New feature: Ability to output logs in JSON and XML format. + - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic. + - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text. + - New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive. + - 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed. + +05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center. + - Fixed a bug in device install failure detection in online mode. + - Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost. + - Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing. + +05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center. + - A performance enhancment has been added to result in faster rule processing. + - Rules output now includes links to support articles, if applicable. + - SetupDiag now provides the path and name of files that it is processing. + - You can now run SetupDiag by simply clicking on it and then examining the output log file. + - An output log file is now always created, whether or not a rule was matched. + +03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center. + +## Sample logs + +### Text log sample + +``` +Matching Profile found: OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6 +System Information: + Machine Name = Offline + Manufacturer = MSI + Model = MS-7998 + HostOSArchitecture = x64 + FirmwareType = PCAT + BiosReleaseDate = 20160727000000.000000+000 + BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70 + BiosVersion = 1.70 + HostOSVersion = 10.0.15063 + HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834 + TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534) + HostOSLanguageId = 2057 + HostOSEdition = Core + RegisteredAV = Windows Defender, + FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo, + UpgradeStartTime = 3/21/2018 9:47:16 PM + UpgradeEndTime = 3/21/2018 10:02:40 PM + UpgradeElapsedTime = 00:15:24 + ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde + +Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F +Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again. Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again. +Error: SetupDiag reports down-level failure, Operation: Finalize, Error: 0x8007001F - 0x50015 +Refer to https://docs.microsoft.com/windows/deployment/upgrade/upgrade-error-codes for error information. +``` + +### XML log sample + +```xml + + + 1.6.0.0 + FindSPFatalError + A4028172-1B09-48F8-AD3B-86CDD7D55852 + + Offline + Gigabyte Technology Co., Ltd. + X470 AORUS ULTRA GAMING + 1033 + UEFI + 20180808000000.000000+000 + F3 + + 10.0.18908 + 18908.1000.amd64fre.rs_prerelease.190524-1658 + 10.0.18912.1001 (rs_prerelease.190601-1739) + + Professional + Windows Defender + + 2019-06-06T21:19:10 + + 2019-06-06T22:21:49 + 0001-01-01T00:00:00 + 0001-01-01T00:00:00 + + 0001-01-01T00:00:00 + 0001-01-01T00:00:00 + + Offline + MgUweCZk90KdwUiZ + F21F8FB6-00FD-4349-84FB-2AC75F389E73 + F21F8FB6-00FD-4349-84FB-2AC75F389E73 + + 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] + +Error: SetupDiag reports Fatal Error. +Last Setup Phase = Downlevel +Last Setup Operation: Gather data, scope: EVERYTHING +Error: 0x00000057 + LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] + LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] + +Refer to "https://docs.microsoft.com/windows/desktop/Debug/system-error-codes" for error information. + Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel + +``` + +### JSON log sample + +``` +{ + "Version":"1.6.0.0", + "ProfileName":"FindSPFatalError", + "ProfileGuid":"A4028172-1B09-48F8-AD3B-86CDD7D55852", + "SystemInfo":{ + "BiosReleaseDate":"20180808000000.000000+000", + "BiosVendor":"F3", + "BiosVersion":"F3", + "CV":"MgUweCZk90KdwUiZ", + "CommercialId":"Offline", + "FilterDrivers":"", + "FinalizeStartTime":"\/Date(-62135568000000-0800)\/", + "FirmwareType":"UEFI", + "HostOSArchitecture":"x64", + "HostOSBuildString":"18908.1000.amd64fre.rs_prerelease.190524-1658", + "HostOSEdition":"Professional", + "HostOSLanguageId":"", + "HostOSVersion":"", + "MachineName":"Offline", + "Manufacturer":"Gigabyte Technology Co., Ltd.", + "Model":"X470 AORUS ULTRA GAMING", + "PostOOBESuccessTime":"\/Date(-62135568000000-0800)\/", + "RegisteredAV":"Windows Defender", + "ReportId":"F21F8FB6-00FD-4349-84FB-2AC75F389E73", + "RollbackElapsedTime":"PT0S", + "RollbackEndTime":"\/Date(-62135568000000-0800)\/", + "RollbackStartTime":"\/Date(-62135568000000-0800)\/", + "SetupReportId":"F21F8FB6-00FD-4349-84FB-2AC75F389E73", + "TargetOSArchitecture":null, + "TargetOSBuildString":"10.0.18912.1001 (rs_prerelease.190601-1739)", + "TotalOfflineTime":"PT0S", + "UpgradeElapsedTime":"PT1H2M39S", + "UpgradeEndTime":"\/Date(1559884909000-0700)\/", + "UpgradeStartTime":"\/Date(1559881150000-0700)\/" + }, + "LogErrorLine":"2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ + gle=0x00000057 + ]", + "FailureData":[ + "\u000aError: SetupDiag reports Fatal Error.\u000aLast Setup Phase = Downlevel\u000aLast Setup Operation: Gather data, scope: EVERYTHING\u000aError: 0x00000057", + "LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ + gle=0x00000057 + ]", + "LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ + gle=0x00000057 + ]", + "\u000aRefer to \"https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/Debug\/system-error-codes\" for error information." + ], + "FailureDetails":"Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel", + "DeviceDriverInfo":null, + "Remediation":[ + + ], + "SetupPhaseInfo":null, + "SetupOperationInfo":null +} +``` + +## Sample registry key + +![Addreg](./../images/addreg.png) + +## Related topics + +[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/windows/deployment/upgrade/resolve-windows-10-upgrade-errors) From c288f3a863045bf4264a5328c56fe7cea67273ee Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Thu, 8 Aug 2019 19:35:01 -0700 Subject: [PATCH 07/53] change a message (#867) * add note on office data * add note for oatp * CAT Auto Pulish for Windows Release Messages - 20190808181530 (#866) --- .../status-windows-10-1507.yml | 10 -------- ...indows-10-1607-and-windows-server-2016.yml | 25 ++++++++++--------- .../status-windows-10-1703.yml | 15 +++-------- .../status-windows-10-1709.yml | 5 ++-- .../status-windows-10-1803.yml | 5 ++-- ...indows-10-1809-and-windows-server-2019.yml | 7 +++--- .../status-windows-10-1903.yml | 9 ++++--- .../threat-protection-integration.md | 3 +++ 8 files changed, 34 insertions(+), 45 deletions(-) diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 9f116c65f8..88f03f07b7 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,6 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      -
      SummaryOriginating updateStatusLast updated
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

      See details >      		OS Build 10240.18244

      June 11, 2019
      KB4503291      		Resolved
      KB4507458      		July 09, 2019
      10:00 AM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 10240.18094

      January 08, 2019
      KB4480962      		Mitigated
      		April 25, 2019
      02:00 PM PT
      " @@ -72,15 +71,6 @@ sections:
      " -- title: June 2019 -- items: - - type: markdown - text: " - - -
      DetailsOriginating updateStatusHistory
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue was resolved in KB4507458.

      Back to top      		OS Build 10240.18244

      June 11, 2019
      KB4503291      		Resolved
      KB4507458      		Resolved:
      July 09, 2019
      10:00 AM PT

      Opened:
      June 12, 2019
      11:11 AM PT
      - " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 4bfa74c40c..0f3ce76fc4 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,12 +60,12 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - + + - @@ -79,12 +79,22 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 14393.3115

      July 16, 2019
      KB4507459      		Investigating
      		August 01, 2019
      06:12 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 14393.3115

      July 16, 2019
      KB4507459      		Investigating
      		August 08, 2019
      03:14 PM PT
      Apps and scripts using the NetQueryDisplayInformation API may fail with error
      Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

      See details >      		OS Build 14393.3053

      June 18, 2019
      KB4503294      		Investigating
      		August 01, 2019
      05:00 PM PT
      Internet Explorer 11 and apps using the WebBrowser control may fail to render
      JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

      See details >      		OS Build 14393.3085

      July 09, 2019
      KB4507460      		Mitigated
      		July 26, 2019
      04:58 PM PT
      SCVMM cannot enumerate and manage logical switches deployed on the host
      For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

      See details >      		OS Build 14393.2639

      November 27, 2018
      KB4467684      		Resolved
      KB4507459      		July 16, 2019
      10:00 AM PT
      Some applications may fail to run as expected on clients of AD FS 2016
      Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

      See details >      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Resolved
      KB4507459      		July 16, 2019
      10:00 AM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		OS Build 14393.3025

      June 11, 2019
      KB4503267      		Mitigated
      		July 10, 2019
      07:09 PM PT
      Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
      Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

      See details >      		OS Build 14393.2969

      May 14, 2019
      KB4494440      		Resolved
      KB4507460      		July 09, 2019
      10:00 AM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 14393.2724

      January 08, 2019
      KB4480961      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
      Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

      See details >      		OS Build 14393.2608

      November 13, 2018
      KB4467691      		Mitigated
      		February 19, 2019
      10:00 AM PT
      Cluster service may fail if the minimum password length is set to greater than 14
      The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

      See details >      		OS Build 14393.2639

      November 27, 2018
      KB4467684      		Mitigated
      		April 25, 2019
      02:00 PM PT
      + +
      DetailsOriginating updateStatusHistory
      Apps and scripts using the NetQueryDisplayInformation API may fail with error
       Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

      Affected platforms:
      • Server: Windows Server 2019; Windows Server 2016
      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 14393.3053

      June 18, 2019
      KB4503294      		Investigating
      		Last updated:
      August 01, 2019
      05:00 PM PT

      Opened:
      August 01, 2019
      05:00 PM PT
      + " + - title: July 2019 - items: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 14393.3115

      July 16, 2019
      KB4507459      		Investigating
      		Last updated:
      August 01, 2019
      06:12 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 14393.3115

      July 16, 2019
      KB4507459      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Internet Explorer 11 and apps using the WebBrowser control may fail to render
      Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

      Affected platforms:
      • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server 2016
      Workaround: To mitigate this issue, you need to Enable Script Debugging using one of the following ways.

      You can configure the below registry key:
      Registry setting: HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main
      Value: Disable Script Debugger
      Type: REG_SZ
      Data: no

      Or you can Enable Script Debugging in Internet Settings. You can open Internet Setting by either typing Internet Settings into the search box on Windows or by selecting Internet Options in Internet Explorer. Once open, select Advanced then Browsing and finally, select Enable Script Debugging.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 14393.3085

      July 09, 2019
      KB4507460      		Mitigated
      		Last updated:
      July 26, 2019
      04:58 PM PT

      Opened:
      July 26, 2019
      04:58 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

      Affected platforms:
      • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
      Workaround:
      To mitigate this issue on an SCCM server:
      1. Verify Variable Window Extension is enabled.
      2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
      Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

      To mitigate this issue on a WDS server without SCCM:
      1. In WDS TFTP settings, verify Variable Window Extension is enabled.
      2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
      3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
      Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 14393.3025

      June 11, 2019
      KB4503267      		Mitigated
      		Last updated:
      July 10, 2019
      07:09 PM PT

      Opened:
      July 10, 2019
      02:51 PM PT
      @@ -99,15 +109,6 @@ sections:
      " -- title: May 2019 -- items: - - type: markdown - text: " - - -
      DetailsOriginating updateStatusHistory
      Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
      Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4494440 and restarting.

      Affected platforms:
      • Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server 2016
      Resolution: This issue was resolved in KB4507460.

      Back to top      		OS Build 14393.2969

      May 14, 2019
      KB4494440      		Resolved
      KB4507460      		Resolved:
      July 09, 2019
      10:00 AM PT

      Opened:
      May 21, 2019
      08:50 AM PT
      - " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 4dbe8ada26..c8b0808465 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,8 +60,7 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - - +
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 15063.1955

      July 16, 2019
      KB4507467      		Investigating
      		August 01, 2019
      06:12 PM PT
      Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
      Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

      See details >      		OS Build 15063.1805

      May 14, 2019
      KB4499181      		Resolved
      KB4507450      		July 09, 2019
      10:00 AM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 15063.1955

      July 16, 2019
      KB4507467      		Investigating
      		August 08, 2019
      03:14 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 15063.1563

      January 08, 2019
      KB4480973      		Mitigated
      		April 25, 2019
      02:00 PM PT
      " @@ -78,16 +77,8 @@ sections: - type: markdown text: " - -
      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 15063.1955

      July 16, 2019
      KB4507467      		Investigating
      		Last updated:
      August 01, 2019
      06:12 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      - " - -- title: May 2019 -- items: - - type: markdown - text: " - - +
      DetailsOriginating updateStatusHistory
      Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
      Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4499181 and restarting.

      Affected platforms:
      • Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server 2016
      Resolution: This issue was resolved in KB4507450.

      Back to top      		OS Build 15063.1805

      May 14, 2019
      KB4499181      		Resolved
      KB4507450      		Resolved:
      July 09, 2019
      10:00 AM PT

      Opened:
      May 21, 2019
      08:50 AM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 15063.1955

      July 16, 2019
      KB4507467      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index cee8270547..c251b85868 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - +
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 16299.1296

      July 16, 2019
      KB4507465      		Investigating
      		August 01, 2019
      06:12 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 16299.1296

      July 16, 2019
      KB4507465      		Investigating
      		August 08, 2019
      03:14 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		OS Build 16299.1217

      June 11, 2019
      KB4503284      		Mitigated
      		July 10, 2019
      07:09 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 16299.904

      January 08, 2019
      KB4480978      		Mitigated
      		April 25, 2019
      02:00 PM PT
      @@ -78,7 +78,8 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 16299.1296

      July 16, 2019
      KB4507465      		Investigating
      		Last updated:
      August 01, 2019
      06:12 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 16299.1296

      July 16, 2019
      KB4507465      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

      Affected platforms:
      • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
      Workaround:
      To mitigate this issue on an SCCM server:
      1. Verify Variable Window Extension is enabled.
      2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
      Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

      To mitigate this issue on a WDS server without SCCM:
      1. In WDS TFTP settings, verify Variable Window Extension is enabled.
      2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
      3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
      Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 16299.1217

      June 11, 2019
      KB4503284      		Mitigated
      		Last updated:
      July 10, 2019
      07:09 PM PT

      Opened:
      July 10, 2019
      02:51 PM PT
      " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index fe9a0bfd6c..0b63a46c96 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - + @@ -84,7 +84,8 @@ sections: - type: markdown text: "
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 17134.915

      July 16, 2019
      KB4507466      		Investigating
      		August 01, 2019
      06:12 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 17134.915

      July 16, 2019
      KB4507466      		Investigating
      		August 08, 2019
      03:14 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Mitigated
      		July 10, 2019
      07:09 PM PT
      Startup to a black screen after installing updates
      Your device may startup to a black screen during the first logon after installing updates.

      See details >      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Mitigated
      		June 14, 2019
      04:41 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 17134.523

      January 08, 2019
      KB4480966      		Mitigated
      		April 25, 2019
      02:00 PM PT
      - +
      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 17134.915

      July 16, 2019
      KB4507466      		Investigating
      		Last updated:
      August 01, 2019
      06:12 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 17134.915

      July 16, 2019
      KB4507466      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

      Affected platforms:
      • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
      Workaround:
      To mitigate this issue on an SCCM server:
      1. Verify Variable Window Extension is enabled.
      2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
      Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

      To mitigate this issue on a WDS server without SCCM:
      1. In WDS TFTP settings, verify Variable Window Extension is enabled.
      2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
      3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
      Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Mitigated
      		Last updated:
      July 10, 2019
      07:09 PM PT

      Opened:
      July 10, 2019
      02:51 PM PT
      " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index ef023a5f81..7e07f5c970 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - + @@ -94,7 +94,8 @@ sections: - type: markdown text: "
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 17763.652

      July 22, 2019
      KB4505658      		Investigating
      		August 01, 2019
      06:12 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 17763.652

      July 22, 2019
      KB4505658      		Investigating
      		August 08, 2019
      03:14 PM PT
      Apps and scripts using the NetQueryDisplayInformation API may fail with error
      Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

      See details >      		OS Build 17763.55

      October 09, 2018
      KB4464330      		Investigating
      		August 01, 2019
      05:00 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Mitigated
      		July 10, 2019
      07:09 PM PT
      Startup to a black screen after installing updates
      Your device may startup to a black screen during the first logon after installing updates.

      See details >      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Mitigated
      		June 14, 2019
      04:41 PM PT
      - +
      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 17763.652

      July 22, 2019
      KB4505658      		Investigating
      		Last updated:
      August 01, 2019
      06:12 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 17763.652

      July 22, 2019
      KB4505658      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

      Affected platforms:
      • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
      Workaround:
      To mitigate this issue on an SCCM server:
      1. Verify Variable Window Extension is enabled.
      2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
      Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

      To mitigate this issue on a WDS server without SCCM:
      1. In WDS TFTP settings, verify Variable Window Extension is enabled.
      2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
      3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
      Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Mitigated
      		Last updated:
      July 10, 2019
      07:09 PM PT

      Opened:
      July 10, 2019
      02:51 PM PT
      " @@ -113,7 +114,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Devices with some Asian language packs installed may receive an error
      After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
      • Server: Windows Server, version 1809; Windows Server 2019
      Workaround:
      1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
      2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
      Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
      1. Go to Settings app -> Recovery.
      2. Click on Get Started under \"Reset this PC\" recovery option.
      3. Select \"Keep my Files\".
      Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 17763.437

      April 09, 2019
      KB4493509      		Mitigated
      		Last updated:
      May 03, 2019
      10:59 AM PT

      Opened:
      May 02, 2019
      04:36 PM PT
      Devices with some Asian language packs installed may receive an error
      After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
      • Server: Windows Server, version 1809; Windows Server 2019
      Workaround:
      1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
      2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
      Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
        1. Go to Settings app -> Recovery.
        2. Click on Get Started under \"Reset this PC\" recovery option.
        3. Select \"Keep my Files\".
      Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 17763.437

      April 09, 2019
      KB4493509      		Mitigated
      		Last updated:
      May 03, 2019
      10:59 AM PT

      Opened:
      May 02, 2019
      04:36 PM PT
      " diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 2a401ac28f..270f97ec5b 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,10 +65,10 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      + + - - @@ -96,8 +96,9 @@ sections: - type: markdown text: "
      SummaryOriginating updateStatusLast updated
      Issues updating when certain versions of Intel storage drivers are installed
      Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Mitigated External
      		August 08, 2019
      05:50 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		August 08, 2019
      03:14 PM PT
      Intermittent loss of Wi-Fi connectivity
      Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

      See details >      		OS Build 18362.116

      May 21, 2019
      KB4505057      		Mitigated External
      		August 01, 2019
      08:44 PM PT
      Gamma ramps, color profiles, and night light settings do not apply in some cases
      Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

      See details >      		OS Build 18362.116

      May 21, 2019
      KB4505057      		Mitigated
      		August 01, 2019
      06:27 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		August 01, 2019
      06:12 PM PT
      Issues updating when certain versions of Intel storage drivers are installed
      Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Mitigated External
      		August 01, 2019
      05:58 PM PT
      Display brightness may not respond to adjustments
      Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

      See details >      		OS Build 18362.116

      May 21, 2019
      KB4505057      		Resolved
      KB4505903      		July 26, 2019
      02:00 PM PT
      RASMAN service may stop working and result in the error “0xc0000005”
      The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Resolved
      KB4505903      		July 26, 2019
      02:00 PM PT
      The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
      Some apps or games that needs to perform graphics intensive operations may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		July 16, 2019
      09:04 AM PT
      - - + + diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md index e620a05684..a830dad9fe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md @@ -51,6 +51,9 @@ Microsoft Cloud App Security leverages Microsoft Defender ATP endpoint signals t ## Office 365 Advanced Threat Protection (Office 365 ATP) [Office 365 ATP](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Microsoft Defender ATP enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked. +>[!NOTE] +> Office 365 ATP data is displayed for events within the last 30 days. For alerts, Office 365 ATP data is displayed based on first activity time. After that, the data is no longer available in Office 365 ATP. + ## Skype for Business The Skype for Business integration provides s a way for analysts to communicate with a potentially compromised user or device owner through ao simple button from the portal. From 7b97f9d02248b2343001880d4ed0b9e017b615f9 Mon Sep 17 00:00:00 2001 From: illfated Date: Fri, 9 Aug 2019 20:20:44 +0200 Subject: [PATCH 08/53] Windows/Configuration: broken header+missing space - Repair a broken MarkDown (MD) header by adding a blank line between it and its preceding HTML tag, which up until now has disabled the header - Set correct MarkDown spacing for Note/Tip/important block indents (1 space between the indent marker and its text content) --- ...-by-using-provisioning-packages-and-icd.md | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md index 56de2504c6..977161bcd3 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md @@ -23,12 +23,12 @@ ms.date: 11/15/2017 - Windows 10 ->**Looking for consumer information?** [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630) +> **Looking for consumer information?** [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630) In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, version 1703, you can use a provisioning package that you create with Windows Configuration Designer to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead. ->[!IMPORTANT] ->If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy. +> [!IMPORTANT] +> If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy. **Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions. @@ -39,14 +39,15 @@ Three features enable Start and taskbar layout control: - The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. - >[!NOTE] - >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet. + > [!NOTE] + > To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet. - [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration. - In Windows Configuration Designer, you use the **Policies/Start/StartLayout** setting to provide the contents of the .xml file that defines the Start and taskbar layout. - + + ## Prepare the Start layout XML file The **Export-StartLayout** cmdlet produces an XML file. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout section to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout section to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters. @@ -61,8 +62,8 @@ The **Export-StartLayout** cmdlet produces an XML file. Because Windows Configur Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md) ->[!IMPORTANT] ->When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. +> [!IMPORTANT] +> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. 1. Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). @@ -76,8 +77,8 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L 6. Expand **Runtime settings** > **Policies** > **Start**, and click **StartLayout**. - >[!TIP] - >If **Start** is not listed, check the type of settings you selected in step 4. You must create the project using settings for **All Windows desktop editions**. + > [!TIP] + > If **Start** is not listed, check the type of settings you selected in step 4. You must create the project using settings for **All Windows desktop editions**. 7. Enter **layout.xml**. This value creates a placeholder in the customizations.xml file that you will replace with the contents of the layout.xml file in a later step. From f3203a5ca42d44737faf4056566e28686320e857 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 9 Aug 2019 12:16:29 -0700 Subject: [PATCH 09/53] removed a known issue --- windows/deployment/upgrade/setupdiag.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 78a75cc04e..e7532a859e 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -29,6 +29,7 @@ ms.topic: article ## About SetupDiag Current version of SetupDiag: 1.6.0.0 +>Always be sure to run the most recent version of SetupDiag, so that can access new functionality and fixes to known issues. SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. @@ -147,7 +148,6 @@ SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /LogsPath:D:\Dump ## Known issues 1. Some rules can take a long time to process if the log files involved are large. -2. If the failing computer is opted into the Insider program and getting regular pre-release updates, or an update is already pending on the computer when SetupDiag is run, it can encounter problems trying to open these log files. This will likely cause a failure to determine a root cause. In this case, try gathering the log files and running SetupDiag in offline mode. ## Sample output From 9444d5ca5b3233dae402310cf4ea55e17d4c6dd6 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Fri, 9 Aug 2019 19:17:27 -0700 Subject: [PATCH 10/53] add new issues for multiple window platforms (#882) * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update policy-csp-update.md In 1903 we deprecated the value of 32 and combined Semi-Annual Channel (Targeted) with the Semi-Annual Channel. We need to communicate this change in the documentation. * chore: Replace tab after unorderd list marker * Update windows/security/identity-protection/credential-guard/credential-guard-manage.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * markdown syntex issue There was a syntex issue with formating. It has been fixed. * Update MDM Path https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash Issue https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3553 * HTML Tag fix There was issue with HTML tag in live 203 and has been fixed. * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-overview.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update waas-overview.md * Update hello-hybrid-cert-whfb-settings-policy.md removing extra "want" * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update hello-planning-guide.md * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update whiteboard-collaboration.md * Update hello-key-trust-policy-settings.md * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update start-layout-xml-desktop.md Added syntax and note * remove reference about Windows 10 Pro https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3255 * Fixed Typo * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Updated with TVM refs * Emphasize Device Sync https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4401 * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * fix: MD005/list-indent Inconsistent indentation for list items at the same level * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update enable-admx-backed-policies-in-mdm.md Added two links to notes. * Update windows/configuration/start-layout-xml-desktop.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update index.md Corrected typo: 'annd' to 'and' * Update windows/security/identity-protection/hello-for-business/hello-planning-guide.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update devices/surface-hub/whiteboard-collaboration.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Create troubleshooting-agpm40-upgrades.md * Update TOC.md Addition of Troubleshooting AGPM Upgrades top-level link * Update windows-10-upgrade-paths.md * Update white-glove.md Removed a singular reference to WG and replaced with white glove * remove last 3 blocks in IT Admin * Fixes typo issue in line 47 Closes #4557 * Update metadata to replace non-existent author * Update index.md Typo - corrected 'Bitlocker' to 'BitLocker' * Rename windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md to windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md * Update hello-planning-guide.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update kiosk-xml.md * Update kiosk-xml.md * Update waas-servicing-differences.md Removed double use of the word critical * Minor update to properly reflect supported macros * Update applocker-csp.md * Update kiosk-xml.md * Update applocker-csp.md * updated image needed I don't have rights to upload a new file (the updated error image) More details here: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2489 * MDOP May 2019 Servicing Release: new Hotfix Link Microsoft Desktop Optimization Pack May 2019 Servicing Release. Replaces the outdated MDOP link to July 2018 Servicing Release. Thanks to CaptainUnlikely for the Technet blogs information update. Closes #4574 * Creating a WDATP alert requires recommendedAction Otherwise the following will be returned by the API: ``` {"error":{"code":"BadRequest","message":"recommendedAction argument is missing"}} ``` * Update windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update guidelines-for-assigned-access-app.md * Corrected typo Changed "ConnecionSuccess" to "ConnectionSuccess * Update install-wd-app-guard.md * Update self-deploying.md Added additional links. * Update install-wd-app-guard.md * Update hello-hybrid-cert-trust-devreg.md * Update waas-delivery-optimization.md fixed typo * Fixed a small typo Changed "wwitches" to "switches". * Update for the month June 2019 I have added the content for surface hub based on an update KB4503289. There was no update released for a hub for the month of July. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4586 * Update devices/surface-hub/surface-hub-update-history.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * typo typo the Action Sataus column instead of the Action Status column * Correcting small mistake on which version of Win10 displays MBEC Correcting initial mistake when changed docs. * Updated links Hotlink for configuring MTP integration and API support was missing and has been updated. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4569 * Resolves #4620 - typo in command line Issue #4620 Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode should be Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode * HTML to MarkDown in hello-hybrid-aadj-sso-cert.md This is a combined effort to alleviate a translation bug as well as improving the MarkDown codestyle in this document, both for the English (en-us) version of the document as well as the translated versions. This change should in theory close the issue tickets #3451 and #3453 after the scripted translation process has been re-run on this document. This solution is based on a user discussion in issue ticket #4589 . * Update windows/deployment/windows-autopilot/self-deploying.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update index.md * Update waas-configure-wufb.md * Update hello-features.md Removes \ typo * Update windows-analytics-get-started.md adding IE site discovery to GDPR blurb * Update sideload-apps-in-windows-10.md * Update upgrade-readiness-deployment-script.md replacing support email with official support channels * missing bold on GUI element * formatting again - italicize typed word * fixing warnings * restored missing art, somehow * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019080917545405 (#881) --- .../includes/allow-adobe-flash-include.md | 91 +- .../edge/microsoft-edge-kiosk-mode-deploy.md | 531 +- ...terprise-mode-schema-version-2-guidance.md | 603 +- devices/hololens/hololens-encryption.md | 2 +- devices/hololens/hololens-updates.md | 6 +- devices/surface-hub/surface-hub-2s-setup.md | 2 +- .../surface-hub/surface-hub-update-history.md | 14 +- .../surface-hub/whiteboard-collaboration.md | 5 +- ...-by-step-surface-deployment-accelerator.md | 8 +- ...ion-manager-to-manage-devices-with-semm.md | 321 +- mdop/agpm/TOC.md | 1 + mdop/agpm/index.md | 2 +- mdop/agpm/troubleshooting-agpm40-upgrades.md | 41 + mdop/appv-v4/app-v-45-sp2-release-notes.md | 4 +- ...nly-cache-on-the-app-v-client--rds--sp1.md | 2 +- ...ad-only-cache-on-the-app-v-client--vdi-.md | 2 +- ...l-the-application-virtualization-client.md | 100 +- mdop/appv-v4/index.md | 2 +- ...ion-46-service-pack-2-privacy-statement.md | 24 +- mdop/appv-v4/planning-for-client-security.md | 4 +- .../security-and-protection-overview.md | 2 +- mdop/appv-v5/index.md | 2 +- mdop/dart-v10/index.md | 2 +- mdop/dart-v7/index.md | 2 +- mdop/dart-v8/index.md | 2 +- mdop/index.md | 2 +- mdop/mbam-v1/index.md | 68 +- mdop/mbam-v2/index.md | 64 +- mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md | 2 +- mdop/mbam-v25/index.md | 100 +- .../how-to-configure-image-pre-staging.md | 12 +- mdop/medv-v1/index.md | 2 +- mdop/medv-v2/index.md | 2 +- mdop/solutions/index.md | 2 +- mdop/uev-v1/index.md | 2 +- .../get-started-with-ue-v-2x-new-uevv2.md | 2 +- mdop/uev-v2/index.md | 2 +- .../remove-provisioned-apps-during-update.md | 6 +- .../sideload-apps-in-windows-10.md | 3 + ...nced-troubleshooting-802-authentication.md | 2 +- .../client-management/mdm/applocker-csp.md | 20 +- .../mdm/appv-deploy-and-config.md | 2 +- .../client-management/mdm/devicestatus-csp.md | 34 +- .../mdm/enable-admx-backed-policies-in-mdm.md | 15 +- .../mdm/esim-enterprise-management.md | 18 +- windows/client-management/mdm/index.md | 2 +- .../mdm/networkqospolicy-csp.md | 10 +- .../mdm/policy-csp-applicationmanagement.md | 2 +- .../mdm/policy-csp-browser.md | 6 +- .../mdm/policy-csp-devicelock.md | 12 +- .../mdm/policy-csp-internetexplorer.md | 4 +- .../mdm/policy-csp-remotemanagement.md | 2 +- .../mdm/policy-csp-settings.md | 10 +- .../mdm/policy-csp-system.md | 4 +- .../mdm/policy-csp-update.md | 6 +- .../mdm/understanding-admx-backed-policies.md | 22 +- .../mdm/windowslicensing-csp.md | 12 +- .../mdm/windowssecurityauditing-csp.md | 2 +- .../troubleshoot-inaccessible-boot-device.md | 2 +- .../troubleshoot-stop-errors.md | 4 +- .../troubleshoot-windows-freeze.md | 4 +- .../windows-10-mobile-and-mdm.md | 28 +- .../customize-and-export-start-layout.md | 2 +- .../guidelines-for-assigned-access-app.md | 2 +- windows/configuration/kiosk-xml.md | 12 +- .../settings-that-can-be-locked-down.md | 2 +- .../configuration/start-layout-xml-desktop.md | 3 + ...v-application-template-schema-reference.md | 18 +- ...anage-administrative-backup-and-restore.md | 4 +- ...plates-using-windows-powershell-and-wmi.md | 6 +- ...synchronizing-microsoft-office-with-uev.md | 2 +- .../windows-10-accessibility-for-ITPros.md | 6 +- .../assign-applications-using-roles-in-mdt.md | 273 +- ...d-environment-for-windows-10-deployment.md | 457 +- .../configure-mdt-deployment-share-rules.md | 251 +- .../configure-mdt-for-userexit-scripts.md | 147 +- .../create-a-windows-10-reference-image.md | 1303 +-- .../deploy-a-windows-10-image-using-mdt.md | 1329 +-- ...ntegrate-configuration-manager-with-mdt.md | 244 +- ...prepare-for-windows-deployment-with-mdt.md | 259 +- ...s-7-computer-with-a-windows-10-computer.md | 303 +- .../set-up-mdt-for-bitlocker.md | 329 +- ...ows-10-deployment-in-a-test-environment.md | 139 +- .../use-web-services-in-mdt.md | 273 +- ...0-deployment-with-configuration-manager.md | 387 +- ...f-windows-10-with-configuration-manager.md | 569 +- windows/deployment/deploy-windows-to-go.md | 2022 ++-- ...se-management-strategies-and-deployment.md | 343 +- .../update/feature-update-user-install.md | 481 +- .../deployment/update/waas-configure-wufb.md | 555 +- .../waas-delivery-optimization-reference.md | 467 +- .../update/waas-delivery-optimization.md | 377 +- windows/deployment/update/waas-overview.md | 438 +- .../update/waas-servicing-differences.md | 240 +- windows/deployment/update/waas-wu-settings.md | 526 +- .../update/windows-analytics-get-started.md | 2 +- windows/deployment/upgrade/setupdiag.md | 1049 +- .../upgrade-readiness-deployment-script.md | 381 +- .../upgrade/windows-10-upgrade-paths.md | 567 +- .../usmt/offline-migration-reference.md | 537 +- .../usmt/understanding-migration-xml-files.md | 1083 +-- .../deployment/usmt/usmt-best-practices.md | 317 +- .../deployment/usmt/usmt-configxml-file.md | 1179 +-- .../usmt/usmt-conflicts-and-precedence.md | 929 +- .../usmt/usmt-custom-xml-examples.md | 635 +- .../usmt/usmt-hard-link-migration-store.md | 471 +- .../usmt/usmt-include-files-and-settings.md | 453 +- windows/deployment/usmt/usmt-log-files.md | 987 +- .../usmt/usmt-reroute-files-and-settings.md | 259 +- .../usmt/usmt-xml-elements-library.md | 8527 +++++++++-------- .../deployment/usmt/xml-file-requirements.md | 99 +- .../scenario-proxy-activation-vamt.md | 341 +- .../use-vamt-in-windows-powershell.md | 151 +- .../autopilot-device-guidelines.md | 91 +- windows/deployment/windows-autopilot/index.md | 153 +- .../windows-autopilot/self-deploying.md | 147 +- .../windows-autopilot/white-glove.md | 230 +- .../windows-deployment-scenarios-and-tools.md | 702 +- ...ws-diagnostic-data-in-your-organization.md | 32 +- .../diagnostic-data-viewer-overview.md | 4 +- windows/privacy/gdpr-win10-whitepaper.md | 6 +- .../privacy/manage-windows-1709-endpoints.md | 10 +- .../privacy/manage-windows-1803-endpoints.md | 10 +- .../privacy/manage-windows-1809-endpoints.md | 10 +- .../privacy/manage-windows-1903-endpoints.md | 10 +- .../resolved-issues-windows-10-1507.yml | 10 + .../resolved-issues-windows-10-1607.yml | 10 + .../resolved-issues-windows-10-1703.yml | 10 + .../resolved-issues-windows-10-1709.yml | 10 + .../resolved-issues-windows-10-1803.yml | 10 + ...indows-10-1809-and-windows-server-2019.yml | 10 + .../resolved-issues-windows-10-1903.yml | 10 + ...ndows-7-and-windows-server-2008-r2-sp1.yml | 10 + ...windows-8.1-and-windows-server-2012-r2.yml | 10 + ...esolved-issues-windows-server-2008-sp2.yml | 10 + .../resolved-issues-windows-server-2012.yml | 10 + .../status-windows-10-1507.yml | 10 + ...indows-10-1607-and-windows-server-2016.yml | 6 +- .../status-windows-10-1703.yml | 14 +- .../status-windows-10-1709.yml | 14 +- .../status-windows-10-1803.yml | 14 +- ...indows-10-1809-and-windows-server-2019.yml | 6 +- .../status-windows-10-1903.yml | 18 +- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 10 + ...windows-8.1-and-windows-server-2012-r2.yml | 10 + .../status-windows-server-2008-sp2.yml | 10 + .../status-windows-server-2012.yml | 10 + .../access-control/security-identifiers.md | 4 +- .../additional-mitigations.md | 8 +- .../credential-guard-known-issues.md | 20 +- .../credential-guard-manage.md | 10 +- ...redential-guard-not-protected-scenarios.md | 10 +- .../credential-guard-scripts.md | 4 +- .../hello-biometrics-in-enterprise.md | 2 +- .../hello-for-business/hello-features.md | 4 +- .../hello-hybrid-aadj-sso-cert.md | 4 +- .../hello-hybrid-cert-trust-devreg.md | 15 +- .../hello-hybrid-cert-trust-prereqs.md | 3 + .../hello-hybrid-cert-whfb-settings-policy.md | 2 +- .../hello-key-trust-policy-settings.md | 4 +- .../hello-key-trust-validate-deploy-mfa.md | 3 + .../hello-planning-guide.md | 4 +- .../passwordless-strategy.md | 220 +- windows/security/identity-protection/index.md | 2 +- .../bitlocker/bitlocker-basic-deployment.md | 32 +- ...tlocker-how-to-deploy-on-windows-server.md | 12 +- .../bitlocker-how-to-enable-network-unlock.md | 2 +- .../bitlocker-recovery-guide-plan.md | 17 +- ...ve-encryption-tools-to-manage-bitlocker.md | 30 +- ...nd-storage-area-networks-with-bitlocker.md | 18 +- .../testing-scenarios-for-wip.md | 11 + ...-basic-audit-policy-on-a-file-or-folder.md | 20 + .../threat-protection/auditing/event-4612.md | 4 +- .../threat-protection/auditing/event-4615.md | 2 +- .../threat-protection/auditing/event-4624.md | 2 +- .../threat-protection/auditing/event-4670.md | 2 +- .../threat-protection/auditing/event-4688.md | 2 +- .../threat-protection/auditing/event-4704.md | 2 +- .../threat-protection/auditing/event-4705.md | 2 +- .../threat-protection/auditing/event-4715.md | 2 +- .../threat-protection/auditing/event-4717.md | 2 +- .../threat-protection/auditing/event-4718.md | 2 +- .../threat-protection/auditing/event-4738.md | 2 +- .../threat-protection/auditing/event-4742.md | 2 +- .../threat-protection/auditing/event-4817.md | 4 +- .../threat-protection/auditing/event-4864.md | 2 +- .../threat-protection/auditing/event-4907.md | 2 +- .../threat-protection/auditing/event-4911.md | 2 +- .../threat-protection/auditing/event-4913.md | 2 +- .../threat-protection/auditing/event-5143.md | 2 +- .../threat-protection/auditing/event-5145.md | 2 +- .../threat-protection/auditing/event-5150.md | 2 +- .../threat-protection/auditing/event-5151.md | 2 +- .../threat-protection/auditing/event-6400.md | 2 +- .../threat-protection/auditing/event-6401.md | 2 +- .../threat-protection/auditing/event-6402.md | 2 +- .../threat-protection/auditing/event-6403.md | 2 +- .../threat-protection/auditing/event-6404.md | 2 +- .../threat-protection/auditing/event-6409.md | 2 +- windows/security/threat-protection/index.md | 2 +- .../microsoft-defender-atp/alerts-queue.md | 8 +- .../configure-mssp-support.md | 109 +- .../create-alert-by-reference.md | 2 +- .../exposed-apis-create-app-nativeapp.md | 95 +- .../get-user-related-alerts.md | 2 +- .../get-user-related-machines.md | 2 +- ...ormation-protection-in-windows-overview.md | 4 +- .../microsoft-defender-atp/isolate-machine.md | 4 +- .../microsoft-defender-atp/onboard.md | 4 +- .../overview-secure-score.md | 6 +- .../respond-file-alerts.md | 4 +- .../respond-machine-alerts.md | 2 +- .../security-operations-dashboard.md | 2 +- .../troubleshoot-onboarding.md | 4 +- .../microsoft-defender-atp/user-roles.md | 46 +- .../whats-new-in-microsoft-defender-atp.md | 8 +- .../security-compliance-toolkit-10.md | 2 +- ...dit-the-access-of-global-system-objects.md | 2 +- ...arding-to-assist-in-intrusion-detection.md | 5 +- .../windows-10-mobile-security-guide.md | 102 +- ...-connections-windows-defender-antivirus.md | 15 +- ...r-policies-by-using-set-applockerpolicy.md | 2 +- .../using-event-viewer-with-applocker.md | 8 +- .../working-with-applocker-policies.md | 2 +- .../create-path-based-rules.md | 8 +- .../select-types-of-rules-to-create.md | 11 +- .../windows-defender-application-control.md | 6 +- .../configure-wd-app-guard.md | 12 +- .../faq-wd-app-guard.md | 8 + .../install-wd-app-guard.md | 21 +- .../wd-app-guard-overview.md | 63 +- ...enable-controlled-folders-exploit-guard.md | 2 + ...tion-based-protection-of-code-integrity.md | 2 +- .../evaluate-exploit-protection.md | 2 +- .../wdsc-hide-notifications.md | 18 +- ...create-windows-firewall-rules-in-intune.md | 4 +- ...to-end-ipsec-connections-by-using-ikev2.md | 6 +- ...-administration-with-windows-powershell.md | 76 +- 238 files changed, 17627 insertions(+), 17213 deletions(-) create mode 100644 mdop/agpm/troubleshooting-agpm40-upgrades.md diff --git a/browsers/edge/includes/allow-adobe-flash-include.md b/browsers/edge/includes/allow-adobe-flash-include.md index d22ca7fe3b..3a7671c32a 100644 --- a/browsers/edge/includes/allow-adobe-flash-include.md +++ b/browsers/edge/includes/allow-adobe-flash-include.md @@ -1,45 +1,46 @@ ---- -author: eavena -ms.author: eravena -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - - ->*Supported versions: Microsoft Edge on Windows 10*
      ->*Default setting: Enabled or not configured (Allowed)* - -[!INCLUDE [allow-adobe-flash-shortdesc](../shortdesc/allow-adobe-flash-shortdesc.md)] - -### Supported values - -| Group Policy | MDM | Registry | Description | -|-----------------------|:---:|:--------:|-------------| -| Disabled | 0 | 0 | Prevented | -| Enabled **(default)** | 1 | 1 | Allowed | - ---- - -### ADMX info and settings - -#### ADMX info -- **GP English name:** Allow Adobe Flash -- **GP name:** AllowFlash -- **GP path:** Windows Components/Microsoft Edge -- **GP ADMX file name:** MicrosoftEdge.admx - -#### MDM settings -- **MDM name:** Browser/[AllowFlash](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowflash) -- **Supported devices:** Desktop -- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash -- **Data type:** Integer - -#### Registry settings -- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Addons -- **Value name:** FlashPlayerEnabled -- **Value type:** REG_DWORD - -
      +--- +author: eavena +ms.author: eravena +ms.date: 10/02/2018 +ms.reviewer: +audience: itpro +manager: dansimp +ms.prod: edge +ms.topic: include +--- + + +>*Supported versions: Microsoft Edge on Windows 10*
      +>*Default setting: Enabled or not configured (Allowed)* + +[!INCLUDE [allow-adobe-flash-shortdesc](../shortdesc/allow-adobe-flash-shortdesc.md)] + +### Supported values + +| Group Policy | MDM | Registry | Description | +|-----------------------|:---:|:--------:|-------------| +| Disabled | 0 | 0 | Prevented | +| Enabled **(default)** | 1 | 1 | Allowed | + +--- + +### ADMX info and settings + +#### ADMX info +- **GP English name:** Allow Adobe Flash +- **GP name:** AllowFlash +- **GP path:** Windows Components/Microsoft Edge +- **GP ADMX file name:** MicrosoftEdge.admx + +#### MDM settings +- **MDM name:** Browser/[AllowFlash](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowflash) +- **Supported devices:** Desktop +- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlash +- **Data type:** Integer + +#### Registry settings +- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Addons +- **Value name:** FlashPlayerEnabled +- **Value type:** REG_DWORD + +
      diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index 5150d172c9..9781a1de92 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -1,265 +1,266 @@ ---- -title: Deploy Microsoft Edge kiosk mode -description: Microsoft Edge kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. -ms.assetid: -ms.reviewer: -audience: itpro manager: dansimp -author: eavena -ms.author: eravena -ms.prod: edge -ms.sitesec: library -ms.topic: get-started-article -ms.localizationpriority: medium -ms.date: 10/29/2018 ---- - -# Deploy Microsoft Edge kiosk mode - ->Applies to: Microsoft Edge on Windows 10, version 1809 ->Professional, Enterprise, and Education - -In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge in kiosk mode. - -In this topic, you learn how to configure the behavior of Microsoft Edge when it's running in kiosk mode with assigned access. You also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or other MDM service. - -At the end of this topic, you can find a list of [supported policies](#supported-policies-for-kiosk-mode) for kiosk mode and a [feature comparison](#feature-comparison-of-kiosk-mode-and-kiosk-browser-app) of the kiosk mode policy and kiosk browser app. You also find instructions on how to provide us feedback or get support. - - -## Kiosk mode configuration types - ->**Policy** = Configure kiosk mode (ConfigureKioskMode) - -Microsoft Edge kiosk mode supports four configurations types that depend on how Microsoft Edge is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario. - -- Learn about [creating a kiosk experience](https://docs.microsoft.com/windows-hardware/customize/enterprise/create-a-kiosk-image) - - - [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage) - - - [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps). - -- Learn about configuring a more secure kiosk experience: [Other settings to lock down](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage#other-settings-to-lock-down). - - -### Important things to remember before getting started - -- The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks. - -- Microsoft Edge kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own. - -- Optionally, you can define a single URL for the Home button, Start page, and New Tab page. See [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode) to learn more. - -- No matter which configuration type you choose, you must set up Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy (Configure kiosk mode/ConfigureKioskMode).

      Learn more about assigned access: - - - [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw). - - - [Kiosk apps for assigned access best practices](https://aka.ms/H1s8y4). - - - [Guidelines for choosing an app for assigned access (kiosk mode)](https://aka.ms/Ul7dw3). - - -### Supported configuration types - -[!INCLUDE [configure-kiosk-mode-supported-values-include](includes/configure-kiosk-mode-supported-values-include.md)] - -## Set up Microsoft Edge kiosk mode - -Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge kiosk mode: - -- **Windows Settings.** Use only to set up a couple of single-app devices because you perform these steps physically on each device. For a multi-app kiosk device, use Microsoft Intune or other MDM service. - -- **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode). - - -### Prerequisites - -- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education). - -- URL to load when the kiosk launches. The URL that you provide sets the Home button, Start page, and New Tab page. - -- _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge: - - ``` - Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge - ``` - - -### Use Windows Settings - -Windows Settings is the simplest and the only way to set up one or a couple of single-app devices. - - -1. On the kiosk device, open Windows Settings, and in the search field type **kiosk** and then select **Set up a kiosk (assigned access)**. - -2. On the **Set up a kiosk** page, click **Get started**. - -3. Type a name to create a new kiosk account, or choose an existing account from the populated list and click **Next**. - -4. On the **Choose a kiosk app** page, select **Microsoft Edge** and then click **Next**. - -5. Select how Microsoft Edge displays when running in kiosk mode: - - - **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data. - - - **As a public browser** - Runs a limited multi-tab version of Microsoft Edge, protecting user data. - -6. Select **Next**. - -7. Type the URL to load when the kiosk launches. - -8. Accept the default value of **5 minutes** for the idle time or provide a value of your own. - -9. Click **Next**. - -10. Close the **Settings** window to save and apply your choices. - -11. Restart the kiosk device and sign in with the local kiosk account to validate the configuration. - -**_Congratulations!_**

      You’ve just finished setting up a single-app kiosk device using Windows Settings. - -**_What's next?_** - -- User your new kiosk device.

      - OR

      -- Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge**. - ---- - - -### Use Microsoft Intune or other MDM service - -With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add). - ->[!IMPORTANT] ->If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device. - -1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps. - -2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device. - - | | | - |---|---| - | **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**

      ![](images/icon-thin-line-computer.png) | Configure the display mode for Microsoft Edge as a kiosk app.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode

      **Data type:** Integer

      **Allowed values:**

      • **Single-app kiosk experience**
        • **0** - Digital signage and interactive display
        • **1** - InPrivate Public browsing
      • **Multi-app kiosk experience**
        • **0** - Normal Microsoft Edge running in assigned access
        • **1** - InPrivate public browsing with other apps
      | - | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**

      ![](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets the user's session.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout

      **Data type:** Integer

      **Allowed values:**

      • **0** - No idle timer
      • **1-1440 (5 minutes is the default)** - Set reset on idle timer
      | - | **[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)**

      ![](images/icon-thin-line-computer.png) | Set one or more start pages, URLs, to load when Microsoft Edge launches.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages

      **Data type:** String

      **Allowed values:**

      Enter one or more URLs, for example,
         \\ | - | **[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**

      ![](images/icon-thin-line-computer.png) | Configure how the Home Button behaves.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton

      **Data type:** Integer

      **Allowed values:**

      • **0 (default)** - Not configured. Show home button, and load the default Start page.
      • **1** - Enabled. Show home button and load New Tab page
      • **2** - Enabled. Show home button & set a specific page.
      • **3** - Enabled. Hide the home button.
      | - | **[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**

      ![](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL

      **Data type:** String

      **Allowed values:** Enter a URL, for example, https://www.bing.com | - | **[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**

      ![](images/icon-thin-line-computer.png) | Set a custom URL for the New Tab page.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL

      **Data type:** String

      **Allowed values:** Enter a URL, for example, https://www.msn.com | - - -**_Congratulations!_**

      You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service. - -**_What's next?_**

      Now it's time to use your new kiosk device. Sign into the device with the kiosk account selected to run Microsoft Edge kiosk mode. - ---- - - -## Supported policies for kiosk mode - -Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser). - -Make sure to check with your provider for instructions. - -| **MDM Setting** | **Digital /
      Interactive signage** | **Public browsing
      single-app** | **Public browsing
      multi-app** | **Normal
      mode** | -|------------------|:---------:|:---------:|:---------:|:---------:| -| [AllowAddressBarDropdown](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowAutofill](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowBrowser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | -| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowCookies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [AllowDeveloperTools](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowDoNotTrack](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [AllowExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowFlash](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflash) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [AllowFlashClickToRun](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | ![Supported](images/148767.png)2 | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [AllowFullscreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [AllowInPrivate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | -| [AllowPasswordManager](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowPopups](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [AllowPrelaunch](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowPrinting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [AllowSavingHistory](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowSearchEngineCustomization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [AllowSideloadingExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [AllowSyncMySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowTabPreloading](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [ClearBrowsingDataOnExit](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [ConfigureFavoritesBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -|  [ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -|  [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | -| [ConfigureOpenEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [DisableLockdownOfStartPages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)\* and [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | -| [FirstRunURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | -| [HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [LockdownFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [PreventCertErrorOverrides](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [PreventFirstRunPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) | ![Supported](images/148767.png) | ![Supported](images/148767.png)| ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [PreventLiveTileDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | -| [SetDefaultSearchEngine](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | -| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | -| [UnlockHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [UseSharedFolderForBooks](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | - - -*\* New policy as of Windows 10, version 1809.*

      -*1) For multi-app assigned access, you must configure Internet Explorer 11.*
      -*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.* - -**Legend:**

      -       ![Not supported](images/148766.png) = Not applicable or not supported
      -       ![Supported](images/148767.png) = Supported - ---- - -## Feature comparison of kiosk mode and kiosk browser app -In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access. - - -| **Feature** | **Microsoft Edge kiosk mode** | **Microsoft Kiosk browser app** | -|-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:| -| Print support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | -| Multi-tab support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | -| Allow/Block URL support | ![Supported](images/148767.png)

      *\*For Microsoft Edge kiosk mode use* Windows Defender Firewall. Microsoft kiosk browser has custom policy support. | ![Supported](images/148767.png) | -| Configure Home Button | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| Set Start page(s) URL | ![Supported](images/148767.png) | ![Supported](images/148767.png)

      *Same as Home button URL* | -| Set New Tab page URL | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | -| Favorites management | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | -| End session button | ![Supported](images/148767.png) | ![Supported](images/148767.png)

      *In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration introduced in version 1808.* | -| Reset on inactivity | ![Supported](images/148767.png) | ![Supported](images/148767.png) | -| Internet Explorer integration (Enterprise Mode site list) | ![Supported](images/148767.png)

      *Multi-app mode only* | ![Not supported](images/148766.png) | -| Available in Microsoft Store | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| SKU availability | Windows 10 October 2018 Update
      Professional, Enterprise, and Education | Windows 10 April 2018 Update
      Professional, Enterprise, and Education | - -**\*Windows Defender Firewall**

      -To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). - ---- - -## Provide feedback or get support - -To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory. - -**_For multi-app kiosk only._** If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory. - - - +--- +title: Deploy Microsoft Edge kiosk mode +description: Microsoft Edge kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. +ms.assetid: +ms.reviewer: +audience: itpro +manager: dansimp +author: eavena +ms.author: eravena +ms.prod: edge +ms.sitesec: library +ms.topic: article +ms.localizationpriority: medium +ms.date: 10/29/2018 +--- + +# Deploy Microsoft Edge kiosk mode + +>Applies to: Microsoft Edge on Windows 10, version 1809 +>Professional, Enterprise, and Education + +In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge in kiosk mode. + +In this topic, you learn how to configure the behavior of Microsoft Edge when it's running in kiosk mode with assigned access. You also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or other MDM service. + +At the end of this topic, you can find a list of [supported policies](#supported-policies-for-kiosk-mode) for kiosk mode and a [feature comparison](#feature-comparison-of-kiosk-mode-and-kiosk-browser-app) of the kiosk mode policy and kiosk browser app. You also find instructions on how to provide us feedback or get support. + + +## Kiosk mode configuration types + +>**Policy** = Configure kiosk mode (ConfigureKioskMode) + +Microsoft Edge kiosk mode supports four configurations types that depend on how Microsoft Edge is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario. + +- Learn about [creating a kiosk experience](https://docs.microsoft.com/windows-hardware/customize/enterprise/create-a-kiosk-image) + + - [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage) + + - [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps). + +- Learn about configuring a more secure kiosk experience: [Other settings to lock down](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage#other-settings-to-lock-down). + + +### Important things to remember before getting started + +- The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks. + +- Microsoft Edge kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own. + +- Optionally, you can define a single URL for the Home button, Start page, and New Tab page. See [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode) to learn more. + +- No matter which configuration type you choose, you must set up Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy (Configure kiosk mode/ConfigureKioskMode).

      Learn more about assigned access: + + - [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw). + + - [Kiosk apps for assigned access best practices](https://aka.ms/H1s8y4). + + - [Guidelines for choosing an app for assigned access (kiosk mode)](https://aka.ms/Ul7dw3). + + +### Supported configuration types + +[!INCLUDE [configure-kiosk-mode-supported-values-include](includes/configure-kiosk-mode-supported-values-include.md)] + +## Set up Microsoft Edge kiosk mode + +Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge kiosk mode: + +- **Windows Settings.** Use only to set up a couple of single-app devices because you perform these steps physically on each device. For a multi-app kiosk device, use Microsoft Intune or other MDM service. + +- **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode). + + +### Prerequisites + +- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education). + +- URL to load when the kiosk launches. The URL that you provide sets the Home button, Start page, and New Tab page. + +- _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge: + + ``` + Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge + ``` + + +### Use Windows Settings + +Windows Settings is the simplest and the only way to set up one or a couple of single-app devices. + + +1. On the kiosk device, open Windows Settings, and in the search field type **kiosk** and then select **Set up a kiosk (assigned access)**. + +2. On the **Set up a kiosk** page, click **Get started**. + +3. Type a name to create a new kiosk account, or choose an existing account from the populated list and click **Next**. + +4. On the **Choose a kiosk app** page, select **Microsoft Edge** and then click **Next**. + +5. Select how Microsoft Edge displays when running in kiosk mode: + + - **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data. + + - **As a public browser** - Runs a limited multi-tab version of Microsoft Edge, protecting user data. + +6. Select **Next**. + +7. Type the URL to load when the kiosk launches. + +8. Accept the default value of **5 minutes** for the idle time or provide a value of your own. + +9. Click **Next**. + +10. Close the **Settings** window to save and apply your choices. + +11. Restart the kiosk device and sign in with the local kiosk account to validate the configuration. + +**_Congratulations!_**

      You’ve just finished setting up a single-app kiosk device using Windows Settings. + +**_What's next?_** + +- User your new kiosk device.

      + OR

      +- Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge**. + +--- + + +### Use Microsoft Intune or other MDM service + +With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add). + +>[!IMPORTANT] +>If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device. + +1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps. + +2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device. + + | | | + |---|---| + | **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**

      ![](images/icon-thin-line-computer.png) | Configure the display mode for Microsoft Edge as a kiosk app.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode

      **Data type:** Integer

      **Allowed values:**

      • **Single-app kiosk experience**
        • **0** - Digital signage and interactive display
        • **1** - InPrivate Public browsing
      • **Multi-app kiosk experience**
        • **0** - Normal Microsoft Edge running in assigned access
        • **1** - InPrivate public browsing with other apps
      | + | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**

      ![](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets the user's session.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout

      **Data type:** Integer

      **Allowed values:**

      • **0** - No idle timer
      • **1-1440 (5 minutes is the default)** - Set reset on idle timer
      | + | **[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)**

      ![](images/icon-thin-line-computer.png) | Set one or more start pages, URLs, to load when Microsoft Edge launches.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages

      **Data type:** String

      **Allowed values:**

      Enter one or more URLs, for example,
         \\ | + | **[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**

      ![](images/icon-thin-line-computer.png) | Configure how the Home Button behaves.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton

      **Data type:** Integer

      **Allowed values:**

      • **0 (default)** - Not configured. Show home button, and load the default Start page.
      • **1** - Enabled. Show home button and load New Tab page
      • **2** - Enabled. Show home button & set a specific page.
      • **3** - Enabled. Hide the home button.
      | + | **[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**

      ![](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL

      **Data type:** String

      **Allowed values:** Enter a URL, for example, https://www.bing.com | + | **[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**

      ![](images/icon-thin-line-computer.png) | Set a custom URL for the New Tab page.

      **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL

      **Data type:** String

      **Allowed values:** Enter a URL, for example, https://www.msn.com | + + +**_Congratulations!_**

      You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service. + +**_What's next?_**

      Now it's time to use your new kiosk device. Sign into the device with the kiosk account selected to run Microsoft Edge kiosk mode. + +--- + + +## Supported policies for kiosk mode + +Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser). + +Make sure to check with your provider for instructions. + +| **MDM Setting** | **Digital /
      Interactive signage** | **Public browsing
      single-app** | **Public browsing
      multi-app** | **Normal
      mode** | +|------------------|:---------:|:---------:|:---------:|:---------:| +| [AllowAddressBarDropdown](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowAutofill](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowBrowser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | +| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowCookies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowDeveloperTools](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowDoNotTrack](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowFlash](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflash) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowFlashClickToRun](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | ![Supported](images/148767.png)2 | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowFullscreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowInPrivate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | +| [AllowPasswordManager](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowPopups](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowPrelaunch](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowPrinting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowSavingHistory](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowSearchEngineCustomization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowSideloadingExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [AllowSyncMySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowTabPreloading](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [ClearBrowsingDataOnExit](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [ConfigureFavoritesBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +|  [ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +|  [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | +| [ConfigureOpenEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [DisableLockdownOfStartPages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)\* and [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | +| [FirstRunURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | +| [HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [LockdownFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventCertErrorOverrides](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventFirstRunPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) | ![Supported](images/148767.png) | ![Supported](images/148767.png)| ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventLiveTileDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | +| [SetDefaultSearchEngine](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | +| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png)1 | ![Supported](images/148767.png) | +| [UnlockHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [UseSharedFolderForBooks](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | + + +*\* New policy as of Windows 10, version 1809.*

      +*1) For multi-app assigned access, you must configure Internet Explorer 11.*
      +*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.* + +**Legend:**

      +       ![Not supported](images/148766.png) = Not applicable or not supported
      +       ![Supported](images/148767.png) = Supported + +--- + +## Feature comparison of kiosk mode and kiosk browser app +In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access. + + +| **Feature** | **Microsoft Edge kiosk mode** | **Microsoft Kiosk browser app** | +|-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:| +| Print support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| Multi-tab support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| Allow/Block URL support | ![Supported](images/148767.png)

      *\*For Microsoft Edge kiosk mode use* Windows Defender Firewall. Microsoft kiosk browser has custom policy support. | ![Supported](images/148767.png) | +| Configure Home Button | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| Set Start page(s) URL | ![Supported](images/148767.png) | ![Supported](images/148767.png)

      *Same as Home button URL* | +| Set New Tab page URL | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| Favorites management | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | +| End session button | ![Supported](images/148767.png) | ![Supported](images/148767.png)

      *In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration introduced in version 1808.* | +| Reset on inactivity | ![Supported](images/148767.png) | ![Supported](images/148767.png) | +| Internet Explorer integration (Enterprise Mode site list) | ![Supported](images/148767.png)

      *Multi-app mode only* | ![Not supported](images/148766.png) | +| Available in Microsoft Store | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| SKU availability | Windows 10 October 2018 Update
      Professional, Enterprise, and Education | Windows 10 April 2018 Update
      Professional, Enterprise, and Education | + +**\*Windows Defender Firewall**

      +To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). + +--- + +## Provide feedback or get support + +To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory. + +**_For multi-app kiosk only._** If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory. + + + diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md index f561f79cfd..17e4e860cf 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md @@ -1,301 +1,302 @@ ---- -ms.localizationpriority: medium -ms.mktglfcycl: deploy -ms.pagetype: appcompat -description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10. -author: lomayor -ms.prod: ie11 -ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5 -ms.reviewer: -audience: itpro manager: dansimp -ms.author: lomayor -title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros) -ms.sitesec: library -ms.date: 12/04/2017 ---- - - -# Enterprise Mode schema v.2 guidance - -**Applies to:** - -- Windows 10 -- Windows 8.1 -- Windows 7 - -Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app. - -**Important**
      -If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md). - -## Enterprise Mode schema v.2 updates -Because of the schema changes, you can't combine the old version (v.1) with the new version (v.2) of the schema. If you look at your XML file, you can tell which version you're using by: - -- <rules>. If your schema root node includes this key, you're using the v.1 version of the schema. - -- <site-list>. If your schema root node includes this key, you're using the v.2 version of the schema. - -You can continue to use the v.1 version of the schema on Windows 10, but you won't have the benefits of the new v.2 version schema updates and new features. Additionally, saving the v.1 version of the schema in the new Enterprise Mode Site List Manager (schema v.2) automatically updates the file to use the v.2 version of the schema. - -### Enterprise Mode v.2 schema example -The following is an example of the v.2 version of the Enterprise Mode schema. - -**Important**
      -Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both https://contoso.com and https://contoso.com. - -``` xml - - - - EnterpriseSitelistManager - 10240 - 20150728.135021 - - - - IE8Enterprise - MSEdge - - - default - IE11 - - - IE7Enterprise - IE11 - - - default - IE11 - - - default - none - - IE8Enterprise" - - - IE7 - IE11 - - - IE8Enterprise - IE11 - - - IE7 - IE11 - - -``` - -### Updated schema elements -This table includes the elements used by the v.2 version of the Enterprise Mode schema. - -

      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		Last updated:
      August 01, 2019
      06:12 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Issues updating when certain versions of Intel storage drivers are installed
      Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

      To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

      Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.6.1044.

      Affected platforms:
      • Client: Windows 10, version 1903
      • Server: Windows Server, version 1903
      Next steps: To resolve this issue, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for the May 2019 Update. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

      Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Mitigated External
      		Last updated:
      August 01, 2019
      05:58 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Issues updating when certain versions of Intel storage drivers are installed
      Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

      To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

      Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

      Affected platforms:
      • Client: Windows 10, version 1903
      • Server: Windows Server, version 1903
      Next steps: To resolve this issue, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for the May 2019 Update. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

      Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Mitigated External
      		Last updated:
      August 08, 2019
      05:50 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
      Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

      To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

      Affected platforms:
      • Client: Windows 10, version 1903
      Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		Last updated:
      July 16, 2019
      09:04 AM PT

      Opened:
      July 12, 2019
      04:20 PM PT
      Initiating a Remote Desktop connection may result in black screen
      When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

      Affected platforms:
      • Client: Windows 10, version 1903
      • Server: Windows Server, version 1903
      Next steps: We are working on a resolution that will be made available in upcoming release.

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		Last updated:
      July 12, 2019
      04:42 PM PT

      Opened:
      July 12, 2019
      04:42 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503293 on a WDS server.

      Affected platforms:
      • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
      Workaround:
      To mitigate this issue on an SCCM server:
      1. Verify Variable Window Extension is enabled.
      2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
      Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

      To mitigate this issue on a WDS server without SCCM:
      1. In WDS TFTP settings, verify Variable Window Extension is enabled.
      2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
      3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
      Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 18362.175

      June 11, 2019
      KB4503293      		Mitigated
      		Last updated:
      July 10, 2019
      07:09 PM PT

      Opened:
      July 10, 2019
      02:51 PM PT
      - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      ElementDescriptionSupported browser
      <site-list>A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>. -

      Example -

      -<site-list version="205">
-  <site url="contoso.com">
-    <compat-mode>IE8Enterprise</compat-mode>
-    <open-in>IE11</open-in>
-  </site>
-</site-list>
      		Internet Explorer 11 and Microsoft Edge
      <site>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element. -

      Example -

      -<site url="contoso.com">
-  <compat-mode>default</compat-mode>
-  <open-in>none</open-in>
-</site>
      --or- -

      For IPv4 ranges:

      <site url="10.122.34.99:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

      --or- -

      For IPv6 ranges:

      <site url="[10.122.34.99]:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

      -You can also use the self-closing version, <url="contoso.com" />, which also sets: -

        -
      • <compat-mode>default</compat-mode>
        • -
      • <open-in>none</open-in>
        • -
      		Internet Explorer 11 and Microsoft Edge
      <compat-mode>A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11. -

      Example -

      -<site url="contoso.com">
-  <compat-mode>IE8Enterprise</compat-mode>
-</site>
      --or- -

      For IPv4 ranges:

      <site url="10.122.34.99:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

      --or- -

      For IPv6 ranges:

      <site url="[10.122.34.99]:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

      -Where: -

        -
      • IE8Enterprise. Loads the site in IE8 Enterprise Mode.
        This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE8 Enterprise Mode.

        • -

      • IE7Enterprise. Loads the site in IE7 Enterprise Mode.
        This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.

        Important
        This tag replaces the combination of the "forceCompatView"="true" attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.

        • -

      • IE[x]. Where [x] is the document mode number into which the site loads.

        • -

      • Default or not specified. Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
        • -
      		Internet Explorer 11
      <open-in>A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10. -

      Example -

      -<site url="contoso.com">
-  <open-in>none</open-in>
-</site>

      -Where: -

        -
      • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.

        • -

      • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.

        • -

      • None or not specified. Opens in whatever browser the employee chooses.
        • -
      		Internet Explorer 11 and Microsoft Edge
      - -### Updated schema attributes -The <url> attribute, as part of the <site> element in the v.2 version of the schema, replaces the <domain> element from the v.1 version of the schema. - - - - - - - - - - - - - - - - - - - - - - - - - -
      AttributeDescriptionSupported browser
      allow-redirectA boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser). -

      Example -

      -<site url="contoso.com/travel">
-  <open-in allow-redirect="true">IE11</open-in>
-</site>
      -In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.      		Internet Explorer 11 and Microsoft Edge
      versionSpecifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.Internet Explorer 11 and Microsoft Edge
      urlSpecifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL. -
      Note
      -Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com. -

      Example -

      -<site url="contoso.com:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-  <open-in>IE11</open-in>
-</site>
      -In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.      		Internet Explorer 11 and Microsoft Edge
      - -### Deprecated attributes -These v.1 version schema attributes have been deprecated in the v.2 version of the schema: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      Deprecated attributeNew attributeReplacement example
      <forceCompatView><compat-mode>Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>
      <docMode><compat-mode>Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>
      <doNotTransition><open-in>Replace <doNotTransition="true"> with <open-in>none</open-in>
      <domain> and <path><site>Replace: -
      -<emie>
-  <domain exclude="false">contoso.com</domain>
-</emie>
      -With: -
      -<site url="contoso.com"/>
-  <compat-mode>IE8Enterprise</compat-mode>
-</site>
      --AND-

      -Replace: -

      -<emie>
-  <domain exclude="true">contoso.com
-     <path exclude="false" forceCompatView="true">/about</path>
-  </domain>
-</emie>
      -With: -
      -<site url="contoso.com/about">
-  <compat-mode>IE7Enterprise</compat-mode>
-</site>
      - -While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features. - -**Important**
      -Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema. - -### What not to include in your schema -We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways: - -- Don’t use protocols. For example, https://, https://, or custom protocols. They break parsing. -- Don’t use wildcards. -- Don’t use query strings, ampersands break parsing. - -## Related topics -- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) - - - - +--- +ms.localizationpriority: medium +ms.mktglfcycl: deploy +ms.pagetype: appcompat +description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10. +author: lomayor +ms.prod: ie11 +ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5 +ms.reviewer: +audience: itpro +manager: dansimp +ms.author: lomayor +title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 12/04/2017 +--- + + +# Enterprise Mode schema v.2 guidance + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 + +Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app. + +**Important**
      +If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md). + +## Enterprise Mode schema v.2 updates +Because of the schema changes, you can't combine the old version (v.1) with the new version (v.2) of the schema. If you look at your XML file, you can tell which version you're using by: + +- <rules>. If your schema root node includes this key, you're using the v.1 version of the schema. + +- <site-list>. If your schema root node includes this key, you're using the v.2 version of the schema. + +You can continue to use the v.1 version of the schema on Windows 10, but you won't have the benefits of the new v.2 version schema updates and new features. Additionally, saving the v.1 version of the schema in the new Enterprise Mode Site List Manager (schema v.2) automatically updates the file to use the v.2 version of the schema. + +### Enterprise Mode v.2 schema example +The following is an example of the v.2 version of the Enterprise Mode schema. + +**Important**
      +Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both https://contoso.com and https://contoso.com. + +``` xml + + + + EnterpriseSitelistManager + 10240 + 20150728.135021 + + + + IE8Enterprise + MSEdge + + + default + IE11 + + + IE7Enterprise + IE11 + + + default + IE11 + + + default + none + + IE8Enterprise" + + + IE7 + IE11 + + + IE8Enterprise + IE11 + + + IE7 + IE11 + + +``` + +### Updated schema elements +This table includes the elements used by the v.2 version of the Enterprise Mode schema. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      ElementDescriptionSupported browser
      <site-list>A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>. +

      Example +

      +<site-list version="205">
+  <site url="contoso.com">
+    <compat-mode>IE8Enterprise</compat-mode>
+    <open-in>IE11</open-in>
+  </site>
+</site-list>
      		Internet Explorer 11 and Microsoft Edge
      <site>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element. +

      Example +

      +<site url="contoso.com">
+  <compat-mode>default</compat-mode>
+  <open-in>none</open-in>
+</site>
      +-or- +

      For IPv4 ranges:

      <site url="10.122.34.99:8080">
+  <compat-mode>IE8Enterprise</compat-mode>
+<site>

      +-or- +

      For IPv6 ranges:

      <site url="[10.122.34.99]:8080">
+  <compat-mode>IE8Enterprise</compat-mode>
+<site>

      +You can also use the self-closing version, <url="contoso.com" />, which also sets: +

        +
      • <compat-mode>default</compat-mode>
        • +
      • <open-in>none</open-in>
        • +
      		Internet Explorer 11 and Microsoft Edge
      <compat-mode>A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11. +

      Example +

      +<site url="contoso.com">
+  <compat-mode>IE8Enterprise</compat-mode>
+</site>
      +-or- +

      For IPv4 ranges:

      <site url="10.122.34.99:8080">
+  <compat-mode>IE8Enterprise</compat-mode>
+<site>

      +-or- +

      For IPv6 ranges:

      <site url="[10.122.34.99]:8080">
+  <compat-mode>IE8Enterprise</compat-mode>
+<site>

      +Where: +

        +
      • IE8Enterprise. Loads the site in IE8 Enterprise Mode.
        This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE8 Enterprise Mode.

        • +

      • IE7Enterprise. Loads the site in IE7 Enterprise Mode.
        This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.

        Important
        This tag replaces the combination of the "forceCompatView"="true" attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.

        • +

      • IE[x]. Where [x] is the document mode number into which the site loads.

        • +

      • Default or not specified. Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
        • +
      		Internet Explorer 11
      <open-in>A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10. +

      Example +

      +<site url="contoso.com">
+  <open-in>none</open-in>
+</site>

      +Where: +

        +
      • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.

        • +

      • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.

        • +

      • None or not specified. Opens in whatever browser the employee chooses.
        • +
      		Internet Explorer 11 and Microsoft Edge
      + +### Updated schema attributes +The <url> attribute, as part of the <site> element in the v.2 version of the schema, replaces the <domain> element from the v.1 version of the schema. + + + + + + + + + + + + + + + + + + + + + + + + + +
      AttributeDescriptionSupported browser
      allow-redirectA boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser). +

      Example +

      +<site url="contoso.com/travel">
+  <open-in allow-redirect="true">IE11</open-in>
+</site>
      +In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.      		Internet Explorer 11 and Microsoft Edge
      versionSpecifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.Internet Explorer 11 and Microsoft Edge
      urlSpecifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL. +
      Note
      +Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com. +

      Example +

      +<site url="contoso.com:8080">
+  <compat-mode>IE8Enterprise</compat-mode>
+  <open-in>IE11</open-in>
+</site>
      +In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.      		Internet Explorer 11 and Microsoft Edge
      + +### Deprecated attributes +These v.1 version schema attributes have been deprecated in the v.2 version of the schema: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      Deprecated attributeNew attributeReplacement example
      <forceCompatView><compat-mode>Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>
      <docMode><compat-mode>Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>
      <doNotTransition><open-in>Replace <doNotTransition="true"> with <open-in>none</open-in>
      <domain> and <path><site>Replace: +
      +<emie>
+  <domain exclude="false">contoso.com</domain>
+</emie>
      +With: +
      +<site url="contoso.com"/>
+  <compat-mode>IE8Enterprise</compat-mode>
+</site>
      +-AND-

      +Replace: +

      +<emie>
+  <domain exclude="true">contoso.com
+     <path exclude="false" forceCompatView="true">/about</path>
+  </domain>
+</emie>
      +With: +
      +<site url="contoso.com/about">
+  <compat-mode>IE7Enterprise</compat-mode>
+</site>
      + +While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features. + +**Important**
      +Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema. + +### What not to include in your schema +We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways: + +- Don’t use protocols. For example, https://, https://, or custom protocols. They break parsing. +- Don’t use wildcards. +- Don’t use query strings, ampersands break parsing. + +## Related topics +- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) + + + + diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md index 8cbeaf26eb..838674f0dc 100644 --- a/devices/hololens/hololens-encryption.md +++ b/devices/hololens/hololens-encryption.md @@ -102,6 +102,6 @@ Provisioning packages are files created by the Windows Configuration Designer to Encryption is silent on HoloLens. To verify the device encryption status: -- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted. +- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted. ![About screen showing BitLocker enabled](images/about-encryption.png) diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md index ef830c3525..418cfce2d9 100644 --- a/devices/hololens/hololens-updates.md +++ b/devices/hololens/hololens-updates.md @@ -22,9 +22,9 @@ manager: dansimp For a complete list of Update policies, see [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business). To configure how and when updates are applied, use the following policies: -- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) -- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday) -- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime) +- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) +- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday) +- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime) To turn off the automatic check for updates, set the following policy to value **5** – Turn off Automatic Updates: - [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) diff --git a/devices/surface-hub/surface-hub-2s-setup.md b/devices/surface-hub/surface-hub-2s-setup.md index 7df7a694dc..76e5ac1055 100644 --- a/devices/surface-hub/surface-hub-2s-setup.md +++ b/devices/surface-hub/surface-hub-2s-setup.md @@ -97,4 +97,4 @@ If you insert a USB thumb drive with a provisioning package into one of the USB ![* Select a device account and friendly name from your configuration file*](images/sh2-run14.png)
      - 4. Follow the instructions to complete first time Setup. +4. Follow the instructions to complete first time Setup. diff --git a/devices/surface-hub/surface-hub-update-history.md b/devices/surface-hub/surface-hub-update-history.md index 881dfa5e4b..568e515039 100644 --- a/devices/surface-hub/surface-hub-update-history.md +++ b/devices/surface-hub/surface-hub-update-history.md @@ -26,6 +26,18 @@ Please refer to the “[Surface Hub Important Information](https://support.micro ## Windows 10 Team Creators Update 1703 +
      +June 18, 2019—update for Team edition based on KB4503289* (OS Build 15063.1897) + +This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: + +* Addresses an issue with log collection for Microsoft Surface Hub 2S. +* Addresses an issue preventing a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully. + +Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. +*[KB4503289](https://support.microsoft.com/help/4503289) +
      +
      May 28, 2019—update for Team edition based on KB4499162* (OS Build 15063.1835) @@ -484,4 +496,4 @@ This update to the Surface Hub includes quality improvements and security fixes. * [Windows 10 November update: FAQ](http://windows.microsoft.com/windows-10/windows-update-faq) * [Microsoft Surface update history](http://go.microsoft.com/fwlink/p/?LinkId=724327) * [Microsoft Lumia update history](http://go.microsoft.com/fwlink/p/?LinkId=785968) -* [Get Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=616447) \ No newline at end of file +* [Get Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=616447) diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md index 2c8a3793a6..e921c71e09 100644 --- a/devices/surface-hub/whiteboard-collaboration.md +++ b/devices/surface-hub/whiteboard-collaboration.md @@ -34,7 +34,7 @@ To get Whiteboard to Whiteboard collaboration up and running, you’ll need to m - Currently not utilizing Office 365 Germany or Office 365 operated by 21Vianet - Surface Hub needs to be updated to Windows 10, version 1607 or newer - Port 443 needs to be open since Whiteboard makes standard https requests -- Whiteboard.ms, wbd.ms, \*.onenote.com, and your company's SharePoint tenant domain URLs need to be whitelisted for proxies +- Whiteboard.ms, whiteboard.microsoft.com, wbd.ms, \*.onenote.com, and your company's SharePoint tenant domain URLs need to be whitelisted for proxies >[!NOTE] @@ -68,4 +68,5 @@ After you’re done, you can export a copy of the Whiteboard collaboration for y ## Related topics - [Windows 10 Creators Update for Surface Hub](https://www.microsoft.com/surface/support/surface-hub/windows-10-creators-update-surface-hub) -- [Support documentation for Microsoft Whiteboard](https://support.office.com/en-us/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01) + +- [Support documentation for Microsoft Whiteboard](https://support.office.com/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01) diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md index 2d0b406711..a1e5874ea2 100644 --- a/devices/surface/step-by-step-surface-deployment-accelerator.md +++ b/devices/surface/step-by-step-surface-deployment-accelerator.md @@ -61,8 +61,8 @@ The following steps show you how to create a deployment share for Windows 10 tha >[!NOTE] >As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows: > * Deployment tools - > * User State Migration Tool (USMT) - > * Windows Preinstallation Environment (WinPE) + > * User State Migration Tool (USMT) + > * Windows Preinstallation Environment (WinPE) > [!NOTE] > As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1. @@ -75,11 +75,11 @@ The following steps show you how to create a deployment share for Windows 10 tha - **Local Path** – Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3. - - **Share Name** – Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**. + - **Share Name** – Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**. - **Windows 10 Deployment Services** - - Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot. + - Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot. - **Windows 10 Source Files** diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md index af796bd2c4..dff968bbf3 100644 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md @@ -103,39 +103,45 @@ The sample scripts include examples of how to set Surface UEFI settings and how ### Specify certificate and package names -The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates the names for the SEMM configuration package and SEMM reset package. The certificate and package names are specified on lines 56 through 67 in the ConfigureSEMM.ps1 script: +The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates SurfaceUEFIManager version, the names for the SEMM configuration package and SEMM reset package. The certificate name and SurfaceUEFIManager version are specified on lines 56 through 73 in the ConfigureSEMM.ps1 script: ``` 56 $WorkingDirPath = split-path -parent $MyInvocation.MyCommand.Definition 57 $packageRoot = "$WorkingDirPath\Config" - 58 - 59 if (-not (Test-Path $packageRoot)) { New-Item -ItemType Directory -Force -Path $packageRoot } - 60 Copy-Item "$WorkingDirPath\FabrikamOwnerSigner.pfx" $packageRoot - 61 - 62 $privateOwnerKey = Join-Path -Path $packageRoot -ChildPath "FabrikamOwnerSigner.pfx" - 63 $ownerPackageName = Join-Path -Path $packageRoot -ChildPath "FabrikamSignerProvisioningPackage.pkg" - 64 $resetPackageName = Join-Path -Path $packageRoot -ChildPath "FabrikamUniversalResetPackage.pkg" - 65 - 66 # If your PFX file requires a password then it can be set here, otherwise use a blank string. - 67 $password = "1234" + 58 $certName = "FabrikamSEMMSample.pfx" + 59 $DllVersion = "2.26.136.0" + 60 + 61 $certNameOnly = [System.IO.Path]::GetFileNameWithoutExtension($certName) + 62 $ProvisioningPackage = $certNameOnly + "ProvisioningPackage.pkg" + 63 $ResetPackage = $certNameOnly + "ResetPackage.pkg" + 64 + 65 if (-not (Test-Path $packageRoot)) { New-Item -ItemType Directory -Force -Path $packageRoot } + 66 Copy-Item "$WorkingDirPath\$certName" $packageRoot + 67 + 68 $privateOwnerKey = Join-Path -Path $packageRoot -ChildPath $certName + 69 $ownerPackageName = Join-Path -Path $packageRoot -ChildPath $ProvisioningPackage + 70 $resetPackageName = Join-Path -Path $packageRoot -ChildPath $ResetPackage + 71 + 72 # If your PFX file requires a password then it can be set here, otherwise use a blank string. + 73 $password = "1234" ``` -Replace the **FabrikamOwnerSigner.pfx** value for the **$privateOwnerKey** variable with the name of your SEMM Certificate file on both lines 60 and 62. The script will create a working directory (named Config) in the folder where your scripts are located, and will then copy the certificate file to this working directory. +Replace the **FabrikamSEMMSample.pfx** value for the **$certName** variable with the name of your SEMM Certificate file on line 58. The script will create a working directory (named Config) in the folder where your scripts are located, and will then copy the certificate file to this working directory. -Replace the **FabrikamSignerProvisioningPackage.pkg** and **FabrikamUniversalResetPackage.pkg** values on lines 63 and 64 to define the **$ownerPackageName** and **$resetPackageName** variables with your desired names for the SEMM configuration and reset packages. These packages will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script. +Owner package and reset package will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script. -On line 67, replace the value of the **$password** variable, from 1234, to the password for your certificate file. If a password is not required, delete the **1234** text. +On line 73, replace the value of the **$password** variable, from 1234, to the password for your certificate file. If a password is not required, delete the **1234** text. >[!Note] ->The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 144-149, to accomplish this: +>The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 150-155, to accomplish this: ``` -144 # Device owners will need the last two characters of the thumbprint to accept SEMM ownership. -145 # For convenience we get the thumbprint here and present to the user. -146 $pw = ConvertTo-SecureString $password -AsPlainText -Force -147 $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -148 $certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet) -149 Write-Host "Thumbprint =" $certPrint.Thumbprint +150 # Device owners will need the last two characters of the thumbprint to accept SEMM ownership. +151 # For convenience we get the thumbprint here and present to the user. +152 $pw = ConvertTo-SecureString $password -AsPlainText -Force +153 $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 +154 $certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet) +155 Write-Host "Thumbprint =" $certPrint.Thumbprint ``` Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process: @@ -153,46 +159,47 @@ Administrators with access to the certificate file (.pfx) can read the thumbprin ### Configure permissions -The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 202 in the sample script with the comment **# Configure Permissions** and continues to line 238. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras: +The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 210 in the sample script with the comment **# Configure Permissions** and continues to line 247. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras: ``` -202 # Configure Permissions -203 foreach ($uefiV2 IN $surfaceDevices.Values) { -204 # Here we define which "identities" will be allowed to modify which settings -205 # PermissionSignerOwner = The primary SEMM enterprise owner identity -206 # PermissionLocal = The user when booting to the UEFI pre-boot GUI -207 # PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 = -208 # Additional user identities created so that the signer owner -209 # can delegate permission control for some settings. -210 $ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -211 $ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal) -212 -213 # Make all permissions owner only by default -214 foreach ($setting IN $uefiV2.Settings.Values) { -215 $setting.ConfiguredPermissionFlags = $ownerOnly -216 } -217 # Allow the local user to change their own password -218 $uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser -219 -220 # Allow the local user to change the state of the TPM -221 $uefiV2.Settings["Trusted Platform Module (TPM)"].ConfiguredPermissionFlags = $ownerAndLocalUser -222 -223 # Allow the local user to change the state of the Front and Rear cameras -224 $uefiV2.SettingsById[302].ConfiguredPermissionFlags = $ownerAndLocalUser -225 $uefiV2.SettingsById[304].ConfiguredPermissionFlags = $ownerAndLocalUser -226 -227 -228 # Create a unique package name based on family and LSV. -229 # We will choose a name that can be parsed by later scripts. -230 $packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg" -231 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName -232 -233 # Build and sign the Permission package then save it to a file. -234 $permissionPackageStream = $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv) -235 $permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write) -236 $permissionPackageStream.CopyTo($permissionPackage) -237 $permissionPackage.Close() -238 } +210 # Configure Permissions +211 foreach ($uefiV2 IN $surfaceDevices.Values) { +212 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) { +213 Write-Host "Configuring permissions" +214 Write-Host $Device.Model +215 Write-Host "=======================" +216 +217 # Here we define which "identities" will be allowed to modify which settings +218 # PermissionSignerOwner = The primary SEMM enterprise owner identity +219 # PermissionLocal = The user when booting to the UEFI pre-boot GUI +220 # PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 = +221 # Additional user identities created so that the signer owner +222 # can delegate permission control for some settings. +223 $ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner +224 $ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal) +225 +226 # Make all permissions owner only by default +227 foreach ($setting IN $uefiV2.Settings.Values) { +228 $setting.ConfiguredPermissionFlags = $ownerOnly +229 } +230 +231 # Allow the local user to change their own password +232 $uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser +233 +234 Write-Host "" +235 +236 # Create a unique package name based on family and LSV. +237 # We will choose a name that can be parsed by later scripts. +238 $packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg" +239 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName +240 +241 # Build and sign the Permission package then save it to a file. +242 $permissionPackageStream = $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv) +243 $permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write) +244 $permissionPackageStream.CopyTo($permissionPackage) +245 $permissionPackage.Close() +246 } +247 } ``` Each **$uefiV2** variable identifies a Surface UEFI setting by setting name or ID, and then configures the permissions to one of the following values: @@ -204,69 +211,169 @@ You can find information about the available settings names and IDs for Surface ### Configure settings -The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 282 through line 312 in the sample script. The region appears as follows: +The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 291 through line 335 in the sample script. The region appears as follows: ``` -282 # Configure Settings -283 foreach ($uefiV2 IN $surfaceDevices.Values) { -284 # In this demo, we will start by setting every setting to the default factory setting. -285 # You may want to start by doing this in your scripts -286 # so that every setting gets set to a known state. -287 foreach ($setting IN $uefiV2.Settings.Values) { -288 $setting.ConfiguredValue = $setting.DefaultValue -289 } -290 -291 # If you want to set something to a different value from the default, -292 # here are examples of how to accomplish this. -293 $uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = "Disabled" -294 -295 # If you want to leave the setting unmodified, set it to $null -296 # PowerShell has issues setting things to $null so ClearConfiguredValue() -297 # is supplied to do this explicitly. -298 # Here is an example of leaving the UEFI administrator password as-is, -299 # even after we initially set it to factory default above. -300 $uefiV2.SettingsById[501].ClearConfiguredValue() -301 -302 # Create a unique package name based on family and LSV. -303 # We will choose a name that can be parsed by later scripts. -304 $packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg" -305 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName -306 -307 # Build and sign the Settings package then save it to a file. -308 $settingsPackageStream = $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv) -309 $settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write) -310 $settingsPackageStream.CopyTo($settingsPackage) -311 $settingsPackage.Close() -312 } +291 # Configure Settings +292 foreach ($uefiV2 IN $surfaceDevices.Values) { +293 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) { +294 Write-Host "Configuring settings" +295 Write-Host $Device.Model +296 Write-Host "====================" +297 +298 # In this demo, we will start by setting every setting to the default factory setting. +299 # You may want to start by doing this in your scripts +300 # so that every setting gets set to a known state. +301 foreach ($setting IN $uefiV2.Settings.Values) { +302 $setting.ConfiguredValue = $setting.DefaultValue +303 } +304 +305 $EnabledValue = "Enabled" +306 $DisabledValue = "Disabled" +307 +308 # If you want to set something to a different value from the default, +309 # here are examples of how to accomplish this. +310 # This disables IPv6 PXE boot by name: +311 $uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = $DisabledValue +312 +313 # This disables IPv6 PXE Boot by ID: +314 $uefiV2.SettingsById[400].ConfiguredValue = $DisabledValue +315 +316 Write-Host "" +317 +318 # If you want to leave the setting unmodified, set it to $null +319 # PowerShell has issues setting things to $null so ClearConfiguredValue() +320 # is supplied to do this explicitly. +321 # Here is an example of leaving the UEFI administrator password as-is, +322 # even after we initially set it to factory default above. +323 $uefiV2.SettingsById[501].ClearConfiguredValue() +324 +325 # Create a unique package name based on family and LSV. +326 # We will choose a name that can be parsed by later scripts. +327 $packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg" +328 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName +329 +330 # Build and sign the Settings package then save it to a file. +331 $settingsPackageStream = $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv) +332 $settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write) +333 $settingsPackageStream.CopyTo($settingsPackage) +334 $settingsPackage.Close() +335 } ``` Like the permissions set in the **Configure Permissions** section of the script, the configuration of each Surface UEFI setting is performed by defining the **$uefiV2** variable. For each line defining the **$uefiV2** variable, a Surface UEFI setting is identified by setting name or ID and the configured value is set to **Enabled** or **Disabled**. -If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 300 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**. +If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 323 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**. You can find information about the available settings names and IDs for Surface UEFI in the [Settings Names and IDs](#settings-names-and-ids) section later in this article. ### Settings registry key -To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes a registry key that can be used to identify enrolled systems as having been installed with the SEMM configuration script. This key can be found at the following location: +To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes registry keys that can be used to identify enrolled systems as having been installed with the SEMM configuration script. These keys can be found at the following location: -`HKLM\SOFTWARE\Microsoft\Surface\SEMM\Enabled_Version1000` +`HKLM\SOFTWARE\Microsoft\Surface\SEMM` -The following code fragment, found on lines 352-363, is used to write this registry key: +The following code fragment, found on lines 380-477, is used to write these registry keys: ``` -352 $SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM" -353 New-RegKey $SurfaceRegKey -354 $SurfaceRegValue = Get-ItemProperty $SurfaceRegKey Enabled_Version1000 -ErrorAction SilentlyContinue -355 -356 If ($SurfaceRegValue -eq $null) -357 { -358 New-ItemProperty -Path $SurfaceRegKey -Name Enabled_Version1000 -PropertyType String -Value 1 | Out-Null -359 } -360 Else -361 { -362 Set-ItemProperty -Path $SurfaceRegKey -Name Enabled_Version1000 -Value 1 -363 } +380 # For SCCM or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry: +381 $UTCDate = (Get-Date).ToUniversalTime().ToString() +382 $certIssuer = $certPrint.Issuer +383 $certSubject = $certPrint.Subject +384 +385 $SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM" +386 New-RegKey $SurfaceRegKey +387 $LSVRegValue = Get-ItemProperty $SurfaceRegKey LSV -ErrorAction SilentlyContinue +388 $DateTimeRegValue = Get-ItemProperty $SurfaceRegKey LastConfiguredUTC -ErrorAction SilentlyContinue +389 $OwnershipSessionIdRegValue = Get-ItemProperty $SurfaceRegKey OwnershipSessionId -ErrorAction SilentlyContinue +390 $PermissionSessionIdRegValue = Get-ItemProperty $SurfaceRegKey PermissionSessionId -ErrorAction SilentlyContinue +391 $SettingsSessionIdRegValue = Get-ItemProperty $SurfaceRegKey SettingsSessionId -ErrorAction SilentlyContinue +392 $IsResetRegValue = Get-ItemProperty $SurfaceRegKey IsReset -ErrorAction SilentlyContinue +393 $certUsedRegValue = Get-ItemProperty $SurfaceRegKey CertName -ErrorAction SilentlyContinue +394 $certIssuerRegValue = Get-ItemProperty $SurfaceRegKey CertIssuer -ErrorAction SilentlyContinue +395 $certSubjectRegValue = Get-ItemProperty $SurfaceRegKey CertSubject -ErrorAction SilentlyContinue +396 +397 +398 If ($LSVRegValue -eq $null) +399 { +400 New-ItemProperty -Path $SurfaceRegKey -Name LSV -PropertyType DWORD -Value $lsv | Out-Null +401 } +402 Else +403 { +404 Set-ItemProperty -Path $SurfaceRegKey -Name LSV -Value $lsv +405 } +406 +407 If ($DateTimeRegValue -eq $null) +408 { +409 New-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -PropertyType String -Value $UTCDate | Out-Null +410 } +411 Else +412 { +413 Set-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -Value $UTCDate +414 } +415 +416 If ($OwnershipSessionIdRegValue -eq $null) +417 { +418 New-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -PropertyType String -Value $ownerSessionIdValue | Out-Null +419 } +420 Else +421 { +422 Set-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -Value $ownerSessionIdValue +423 } +424 +425 If ($PermissionSessionIdRegValue -eq $null) +426 { +427 New-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -PropertyType String -Value $permissionSessionIdValue | Out-Null +428 } +429 Else +430 { +431 Set-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -Value $permissionSessionIdValue +432 } +433 +434 If ($SettingsSessionIdRegValue -eq $null) +435 { +436 New-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -PropertyType String -Value $settingsSessionIdValue | Out-Null +437 } +438 Else +439 { +440 Set-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -Value $settingsSessionIdValue +441 } +442 +443 If ($IsResetRegValue -eq $null) +444 { +445 New-ItemProperty -Path $SurfaceRegKey -Name IsReset -PropertyType DWORD -Value 0 | Out-Null +446 } +447 Else +448 { +449 Set-ItemProperty -Path $SurfaceRegKey -Name IsReset -Value 0 +450 } +451 +452 If ($certUsedRegValue -eq $null) +453 { +454 New-ItemProperty -Path $SurfaceRegKey -Name CertName -PropertyType String -Value $certName | Out-Null +455 } +456 Else +457 { +458 Set-ItemProperty -Path $SurfaceRegKey -Name CertName -Value $certName +459 } +460 +461 If ($certIssuerRegValue -eq $null) +462 { +463 New-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -PropertyType String -Value $certIssuer | Out-Null +464 } +465 Else +466 { +467 Set-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -Value $certIssuer +468 } +469 +470 If ($certSubjectRegValue -eq $null) +471 { +472 New-ItemProperty -Path $SurfaceRegKey -Name CertSubject -PropertyType String -Value $certSubject | Out-Null +473 } +474 Else +475 { +476 Set-ItemProperty -Path $SurfaceRegKey -Name CertSubject -Value $certSubject +477 } ``` ### Settings names and IDs diff --git a/mdop/agpm/TOC.md b/mdop/agpm/TOC.md index 1443cf78ae..319eeaf746 100644 --- a/mdop/agpm/TOC.md +++ b/mdop/agpm/TOC.md @@ -240,5 +240,6 @@ ###### [AGPM Server Connection Settings](agpm-server-connection-settings.md) ###### [Feature Visibility Settings](feature-visibility-settings.md) ##### [Other Enhancements to the GPMC](other-enhancements-to-the-gpmc.md) +## [Troubleshooting AGPM Upgrades](troubleshooting-agpm40-upgrades.md) ## [Resources for AGPM](resources-for-agpm.md) diff --git a/mdop/agpm/index.md b/mdop/agpm/index.md index 324327c269..3832e088c4 100644 --- a/mdop/agpm/index.md +++ b/mdop/agpm/index.md @@ -1,7 +1,7 @@ --- title: Advanced Group Policy Management description: Advanced Group Policy Management -author: jamiejdt +author: dansimp ms.assetid: 493ca3c3-c3d6-4bb1-9430-dc1e43c86bb0 ms.pagetype: mdop ms.mktglfcycl: manage diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md new file mode 100644 index 0000000000..a1b6663214 --- /dev/null +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -0,0 +1,41 @@ +--- +title: Troubleshooting AGPM Upgrades +description: Troubleshooting AGPM Upgrades +author: jedodson +ms.assetid: 1abbf0c1-fd32-46a8-a3ba-c005f066523d +ms.reviewer: +manager: dansimp +ms.author: jedodson +ms.pagetype: mdop +ms.mktglfcycl: manage +ms.sitesec: library +ms.prod: w10 +ms.date: 06/16/2016 +--- + + +# Troubleshooting AGPM Upgrades + +This section lists common issues that you may encounter when you upgrade your Advanced Group Policy Management (AGPM) server to a newer version (e.g. AGPM 4.0 to AGPM 4.3). To diagnose issues not listed here, it may be helpful to view the [Troubleshooting AGPM](troubleshooting-agpm-agpm40.md) or for an AGPM Administrator (Full Control) to use logging and tracing. For more information, see [Configure Logging and Tracing](configure-logging-and-tracing-agpm40.md). + +## What problems are you having? + +- [Failed to generate a HTML GPO difference report (Error code 80004003)](#bkmk-error-80004003) + +### Failed to generate a HTML GPO difference report (Error code 80004003) + +- **Cause**: You have installed the AGPM upgrade package with an incorrect account. + +- **Solution**: You will need to be an AGPM administrator in order to fix this issue. + + - Ensure you know the username & password of your **AGPM service account**. + + - Log onto your AGPM server interactively as your AGPM service account. + + - This is critically important, as the install will fail if you use a different account. + + - Shutdown the AGPM service. + + - Install the required hotfix. + + - Connect to AGPM using an AGPM client to test that your difference reports are now functioning. diff --git a/mdop/appv-v4/app-v-45-sp2-release-notes.md b/mdop/appv-v4/app-v-45-sp2-release-notes.md index 8aa9325da2..ab0e856ca4 100644 --- a/mdop/appv-v4/app-v-45-sp2-release-notes.md +++ b/mdop/appv-v4/app-v-45-sp2-release-notes.md @@ -73,11 +73,11 @@ When this has been completed, install the App-V 4.5 SP2 Clients by using Setup.m When installing Microsoft Application Error Reporting, use the following command if you are installing or upgrading to the App-V 4.5 SP2 Desktop Client: -**    msiexec /i dw20shared.msi APPGUID={C6FC75B9-7D86-4C44-8BDB-EAFE1F0E200D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus** +**msiexec /i dw20shared.msi APPGUID={C6FC75B9-7D86-4C44-8BDB-EAFE1F0E200D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus** Alternatively, if you are installing or upgrading to the App-V 4.5 SP2 Client for Remote Desktop Services (formerly Terminal Services), use the following command: -**    msiexec /i dw20shared.msi APPGUID={ECF80BBA-CA07-4A74-9ED6-E064F38AF1F5} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus** +**msiexec /i dw20shared.msi APPGUID={ECF80BBA-CA07-4A74-9ED6-E064F38AF1F5} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus** **Note**   - The APPGUID parameter references the product code of the App-V Clients that you install or upgrade. The product code is unique for each Setup.msi. You can use the Orca Database Editor or a similar tool to examine Windows Installer files and determine the product code. This step is required for all installations or upgrades to App-V 4.5 SP2. diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md index 4fb7e758ba..0a694a6795 100644 --- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md +++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md @@ -156,7 +156,7 @@ Instead of changing the AppFS key FILENAME value every time that a new cache fil 3. On the VDI Master VM Image, open a Command Prompt window by using the **Run as administrator** option and grant remote link permissions so that the VM can access the symbolic link on the VDI Host operating system. By default, remote link permissions are disabled. - **     fsutil behavior set SymlinkEvaluation R2R:1** + **fsutil behavior set SymlinkEvaluation R2R:1** **Note**   On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**. diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md index 13d25f29da..8fd997eafd 100644 --- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md +++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md @@ -167,7 +167,7 @@ Instead of modifying the AppFS key FILENAME value every time that a new cache fi 3. On the VDI Master VM Image, open a Command Prompt window by using the **Run as administrator** option and grant remote link permissions so that the VM can access the symbolic link on the VDI Host operating system. By default, remote link permissions are disabled. - **     fsutil behavior set SymlinkEvaluation R2R:1** + **fsutil behavior set SymlinkEvaluation R2R:1** **Note**   On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**. diff --git a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md b/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md index 9f013e4136..3df7f2a0ee 100644 --- a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md +++ b/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md @@ -13,52 +13,42 @@ ms.prod: w10 ms.date: 08/30/2016 --- - # How to Manually Install the Application Virtualization Client - There are two types of Application Virtualization Client components: the Application Virtualization Desktop Client, which is designed for installation on desktop computers, and the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services), which you can install on Remote Desktop Session Host (RD Session Host) servers . Although the two client installer programs are different, you can use the following procedure to manually install either the Application Virtualization Desktop Client on a single desktop computer or the Application Virtualization Client for Remote Desktop Services on a single RD Session Host server. In a production environment, you most likely will install the Application Virtualization Desktop Client on multiple desktop computers with an automated scripted installation process. For information about how to install multiple clients by using a scripted installation process, see [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md). **Note** -1. If you are installing the Application Virtualization Client for Remote Desktop Services software on a RD Session Host server, advise users who have an open RDP or ICA client session with the RD Session Host server that they must save their work and close their sessions. In a Remote Desktop session, you can install the client the client manually. For more information about upgrading the client, see [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md). - -2. If you have any configuration on the user’s computer that depends on the client install path, note that the Application Virtualization (App-V) 4.5 client uses a different install folder than previous versions. By default, a new install of the Application Virtualization (App-V) 4.5 client will install to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, installing the App-V client will perform an upgrade into the existing installation folder. - +1. If you are installing the Application Virtualization Client for Remote Desktop Services software on a RD Session Host server, advise users who have an open RDP or ICA client session with the RD Session Host server that they must save their work and close their sessions. In a Remote Desktop session, you can install the client the client manually. For more information about upgrading the client, see [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md). +2. If you have any configuration on the user’s computer that depends on the client install path, note that the Application Virtualization (App-V) 4.5 client uses a different install folder than previous versions. By default, a new install of the Application Virtualization (App-V) 4.5 client will install to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, installing the App-V client will perform an upgrade into the existing installation folder. **Note** For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL is installed in the Windows\\system32 directory. If the App-V client is installed on a 64-bit system, SFTLDR\_WOW64.DLL is installed in the Windows\\SysWOW64 directory. - - **To manually install Application Virtualization Desktop Client** -1. After you have obtained the correct installer archive file and saved it to your computer, make sure you are logged on with an account having administrator rights on the computer and double-click the file to expand the archive. +1. After you have obtained the correct installer archive file and saved it to your computer, make sure you are logged on with an account having administrator rights on the computer and double-click the file to expand the archive. -2. Choose the folder in which to save the files, and then open the folder after the files have been copied to it. +2. Choose the folder in which to save the files, and then open the folder after the files have been copied to it. -3. Review the Release Notes if appropriate. +3. Review the Release Notes if appropriate. -4. Browse to find the setup.exe file, and double-click setup.exe to start the installation. +4. Browse to find the setup.exe file, and double-click setup.exe to start the installation. -5. The wizard checks the system to ensure that all prerequisite software is installed, and if any of the following are missing, the wizard will automatically prompt you to install them: +5. The wizard checks the system to ensure that all prerequisite software is installed, and if any of the following are missing, the wizard will automatically prompt you to install them: - - Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) + - Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) - - Microsoft Core XML Services (MSXML) 6.0 SP1 (x86) + - Microsoft Core XML Services (MSXML) 6.0 SP1 (x86) - - Microsoft Application Error Reporting + - Microsoft Application Error Reporting **Note** For App-V version 4.6 and later, the wizard will also install Microsoft Visual C++ 2008 SP1 Redistributable Package (x86). - For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see (https://go.microsoft.com/fwlink/?LinkId=150700). + For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [https://go.microsoft.com/fwlink/?LinkId=150700](https://go.microsoft.com/fwlink/?LinkId=150700). - - -~~~ -If prompted, click **Install**. Installation progress is displayed, and the status changes from **Pending** to **Installing**. Installation status changes to **Succeeded** as each step is completed successfully. -~~~ + If prompted, click **Install**. Installation progress is displayed, and the status changes from **Pending** to **Installing**. Installation status changes to **Succeeded** as each step is completed successfully. 6. When the **Microsoft Application Virtualization Desktop Client – InstallShield Wizard** is displayed, click **Next**. @@ -76,88 +66,66 @@ If prompted, click **Install**. Installation progress is displayed, and the stat 12. On the **Application Virtualization Data Location** screen, click **Next** to accept the default data locations or complete the following actions to change where the data is stored: - 1. Click **Change**, and then browse to or, in the **Global Data Location** field, enter the destination folder for the global data location, and click **OK**. The Global Data Directory is where the Application Virtualization Desktop Client caches data shared by all users on the computer, like OSD files and SFT file data. + 1. Click **Change**, and then browse to or, in the **Global Data Location** field, enter the destination folder for the global data location, and click **OK**. The Global Data Directory is where the Application Virtualization Desktop Client caches data shared by all users on the computer, like OSD files and SFT file data. - 2. If you want to change the drive letter to be used, select the preferred drive letter from the drop-down list. + 2. If you want to change the drive letter to be used, select the preferred drive letter from the drop-down list. - 3. Enter a new path to store the user-specific data in the **User-specific Data Location** field if you want to change the data location. The User Data Directory is where the Application Virtualization Desktop Client stores user-specific information, like personal settings for virtualized applications. + 3. Enter a new path to store the user-specific data in the **User-specific Data Location** field if you want to change the data location. The User Data Directory is where the Application Virtualization Desktop Client stores user-specific information, like personal settings for virtualized applications. **Note** This path must be different for every user, so it should include a user-specific environment variable or a mapped drive or something else that will resolve to a unique path for each user. - - - 4. When you have finished making the changes, click **Next**. + 4. When you have finished making the changes, click **Next**. 13. On the **Cache Size Settings** screen, you can accept or change the default cache size. Click one of the following radio buttons to choose how to manage the cache space: - 1. **Use maximum cache size**. Enter a numeric value from 100–1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size of the cache. + 1. **Use maximum cache size**. Enter a numeric value from 100–1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size of the cache. - 2. **Use free disk space threshold**. Enter a numeric value to specify the amount of free disk space, in MB, that the Application Virtualization Client must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is currently unused. + 2. **Use free disk space threshold**. Enter a numeric value to specify the amount of free disk space, in MB, that the Application Virtualization Client must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is currently unused. - **Important** - To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly. For more information about the cache space management feature, in the Microsoft Application Virtualization (App-V) Operations Guide, see **How to Use the Cache Space Management Feature**. + **Important** + To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly. For more information about the cache space management feature, in the Microsoft Application Virtualization (App-V) Operations Guide, see **How to Use the Cache Space Management Feature**. - - -~~~ -Click **Next** to continue. -~~~ + Click **Next** to continue. 14. In the following sections of the **Runtime Package Policy Configuration** screen, you can change the parameters that affect how the Application Virtualization client behaves during runtime: - 1. **Application Source Root**. Specifies the location of SFT files. If used, overrides the protocol, server, and port portions of the CODEBASE HREF URL in the OSD file. + 1. **Application Source Root**. Specifies the location of SFT files. If used, overrides the protocol, server, and port portions of the CODEBASE HREF URL in the OSD file. - 2. **Application Authorization**. When **Require User authorization even when cached** is checked, users are required to connect to a server and validate their credentials at least once before they are allowed to start each virtual application. + 2. **Application Authorization**. When **Require User authorization even when cached** is checked, users are required to connect to a server and validate their credentials at least once before they are allowed to start each virtual application. - 3. **Allow streaming from file**. Indicates whether streaming from file will be enabled, regardless of how the **Application Source Root** field is used. If not checked, streaming from files is disabled. This must be checked if **Application Source Root** contains a UNC path in the form \\\\server\\share. + 3. **Allow streaming from file**. Indicates whether streaming from file will be enabled, regardless of how the **Application Source Root** field is used. If not checked, streaming from files is disabled. This must be checked if **Application Source Root** contains a UNC path in the form \\\\server\\share. - 4. **Automatically Load Application**. Controls when and how automatic background loading of applications occurs. + 4. **Automatically Load Application**. Controls when and how automatic background loading of applications occurs. **Note** When you install the App-V client to use with a read-only cache, for example, with a VDI server implementation, set **What applications to Auto Load** to **Do not automatically load applications** to prevent the client from trying to update applications in the read-only cache. - - -~~~ -Click **Next** to continue. -~~~ + Click **Next** to continue. 15. On the **Publishing Server** screen, select the **Set up a Publishing Server now** check box if you want to define a publishing server, or click **Next** if you want to complete this later. To define a publishing server, specify the following information: - 1. **Display Name**—Enter the name you want to display for the server. + 1. **Display Name**—Enter the name you want to display for the server. - 2. **Type**—Select the server type from the drop-down list of server types. + 2. **Type**—Select the server type from the drop-down list of server types. - 3. **Host Name** and **Port**—Enter the host name and the port in the corresponding fields. When you select a server type in the drop-down list, the port field will automatically fill with the standard port numbers. To change a port number, click the server type in the list and change the port number according to your needs. + 3. **Host Name** and **Port**—Enter the host name and the port in the corresponding fields. When you select a server type in the drop-down list, the port field will automatically fill with the standard port numbers. To change a port number, click the server type in the list and change the port number according to your needs. - 4. **Path**—If you have selected either **Standard HTTP Server** or **Enhanced Security HTTP Server**, you must enter the complete path to the XML file containing publishing data in this field. If you select either **Application Virtualization Server** or **Enhanced Security Application Virtualization Server**, this field is not active. + 4. **Path**—If you have selected either **Standard HTTP Server** or **Enhanced Security HTTP Server**, you must enter the complete path to the XML file containing publishing data in this field. If you select either **Application Virtualization Server** or **Enhanced Security Application Virtualization Server**, this field is not active. - 5. **Automatically contact this server to update settings when a user logs in**—Select this check box if you want this server to be queried automatically when users log in to their account on the Application Virtualization Client. + 5. **Automatically contact this server to update settings when a user logs in**—Select this check box if you want this server to be queried automatically when users log in to their account on the Application Virtualization Client. - 6. When finished with the configuration steps, click **Next**. + 6. When finished with the configuration steps, click **Next**. 16. On the **Ready to Install the Program** screen, click **Install**. A screen is displayed that shows the progress of the installation. 17. On the **Install Wizard Completed** screen, click **Finish**. - **Note** - If the installation fails for any reason, you might need to restart the computer before trying the install again. - - + **Note** + If the installation fails for any reason, you might need to restart the computer before trying the install again. ## Related topics - [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) [Stand-Alone Delivery Scenario Overview](stand-alone-delivery-scenario-overview.md) - - - - - - - - - diff --git a/mdop/appv-v4/index.md b/mdop/appv-v4/index.md index a7dc653c34..02747f94e3 100644 --- a/mdop/appv-v4/index.md +++ b/mdop/appv-v4/index.md @@ -1,7 +1,7 @@ --- title: Application Virtualization 4 description: Application Virtualization 4 -author: jamiejdt +author: dansimp ms.assetid: 9da557bc-f433-47d3-8af7-68ec4ff9bd3f ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy diff --git a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md index bf5e370da3..feb3688ed5 100644 --- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md +++ b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md @@ -76,7 +76,7 @@ This section is divided into two parts: (1) features in all versions of App-V an Microsoft Error Reporting provides a service that allows you to report problems you may be having with App-V to Microsoft and to receive information that may help you avoid or solve such problems. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at . @@ -84,7 +84,7 @@ For information about the information collected, processed, or transmitted by Mi We use the error reporting data to solve customer problems and improve our software and services. -**Choice/Control: ** +**Choice/Control:** App-V does not change your Microsoft Error Reporting settings. If you previously turned on error reporting, it will send Microsoft the information about the errors you encountered. When Microsoft needs additional data to analyze the problem, you will be prompted to review the data and choose whether or not to send it.  App-V will always respect your Microsoft Error Reporting settings. @@ -98,7 +98,7 @@ Enterprise customers can use Group Policy to configure how Microsoft Error Repor Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software, including App-V.  For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at . -**Choice/Control: ** +**Choice/Control:** If Microsoft Update is not enabled, you can opt-in during setup and subsequent checks for updates will follow the machine-wide schedule. You can update this option from the Microsoft Update Control Panel item. @@ -108,7 +108,7 @@ If Microsoft Update is not enabled, you can opt-in during setup and subsequent c The product will collect various configuration items, including UserID, MachineID and SecurityGroup details, to be able to enforce settings on managed nodes. The data is stored in the App-V SQL database and transmitted across the App-V server and client components to enforce the configuration on the managed node. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** User and machine information and configuration content @@ -116,7 +116,7 @@ User and machine information and configuration content The information is used to enforce the application access configuration on the managed nodes within the enterprise. The information does not leave the enterprise. -**Choice/Control: ** +**Choice/Control:** By default, the product does not have any data. All data is entered and enabled by the admin and can be viewed in the Management console. The feature cannot be disabled as this is the product functionality. To disable this, App-V will need to be uninstalled. @@ -130,7 +130,7 @@ None of this information is sent out of the enterprise. It captures package history and asset information as part of the package. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** Information about the package and the sequencing environment is collected and stored in the package manifest during sequencing. @@ -138,7 +138,7 @@ Information about the package and the sequencing environment is collected and st The information will be used by the admin to track the updates done to a package during its lifecycle. It will also be used by software deployment systems to track the package deployments within the organization. -**Choice/Control: ** +**Choice/Control:** This feature is always enabled and cannot be turned off. @@ -152,7 +152,7 @@ This administrator information will be stored in the package and can be viewed b The product will collect a variety of reporting data points, including the username, to allow reporting on the usage of the product. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** Information about the machine, package and application usage are collected from every machine that reporting is enabled on. @@ -160,7 +160,7 @@ Information about the machine, package and application usage are collected from The information is used to report on application usage within the enterprise. The information does not leave the enterprise. -**Choice/Control: ** +**Choice/Control:** By default, the product does not have any data. Data is only collected once the reporting feature is enabled on the App-V Client. To disable the collection of reporting data, the reporting feature must be disabled on all clients. @@ -178,7 +178,7 @@ This section addresses specific features available in App-V 4.6 SP1 and later. The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We will not collect your name, address, or other contact information. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at . @@ -186,7 +186,7 @@ For more information about the information collected, processed, or transmitted We use this information to improve the quality, reliability, and performance of Microsoft software and services. -**Choice/Control: ** +**Choice/Control:** CEIP is optional and the opt-in status can be updated during install or post install from the GUI.   @@ -196,7 +196,7 @@ CEIP is optional and the opt-in status can be updated during install or post ins Customers can use Application Package Accelerators to automatically package complex applications without installing the application. The App-V sequencer allows you to create package accelerators for each virtual package. You can then use these package accelerators to automatically re-create the same virtual package in the future. You may also use package accelerators released by Microsoft or other third parties to simplify and automate packaging of complex applications. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** Application Package Accelerators may contain information such as computer names, user account information, and information about applications included in the Package Accelerator file. diff --git a/mdop/appv-v4/planning-for-client-security.md b/mdop/appv-v4/planning-for-client-security.md index 9c1e60804a..2e70095470 100644 --- a/mdop/appv-v4/planning-for-client-security.md +++ b/mdop/appv-v4/planning-for-client-security.md @@ -34,7 +34,7 @@ By default, at installation the App-V client is configured with the minimum perm By default, the installation of the client registers file type associations (FTAs) for OSD files, which enables users to start applications directly from OSD files instead of the published shortcuts. If a user with local administrator rights receives an OSD file containing malicious code, either in e-mail or downloaded from a Web site, the user can open the OSD file and start the application even if the client has been set to restrict the **Add Application** permission. You can unregister the FTAs for the OSD to reduce this risk. Also, consider blocking this extension in the e-mail system and at the firewall. For more information about configuring Outlook to block extensions, see . -**Security Note:  ** +**Security Note:** Starting with App-V version 4.6, the file type association is no longer created for OSD files during a new installation of the client, although the existing settings will be maintained during an upgrade from version 4.2 or 4.5 of the App-V client. If for any reason it is essential to create the file type association, you can create the following registry keys and set their values as shown: @@ -50,7 +50,7 @@ During installation, you can use the **RequireAuthorizationIfCached** parameter Antivirus software running on an App-V Client computer can detect and report an infected file in the virtual environment. However, it cannot disinfect the file. If a virus is detected in the virtual environment, the antivirus software would perform the configured quarantine or repair operation in the cache, not in the actual package. Configure the antivirus software with an exception for the sftfs.fsd file. This file is the cache file that stores packages on the App-V Client. -**Security Note:  ** +**Security Note:** If a virus is detected in an application or package deployed in the production environment, replace the application or package with a virus-free version. diff --git a/mdop/appv-v4/security-and-protection-overview.md b/mdop/appv-v4/security-and-protection-overview.md index 48959111b4..2f668ca5d7 100644 --- a/mdop/appv-v4/security-and-protection-overview.md +++ b/mdop/appv-v4/security-and-protection-overview.md @@ -21,7 +21,7 @@ Microsoft Application Virtualization 4.5 provides the following enhanced securi - Application Virtualization now supports Transport Layer Security (TLS) using X.509 V3 certificates. Provided that a server certificate has been provisioned to the planned Application Virtualization Management or Streaming Server, the installation will default to secure, using the RTSPS protocol over port 322. Using RTSPS ensures that communication between the Application Virtualization Servers and the Application Virtualization Clients is signed and encrypted. If no certificate is assigned to the server during the Application Virtualization Server installation, the communication will be set to RTSP over port 554. - **Security Note:  ** + **Security Note:** To help provide a secure setup of the server, you must make sure that RTSP ports are disabled even if you have all packages configured to use RTSPS. diff --git a/mdop/appv-v5/index.md b/mdop/appv-v5/index.md index ca33b4be38..c51ad7bc30 100644 --- a/mdop/appv-v5/index.md +++ b/mdop/appv-v5/index.md @@ -1,7 +1,7 @@ --- title: Application Virtualization 5 description: Application Virtualization 5 -author: jamiejdt +author: dansimp ms.assetid: e82eb44b-9ccd-41aa-923b-71400230ad23 ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy diff --git a/mdop/dart-v10/index.md b/mdop/dart-v10/index.md index ca199090fb..5d88fce5c0 100644 --- a/mdop/dart-v10/index.md +++ b/mdop/dart-v10/index.md @@ -1,7 +1,7 @@ --- title: Diagnostics and Recovery Toolset 10 description: Diagnostics and Recovery Toolset 10 -author: jamiejdt +author: dansimp ms.assetid: 64403eca-ff05-4327-ac33-bdcc96e706c8 ms.pagetype: mdop ms.mktglfcycl: support diff --git a/mdop/dart-v7/index.md b/mdop/dart-v7/index.md index 4ec35f2e94..ba12a07c9d 100644 --- a/mdop/dart-v7/index.md +++ b/mdop/dart-v7/index.md @@ -1,7 +1,7 @@ --- title: Diagnostics and Recovery Toolset 7 Administrator's Guide description: Diagnostics and Recovery Toolset 7 Administrator's Guide -author: jamiejdt +author: dansimp ms.assetid: bf89eccd-fc03-48ff-9019-a8640e11dd99 ms.pagetype: mdop ms.mktglfcycl: support diff --git a/mdop/dart-v8/index.md b/mdop/dart-v8/index.md index 09013cba98..bcee6aaf64 100644 --- a/mdop/dart-v8/index.md +++ b/mdop/dart-v8/index.md @@ -1,7 +1,7 @@ --- title: Diagnostics and Recovery Toolset 8 Administrator's Guide description: Diagnostics and Recovery Toolset 8 Administrator's Guide -author: jamiejdt +author: dansimp ms.assetid: 33685dd7-844f-4864-b504-3ef384ef01de ms.pagetype: mdop ms.mktglfcycl: support diff --git a/mdop/index.md b/mdop/index.md index 78fffc67fd..93ce634a80 100644 --- a/mdop/index.md +++ b/mdop/index.md @@ -2,7 +2,7 @@ title: MDOP Information Experience description: MDOP Information Experience ms.assetid: 12b8ab56-3267-450d-bb22-1c7e44cb8e52 -author: jamiejdt +author: dansimp ms.pagetype: mdop ms.mktglfcycl: manage ms.sitesec: library diff --git a/mdop/mbam-v1/index.md b/mdop/mbam-v1/index.md index a76930e16e..b25186a196 100644 --- a/mdop/mbam-v1/index.md +++ b/mdop/mbam-v1/index.md @@ -1,7 +1,7 @@ --- title: Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide description: Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide -author: jamiejdt +author: dansimp ms.assetid: 4086e721-db24-4439-bdcd-ac5ef901811f ms.pagetype: mdop, security ms.mktglfcycl: manage @@ -10,46 +10,36 @@ ms.prod: w10 ms.date: 04/19/2017 --- - # Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide - Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface that you can use to manage BitLocker drive encryption. With MBAM, you can select BitLocker encryption policy options that are appropriate to your enterprise and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the entire enterprise. In addition, you can access recovery key information when users forget their PIN or password, or when their BIOS or boot record changes. -[Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - -[About MBAM 1.0](about-mbam-10.md)**|**[Evaluating MBAM 1.0](evaluating-mbam-10.md)**|**[High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md)**|**[Accessibility for MBAM 1.0](accessibility-for-mbam-10.md)**|**[Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md) - -[Planning for MBAM 1.0](planning-for-mbam-10.md) - -[Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md)**|**[MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)**|**[Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md)**|**[MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md)**|**[MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md) - -[Deploying MBAM 1.0](deploying-mbam-10.md) - -[Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)**|**[Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md)**|**[Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)**|**[Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md)**|**[MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md) - -[Operations for MBAM 1.0](operations-for-mbam-10.md) - -[Administering MBAM 1.0 Features](administering-mbam-10-features.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md)**|**[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)**|**[Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md) - -[Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md) - -### More Information - -[Release Notes for MBAM 1.0](release-notes-for-mbam-10.md) -View updated product information and known issues for MBAM 1.0. - -[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) -Learn about the latest MDOP information and resources. - -[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) -Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -  - -  - - - - +- [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) + - [About MBAM 1.0](about-mbam-10.md) + - [Release Notes for MBAM 1.0](release-notes-for-mbam-10.md) + - [Evaluating MBAM 1.0](evaluating-mbam-10.md) + - [High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md) + - [Accessibility for MBAM 1.0](accessibility-for-mbam-10.md) + - [Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md) +- [Planning for MBAM 1.0](planning-for-mbam-10.md) + - [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md) + - [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) + - [Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md) + - [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md) + - [MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md) +- [Deploying MBAM 1.0](deploying-mbam-10.md) + - [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md) + - [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md) + - [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md) + - [Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md) + - [MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md) +- [Operations for MBAM 1.0](operations-for-mbam-10.md) + - [Administering MBAM 1.0 Features](administering-mbam-10-features.md) + - [Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md) + - [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md) + - [Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md) +- [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md) +## More Information +- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) + Find documentation, videos, and other resources for MDOP technologies. diff --git a/mdop/mbam-v2/index.md b/mdop/mbam-v2/index.md index c374a0b1d3..ba76b06b55 100644 --- a/mdop/mbam-v2/index.md +++ b/mdop/mbam-v2/index.md @@ -1,7 +1,7 @@ --- title: Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide description: Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide -author: jamiejdt +author: dansimp ms.assetid: fdb43f62-960a-4811-8802-50efdf04b4af ms.pagetype: mdop, security ms.mktglfcycl: manage @@ -10,43 +10,47 @@ ms.prod: w10 ms.date: 04/19/2017 --- - # Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide - Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simplified administrative interface that you can use to manage BitLocker drive encryption. In BitLocker Administration and Monitoring 2.0, you can select BitLocker drive encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. -[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) +## Outline -[About MBAM 2.0](about-mbam-20-mbam-2.md)**|**[Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md)**|**[About MBAM 2.0 SP1](about-mbam-20-sp1.md)**|**[Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md)**|**[Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md)**|**[High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md)**|**[Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md) +- [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) + - [About MBAM 2.0](about-mbam-20-mbam-2.md) + - [Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md) + - [About MBAM 2.0 SP1](about-mbam-20-sp1.md) + - [Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md) + - [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md) + - [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md) + - [Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md) +- [Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) + - [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md) + - [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) + - [Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md) + - [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) + - [MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md) +- [Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) + - [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md) + - [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md) + - [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md) + - [MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md) + - [Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md) +- [Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) + - [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md) + - [Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md) + - [Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md) + - [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) + - [Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md) + - [Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md) + - [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md) +- [Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md) -[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) +## More Information -[Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md)**|**[MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)**|**[Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md)**|**[MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)**|**[MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md) +- [MDOP Information Experience](index.md) -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - -[Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)**|**[Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md)**|**[Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)**|**[MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md)**|**[Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md) - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -[Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md)**|**[Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md)**|**[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)**|**[Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md)**|**[Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md)**|** [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md) - -[Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md) - -### More Information - -- [Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md) - - View updated product information and known issues for MBAM 2.0. - -- [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) - - Learn about the latest MDOP information and resources. - -- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) - - Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). + Find documentation, videos, and other resources for MDOP technologies.   diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md index a24a6d32c9..3013d8a294 100644 --- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md @@ -19,7 +19,7 @@ author: shortpatti This topic describes the process for applying the hotfixes for Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 ### Before you begin, download the latest hotfix of Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 -[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=57157) +[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=58345) #### Steps to update the MBAM Server for existing MBAM environment 1. Remove MBAM server feature (do this by opening the MBAM Server Configuration Tool, then selecting Remove Features). diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md index 9e5c96e03d..e5988391c0 100644 --- a/mdop/mbam-v25/index.md +++ b/mdop/mbam-v25/index.md @@ -1,7 +1,7 @@ --- title: Microsoft BitLocker Administration and Monitoring 2.5 description: Microsoft BitLocker Administration and Monitoring 2.5 -author: jamiejdt +author: dansimp ms.assetid: fd81d7de-b166-47e8-b6c7-d984830762b6 ms.pagetype: mdop, security ms.mktglfcycl: manage @@ -10,67 +10,61 @@ ms.prod: w10 ms.date: 04/19/2017 --- - # Microsoft BitLocker Administration and Monitoring 2.5 - Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. For a more detailed description of MBAM, see [About MBAM 2.5](about-mbam-25.md). -To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). +To obtain MBAM, see [How Do I Get MDOP](index.md#how-to-get-mdop). -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) +## Outline -[About MBAM 2.5](about-mbam-25.md)**|**[Release Notes for MBAM 2.5](release-notes-for-mbam-25.md)**|**[About MBAM 2.5 SP1](about-mbam-25-sp1.md)**|**[Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md)**|**[Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md)**|**[High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)**|**[Accessibility for MBAM 2.5](accessibility-for-mbam-25.md) +- [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) + - [About MBAM 2.5](about-mbam-25.md) + - [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md) + - [About MBAM 2.5 SP1](about-mbam-25-sp1.md) + - [Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md) + - [Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md) + - [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md) + - [Accessibility for MBAM 2.5](accessibility-for-mbam-25.md) +- [Planning for MBAM 2.5](planning-for-mbam-25.md) + - [Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) + - [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md) + - [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md) + - [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md) + - [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md) + - [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) + - [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) + - [Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md) + - [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md) + - [MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md) +- [Deploying MBAM 2.5](deploying-mbam-25.md) + - [Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md) + - [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md) + - [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md) + - [MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md) + - [Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md) + - [Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md) +- [Operations for MBAM 2.5](operations-for-mbam-25.md) + - [Administering MBAM 2.5 Features](administering-mbam-25-features.md) + - [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md) + - [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) + - [Maintaining MBAM 2.5](maintaining-mbam-25.md) + - [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md) +- [Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) +- [Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) + - [Client Event Logs](client-event-logs.md) + - [Server Event Logs](server-event-logs.md) -[Planning for MBAM 2.5](planning-for-mbam-25.md) - -[Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md)**|**[MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)**|**[Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md)**|**[Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md)**|**[Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md)**|**[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)**|**[MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)**|**[Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md)**|**[MBAM 2.5 Security Considerations](mbam-25-security-considerations.md)**|**[MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md) - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -[Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md)**|**[Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)**|**[Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)**|**[MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md)**|**[Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md)**|**[Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md) - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -[Administering MBAM 2.5 Features](administering-mbam-25-features.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md)**|**[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)**|**[Maintaining MBAM 2.5](maintaining-mbam-25.md)**|**[Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md) - -[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) - -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - -[Client Event Logs](client-event-logs.md)**|**[Server Event Logs](server-event-logs.md) - -### More Information - -- [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md) - - View updated product information and known issues for MBAM 2.5. - -- [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) - - Learn about the latest MDOP information and resources. - -- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) - - Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -- [MBAM Deployment Guide](https://www.microsoft.com/download/details.aspx?id=38398) - - Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method. - -- [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) - - Guide of how to apply MBAM 2.5 SP1 Server hotfixes - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  +## More Information +- [MDOP Information Experience](index.md) + Find documentation, videos, and other resources for MDOP technologies. +- [MBAM Deployment Guide](https://www.microsoft.com/download/details.aspx?id=38398) + Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method. + +- [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) + Guide of how to apply MBAM 2.5 SP1 Server hotfixes diff --git a/mdop/medv-v1/how-to-configure-image-pre-staging.md b/mdop/medv-v1/how-to-configure-image-pre-staging.md index 915405808b..5503edfefa 100644 --- a/mdop/medv-v1/how-to-configure-image-pre-staging.md +++ b/mdop/medv-v1/how-to-configure-image-pre-staging.md @@ -72,17 +72,17 @@ Image pre-staging is useful only for the initial image download. It is not suppo **NT AUTHORITY\\Authenticated Users:(OI)(CI)(special access:)** - **                                READ\_CONTROL** + **READ\_CONTROL** - **                                                                                SYNCHRONIZE** + **SYNCHRONIZE** - **                                                                                FILE\_GENERIC\_READ** + **FILE\_GENERIC\_READ** - **                                                                                                FILE\_READ\_DATA** + **FILE\_READ\_DATA** - **                                                                                FILE\_READ\_EA** + **FILE\_READ\_EA** - **                                                                                FILE\_READ\_ATTRIBUTES** + **FILE\_READ\_ATTRIBUTES** **NT AUTHORITY\\SYSTEM:(OI)(CI)F** diff --git a/mdop/medv-v1/index.md b/mdop/medv-v1/index.md index fd3a2a82b3..c056dfeeaf 100644 --- a/mdop/medv-v1/index.md +++ b/mdop/medv-v1/index.md @@ -1,7 +1,7 @@ --- title: Microsoft Enterprise Desktop Virtualization Planning, Deployment, and Operations Guide description: Microsoft Enterprise Desktop Virtualization Planning, Deployment, and Operations Guide -author: jamiejdt +author: dansimp ms.assetid: 7bc3e120-df77-4f4c-bc8e-7aaa4c2a6525 ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy diff --git a/mdop/medv-v2/index.md b/mdop/medv-v2/index.md index bace9fae35..aa6fcbf448 100644 --- a/mdop/medv-v2/index.md +++ b/mdop/medv-v2/index.md @@ -1,7 +1,7 @@ --- title: Microsoft Enterprise Desktop Virtualization 2.0 description: Microsoft Enterprise Desktop Virtualization 2.0 -author: jamiejdt +author: dansimp ms.assetid: 84109be0-4613-42e9-85fc-fcda8de6e4c4 ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy diff --git a/mdop/solutions/index.md b/mdop/solutions/index.md index 6dda64b322..20c7e2da8e 100644 --- a/mdop/solutions/index.md +++ b/mdop/solutions/index.md @@ -1,7 +1,7 @@ --- title: MDOP Solutions and Scenarios description: MDOP Solutions and Scenarios -author: jamiejdt +author: dansimp ms.assetid: 1cb18bef-fbae-4e96-a4f1-90cf111c3b5f ms.pagetype: mdop ms.mktglfcycl: deploy diff --git a/mdop/uev-v1/index.md b/mdop/uev-v1/index.md index 2f34a7f9ad..3fe3f036fa 100644 --- a/mdop/uev-v1/index.md +++ b/mdop/uev-v1/index.md @@ -1,7 +1,7 @@ --- title: Microsoft User Experience Virtualization (UE-V) 1.0 description: Microsoft User Experience Virtualization (UE-V) 1.0 -author: jamiejdt +author: dansimp ms.assetid: 7c2b59f6-bbe9-4373-8b08-c1738665a37b ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy diff --git a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md index a18ae22ef9..d918fb1b54 100644 --- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md +++ b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md @@ -193,7 +193,7 @@ You’ll need to deploy a settings storage location, a standard network share wh -**Security Note:  ** +**Security Note:** If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor: diff --git a/mdop/uev-v2/index.md b/mdop/uev-v2/index.md index 5e5f69c25f..b0a92410ba 100644 --- a/mdop/uev-v2/index.md +++ b/mdop/uev-v2/index.md @@ -1,7 +1,7 @@ --- title: Microsoft User Experience Virtualization (UE-V) 2.x description: Microsoft User Experience Virtualization (UE-V) 2.x -author: jamiejdt +author: dansimp ms.assetid: b860fed0-b846-415d-bdd6-ba60231a64be ms.pagetype: mdop, virtualization ms.mktglfcycl: deploy diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index 371e401c1a..a828991d9d 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -162,9 +162,13 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneMusic_8wekyb3d8bbwe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe] -``` +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.3DBuilder_8wekyb3d8bbwe] +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.HEVCVideoExtension_8wekyb3d8bbwe] + +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Messaging_8wekyb3d8bbwe] +``` [Get-AppxPackage](https://docs.microsoft.com/powershell/module/appx/get-appxpackage) [Get-AppxPackage -allusers](https://docs.microsoft.com/powershell/module/appx/get-appxpackage) diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md index 8052f02284..3928061aa3 100644 --- a/windows/application-management/sideload-apps-in-windows-10.md +++ b/windows/application-management/sideload-apps-in-windows-10.md @@ -19,6 +19,9 @@ ms.date: 05/20/2019 - Windows 10 - Windows 10 Mobile +> [!NOTE] +> As of Windows Insider Build 18956, sideloading is enabled by default. Now, you can deploy a signed package onto a device without a special configuration. + "Line-of-Business" (LOB) apps are present in a wide range of businesses and organizations. Organizations value these apps because they solve problems unique to each business. When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps. Sideloading was also available with Windows 8 and Windows 8.1 diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md index 7edad5cf25..878b065aa7 100644 --- a/windows/client-management/advanced-troubleshooting-802-authentication.md +++ b/windows/client-management/advanced-troubleshooting-802-authentication.md @@ -17,7 +17,7 @@ ms.topic: troubleshooting ## Overview -This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or wwitches, it won't be an end-to-end Microsoft solution. +This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or switches, it won't be an end-to-end Microsoft solution. ## Scenarios diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 22a816cc20..79fb1d0045 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -156,22 +156,8 @@ Each of the previous nodes contains one or more of the following leaf nodes:

      Policy

      Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

      -

      Policy nodes are a Base64-encoded blob of the binary policy representation. The binary policy may be signed or unsigned.

      -

      For CodeIntegrity/Policy, you can use the certutil -encode command line tool to encode the data to base-64.

      -

      Here is a sample certutil invocation:

      - -``` -certutil -encode WinSiPolicy.p7b WinSiPolicy.cer -``` - -

      An alternative to using certutil would be to use the following PowerShell invocation:

      - -``` -[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) -``` - -

      If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.

      -

      Data type is string. Supported operations are Get, Add, Delete, and Replace.

      EnforcementMode
      +> [!NOTE] +> To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool) and added to the Applocker-CSP. ## Find publisher and product name of apps diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md index 87f038c663..80079aaef9 100644 --- a/windows/client-management/mdm/appv-deploy-and-config.md +++ b/windows/client-management/mdm/appv-deploy-and-config.md @@ -37,7 +37,7 @@ manager: dansimp - LastErrorDescription - SyncStatusDescription - SyncProgress - - Sync + - Sync - PublishXML - AppVDynamicPolicy diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 8d704d0165..2191e66e9c 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -277,23 +277,23 @@ Supported operation is Get. **DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq** Added in Windows, version 1709. Virtualization-based security hardware requirement status. The value is a 256 value bitmask. -- 0x0: System meets hardware configuration requirements -- 0x1: SecureBoot required -- 0x2: DMA Protection required -- 0x4: HyperV not supported for Guest VM -- 0x8: HyperV feature is not available +- 0x0: System meets hardware configuration requirements +- 0x1: SecureBoot required +- 0x2: DMA Protection required +- 0x4: HyperV not supported for Guest VM +- 0x8: HyperV feature is not available Supported operation is Get. **DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus** Added in Windows, version 1709. Virtualization-based security status. Value is one of the following: -- 0 - Running -- 1 - Reboot required -- 2 - 64 bit architecture required -- 3 - not licensed -- 4 - not configured -- 5 - System doesn't meet hardware requirements -- 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details +- 0 - Running +- 1 - Reboot required +- 2 - 64 bit architecture required +- 3 - not licensed +- 4 - not configured +- 5 - System doesn't meet hardware requirements +- 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details Supported operation is Get. @@ -301,11 +301,11 @@ Supported operation is Get. **DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus** Added in Windows, version 1709. Local System Authority (LSA) credential guard status. -- 0 - Running -- 1 - Reboot required -- 2 - Not licensed for Credential Guard -- 3 - Not configured -- 4 - VBS not running +- 0 - Running +- 1 - Reboot required +- 2 - Not licensed for Credential Guard +- 3 - Not configured +- 4 - VBS not running Supported operation is Get. diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md index f97a70c2f7..548a34e79e 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md @@ -19,20 +19,23 @@ This is a step-by-step guide to configuring ADMX-backed policies in MDM. Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy. Summary of steps to enable a policy: -- Find the policy from the list ADMX-backed policies. -- Find the Group Policy related information from the MDM policy description. -- Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy. -- Create the data payload for the SyncML. +- Find the policy from the list ADMX-backed policies. +- Find the Group Policy related information from the MDM policy description. +- Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy. +- Create the data payload for the SyncML. -See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) for a walk-through using Intune. +See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) and [Deploying ADMX-Backed policies using Microsoft Intune](https://blogs.technet.microsoft.com/senthilkumar/2018/05/21/intune-deploying-admx-backed-policies-using-microsoft-intune/) for a walk-through using Intune. >[!TIP] >Intune has added a number of ADMX-backed administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](https://docs.microsoft.com/intune/administrative-templates-windows) ## Enable a policy +> [!NOTE] +> See [Understanding ADMX-backed policies](https://docs.microsoft.com/en-us/windows/client-management/mdm/understanding-admx-backed-policies). + 1. Find the policy from the list [ADMX-backed policies](policy-configuration-service-provider.md#admx-backed-policies). You need the following information listed in the policy description. - - GP English name + - GP English name - GP name - GP ADMX file name - GP path diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md index 1fad0a54a6..386f5a8c48 100644 --- a/windows/client-management/mdm/esim-enterprise-management.md +++ b/windows/client-management/mdm/esim-enterprise-management.md @@ -14,13 +14,13 @@ ms.topic: # How Mobile Device Management Providers support eSIM Management on Windows The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to leverage an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will leverage the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and installation happens on the background and not impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management. If you are a Mobile Device Management (MDM) Provider and would like to support eSIM Management on Windows, you should do the following: -- Onboard to Azure Active Directory -- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties. -- Assess solution type that you would like to provide your customers -- Batch/offline solution -- IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices. -- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to -- Real-time solution -- MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time. -- Operator is notified of the status of each eSIM profile and has visibility on which devices are being used +- Onboard to Azure Active Directory +- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties. +- Assess solution type that you would like to provide your customers +- Batch/offline solution +- IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices. +- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to +- Real-time solution +- MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time. +- Operator is notified of the status of each eSIM profile and has visibility on which devices are being used **Note:** The solution type is not noticeable to the end-user. The choice between the two is made between the MDM and the Mobile Operator. diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index b9bc55a06a..682ae5b63d 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -44,7 +44,7 @@ The MDM security baseline includes policies that cover the following areas: For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see: - [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip) - - [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip) +- [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip) For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows) diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index 564059ef4e..e35af4bde2 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -16,13 +16,13 @@ manager: dansimp The NetworkQoSPolicy configuration service provider creates network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions. This CSP was added in Windows 10, version 1703. The following conditions are supported: -- Network traffic from a specific application name -- Network traffic from specific source or destination ports -- Network traffic from a specific IP protocol (TCP, UDP, or both) +- Network traffic from a specific application name +- Network traffic from specific source or destination ports +- Network traffic from a specific IP protocol (TCP, UDP, or both) The following actions are supported: -- Layer 2 tagging using a IEEE 802.1p priority value -- Layer 3 tagging using a differentiated services code point (DSCP) value +- Layer 2 tagging using a IEEE 802.1p priority value +- Layer 3 tagging using a differentiated services code point (DSCP) value > [!NOTE] > The NetworkQoSPolicy configuration service provider is supported only in Microsoft Surface Hub. diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index bb80f306e7..5ce6a56526 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -537,7 +537,7 @@ Added in Windows 10, version 1607. Boolean value that disables the launch of al ADMX Info: -- GP English name: *Disable all apps from Microsoft Store * +- GP English name: *Disable all apps from Microsoft Store* - GP name: *DisableStoreApps* - GP path: *Windows Components/Store* - GP ADMX file name: *WindowsStore.admx* diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index a397e2cdfa..6553368bef 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -629,9 +629,9 @@ ADMX Info: Supported values: -- Blank (default) - Do not send tracking information but let users choose to send tracking information to sites they visit. -- 0 - Never send tracking information. -- 1 - Send tracking information. +- Blank (default) - Do not send tracking information but let users choose to send tracking information to sites they visit. +- 0 - Never send tracking information. +- 1 - Send tracking information. Most restricted value: 1 diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 524745b05b..1682e10bd8 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -387,12 +387,12 @@ Specifies whether device lock is enabled. > [!Important] > **DevicePasswordEnabled** should not be set to Enabled (0) when WMI is used to set the EAS DeviceLock policies given that it is Enabled by default in Policy CSP for back compat with Windows 8.x. If **DevicePasswordEnabled** is set to Enabled(0) then Policy CSP will return an error stating that **DevicePasswordEnabled** already exists. Windows 8.x did not support DevicePassword policy. When disabling **DevicePasswordEnabled** (1) then this should be the only policy set from the DeviceLock group of policies listed below: > - **DevicePasswordEnabled** is the parent policy of the following: -> - AllowSimpleDevicePassword -> - MinDevicePasswordLength -> - AlphanumericDevicePasswordRequired -> - MinDevicePasswordComplexCharacters  -> - DevicePasswordExpiration -> - DevicePasswordHistory +> - AllowSimpleDevicePassword +> - MinDevicePasswordLength +> - AlphanumericDevicePasswordRequired +> - MinDevicePasswordComplexCharacters  +> - DevicePasswordExpiration +> - DevicePasswordHistory > - MaxDevicePasswordFailedAttempts > - MaxInactivityTimeDeviceLock diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index d13267b269..c39e01b943 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -13428,7 +13428,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: -- GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * +- GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer* - GP name: *VerMgmtDisableRunThisTime* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -16504,7 +16504,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy. ADMX Info: -- GP English name: *Security Zones: Use only machine settings * +- GP English name: *Security Zones: Use only machine settings* - GP name: *Security_HKLM_only* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index ba8a7d6310..f176045650 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -365,7 +365,7 @@ If you disable or do not configure this policy setting, the WinRM service will n The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges. -You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses. +You should use an asterisk (\*) to indicate that the service listens on all available IP addresses on the computer. When \* is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses. For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty. diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 81727ffef1..e2a1e35daf 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -806,11 +806,11 @@ If the policy is not specified, the behavior will be that no pages are affected. The format of the PageVisibilityList value is as follows: -- The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity. -- There are two variants: one that shows only the given pages and one which hides the given pages. -- The first variant starts with the string "showonly:" and the second with the string "hide:". -- Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace. -- Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi". +- The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity. +- There are two variants: one that shows only the given pages and one which hides the given pages. +- The first variant starts with the string "showonly:" and the second with the string "hide:". +- Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace. +- Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi". The default value for this setting is an empty string, which is interpreted as show everything. diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index af2069854f..65f8aca2b1 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1068,7 +1068,7 @@ If you disable or don't configure this policy setting, the Delete diagnostic dat ADMX Info: -- GP English name: *Disable deleting diagnostic data * +- GP English name: *Disable deleting diagnostic data* - GP name: *DisableDeviceDelete* - GP element: *DisableDeviceDelete* - GP path: *Data Collection and Preview Builds* @@ -1131,7 +1131,7 @@ If you disable or don't configure this policy setting, the Diagnostic Data Viewe ADMX Info: -- GP English name: *Disable diagnostic data viewer. * +- GP English name: *Disable diagnostic data viewer.* - GP name: *DisableDiagnosticDataViewer* - GP element: *DisableDiagnosticDataViewer* - GP path: *Data Collection and Preview Builds* diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 92367a4c2e..fbef0fce58 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1053,7 +1053,7 @@ Supported values: -Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. +Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of Semi-Annual Channel (Targeted) and Semi-Annual Channel have been combined into one Semi-Annual Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value. @@ -1071,8 +1071,8 @@ The following list shows the supported values: - 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709) - 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709) - 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709) -- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). -- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. +- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). +- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903) diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md index 233e581a91..33001ff094 100644 --- a/windows/client-management/mdm/understanding-admx-backed-policies.md +++ b/windows/client-management/mdm/understanding-admx-backed-policies.md @@ -23,8 +23,8 @@ In addition to standard policies, the Policy CSP can now also handle ADMX-backed ADMX files can either describe operating system (OS) Group Policies that are shipped with Windows or they can describe settings of applications, which are separate from the OS and can usually be downloaded and installed on a PC. Depending on the specific category of the settings that they control (OS or application), the administrative template settings are found in the following two locations in the Local Group Policy Editor: -- OS settings: Computer Configuration/Administrative Templates -- Application settings: User Configuration/Administrative Templates +- OS settings: Computer Configuration/Administrative Templates +- Application settings: User Configuration/Administrative Templates In a domain controller/Group Policy ecosystem, Group Policies are automatically added to the registry of the client computer or user profile by the Administrative Templates Client Side Extension (CSE) whenever the client computer processes a Group Policy. Conversely, in an MDM-managed client, ADMX files are leveraged to define policies independent of Group Policies. Therefore, in an MDM-managed client, a Group Policy infrastructure, including the Group Policy Service (gpsvc.exe), is not required. @@ -42,17 +42,17 @@ To capture the end-to-end MDM handling of ADMX Group Policies, an IT administrat The ADMX file that the MDM ISV uses to determine what UI to display to the IT administrator is the same ADMX file that the client uses for the policy definition. The ADMX file is processed either by the OS at build time or set by the client at OS runtime. In either case, the client and the MDM ISV must be synchronized with the ADMX policy definitions. Each ADMX file corresponds to a Group Policy category and typically contains several policy definitions, each of which represents a single Group Policy. For example, the policy definition for the “Publishing Server 2 Settings” is contained in the appv.admx file, which holds the policy definitions for the Microsoft Application Virtualization (App-V) Group Policy category. Group Policy option button setting: -- If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and clicks **Apply**, the following events occur: - - The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data. - - The MDM client stack receives this data, which causes the Policy CSP to update the device’s registry per the ADMX-backed policy definition. +- If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and clicks **Apply**, the following events occur: + - The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data. + - The MDM client stack receives this data, which causes the Policy CSP to update the device’s registry per the ADMX-backed policy definition. -- If **Disabled** is selected and you click **Apply**, the following events occur: - - The MDM ISV server sets up a Replace SyncML command with a payload set to ``. - - The MDM client stack receives this command, which causes the Policy CSP to either delete the device’s registry settings, set the registry keys, or both, per the state change directed by the ADMX-backed policy definition. +- If **Disabled** is selected and you click **Apply**, the following events occur: + - The MDM ISV server sets up a Replace SyncML command with a payload set to ``. + - The MDM client stack receives this command, which causes the Policy CSP to either delete the device’s registry settings, set the registry keys, or both, per the state change directed by the ADMX-backed policy definition. -- If **Not Configured** is selected and you click **Apply**, the following events occur: - - MDM ISV server sets up a Delete SyncML command. - - The MDM client stack receives this command, which causes the Policy CSP to delete the device’s registry settings per the ADMX-backed policy definition. +- If **Not Configured** is selected and you click **Apply**, the following events occur: + - MDM ISV server sets up a Delete SyncML command. + - The MDM client stack receives this command, which causes the Policy CSP to delete the device’s registry settings per the ADMX-backed policy definition. The following diagram shows the main display for the Group Policy Editor. diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index f5372d05f6..58a5040b72 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -196,7 +196,7 @@ Values: **CheckApplicability** -``` syntax +```xml @@ -223,7 +223,7 @@ Values: **Edition** -``` syntax +```xml @@ -241,7 +241,7 @@ Values: **LicenseKeyType** -``` syntax +```xml @@ -259,7 +259,7 @@ Values: **Status** -``` syntax +```xml @@ -277,7 +277,7 @@ Values: **UpgradeEditionWithProductKey** -``` syntax +```xml @@ -304,7 +304,7 @@ Values: **UpgradeEditionWithLicense** -``` syntax +```xml diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md index ea9dd8e10a..ffd68aa965 100644 --- a/windows/client-management/mdm/windowssecurityauditing-csp.md +++ b/windows/client-management/mdm/windowssecurityauditing-csp.md @@ -39,7 +39,7 @@ Supported operations are Get and Replace. Enable logging of audit events. -``` syntax +```xml diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md index 146160c8a3..ac7e1e2391 100644 --- a/windows/client-management/troubleshoot-inaccessible-boot-device.md +++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md @@ -171,7 +171,7 @@ Run the following command to verify the Windows update installation and dates: Dism /Image:: /Get-packages ``` -After you run this command, you will see the **Install pending** and **Uninstall Pending ** packages: +After you run this command, you will see the **Install pending** and **Uninstall Pending** packages: ![Dism output](images/pendingupdate.png) diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index 26d48d6ccb..0c13fc8950 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -107,8 +107,8 @@ You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that More information on how to use Dumpchk.exe to check your dump files: -- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk) -- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk) +- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk) +- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk) ### Pagefile Settings diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md index 920e5a1ff0..664dc7700e 100644 --- a/windows/client-management/troubleshoot-windows-freeze.md +++ b/windows/client-management/troubleshoot-windows-freeze.md @@ -145,8 +145,8 @@ If the computer is no longer frozen and now is running in a good state, use the Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file was created correctly. You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. -- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk) -- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk) +- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk) +- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk) Learn how to use Dumpchk.exe to check your dump files: diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md index 3dc34d0551..9790bdb770 100644 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ b/windows/client-management/windows-10-mobile-and-mdm.md @@ -27,11 +27,11 @@ Employees increasingly depend on smartphones to complete daily work tasks, but t Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement using a comprehensive mobile device management solution. **In this article** -- [Deploy](#deploy) -- [Configure](#configure) -- [Apps](#apps) -- [Manage](#manage) -- [Retire](#retire) +- [Deploy](#deploy) +- [Configure](#configure) +- [Apps](#apps) +- [Manage](#manage) +- [Retire](#retire) ## Deploy @@ -365,18 +365,18 @@ You can define and deploy APN profiles in MDM systems that configure cellular da - **APN name** The APN name - *IP connection type* The IP connection type; set to one of the following values: - - IPv4 only - - IPv6 only - - IPv4 and IPv6 concurrently - - IPv6 with IPv4 provided by 46xlat + - IPv4 only + - IPv6 only + - IPv4 and IPv6 concurrently + - IPv6 with IPv4 provided by 46xlat - **LTE attached** Whether the APN should be attached as part of an LTE Attach - **APN class ID** The globally unique identifier that defines the APN class to the modem - **APN authentication type** The APN authentication type; set to one of the following values: - - None - - Auto - - PAP - - CHAP - - MSCHAPv2 + - None + - Auto + - PAP + - CHAP + - MSCHAPv2 - **User name** The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in APN authentication type - **Password** The password for the user account specified in User name - **Integrated circuit card ID** The integrated circuit card ID associated with the cellular connection profile diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index aa221c4b9e..7ac4b1ff90 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -176,7 +176,7 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed 2. [Export the Start layout](#export-the-start-layout). 3. Open the layout .xml file. There is a `` element. Add `LayoutCustomizationRestrictionType="OnlySpecifiedGroups"` to the **DefaultLayoutOverride** element as follows: - ``` syntax + ```xml ``` diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index fa57936276..bbe21777b6 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -68,7 +68,7 @@ In Windows 10, version 1803 and later, you can install the **Kiosk Browser** app Kiosk Browser settings | Use this setting to --- | --- -Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.

      For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs. +Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.

      For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs. Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.

      If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL. diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md index 2cde6940fa..ff9c230e83 100644 --- a/windows/configuration/kiosk-xml.md +++ b/windows/configuration/kiosk-xml.md @@ -26,7 +26,7 @@ ms.topic: article ## Full XML sample >[!NOTE] ->Updated for Windows 10, version 1903, and Windows 10 Prerelease +>Updated for Windows 10, version 1903, and Windows 10 Insider Preview (19H2, 20H1 builds). ```xml @@ -255,7 +255,7 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom ``` ## [Preview] Global Profile Sample XML -Global Profile is currently supported in Windows 10 Prerelease. Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user. +Global Profile is currently supported in Windows 10 Insider Preview (19H2, 20H1 builds). Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user. This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in ```xml @@ -394,7 +394,7 @@ Below sample shows dedicated profile and global profile mixed usage, aauser woul ``` ## [Preview] Folder Access sample xml -In Windows 10 1809 release, folder access is locked down that when common file dialog is opened, IT Admin can specify if user has access to the Downloads folder, or no access to any folder at all. This restriction has be redesigned for finer granulatity and easier use, available in current Windows 10 Prerelease. +In Windows 10, version 1809, folder access is locked down so that when common file dialog is opened, IT Admin can specify if the user has access to the Downloads folder, or no access to any folder at all. This restriction has been redesigned for finer granulatity and easier use, and is available in Windows 10 Insider Preview (19H2, 20H1 builds). IT Admin now can specify user access to Downloads folder, Removable drives, or no restrictions at all. Note that Downloads and Removable Drives can be allowed at the same time. @@ -636,7 +636,7 @@ IT Admin now can specify user access to Downloads folder, Removable drives, or n ## XSD for AssignedAccess configuration XML >[!NOTE] ->Updated for Windows 10, version 1903 and Windows 10 Prerelease. +>Updated for Windows 10, version 1903 and Windows 10 Insider Preview (19H2, 20H1 builds). Below schema is for AssignedAccess Configuration up to Windows 10 1803 release. ```xml @@ -859,7 +859,7 @@ Here is the schema for new features introduced in Windows 10 1809 release ``` -Schema for Windows 10 prerelease +Schema for Windows 10 Insider Preview (19H2, 20H1 builds) ```xml ``` -To authorize a compatible configuration XML that includes 1809 or prerelease elements and attributes, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. e.g. to configure auto-launch feature which is added in 1809 release, use below sample, notice an alias r1809 is given to the 201810 namespace for 1809 release, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline. +To authorize a compatible configuration XML that includes elements and attributes from Windows 10, version 1809 or newer, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the auto-launch feature which is added in Windows 10, version 1809, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10, version 1809, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline. ```xml diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md index 529e59e779..520de10950 100644 --- a/windows/configuration/start-layout-xml-desktop.md +++ b/windows/configuration/start-layout-xml-desktop.md @@ -53,6 +53,7 @@ The XML schema for `LayoutModification.xml` requires the following order for tag 1. TopMFUApps 1. CustomTaskbarLayoutCollection 1. InkWorkspaceTopApps +1. StartLayoutCollection Comments are not supported in the `LayoutModification.xml` file. @@ -66,6 +67,8 @@ Comments are not supported in the `LayoutModification.xml` file. >- Do not add multiple rows of comments. The following table lists the supported elements and attributes for the LayoutModification.xml file. +> [!NOTE] +> RequiredStartGroupsCollection and AppendGroup syntax only apply when the Import-StartLayout method is used for building and deploying Windows images. | Element | Attributes | Description | | --- | --- | --- | diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index 299ba40be7..156e4af29b 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -241,7 +241,7 @@ Version identifies the version of the settings location template for administrat **Hint:** You can save notes about version changes using XML comment tags ``, for example: -``` syntax +```xml - - - - -By default in Windows 10 Enterprise and Education editions, Delivery Optimization allows peer-to-peer sharing on the organization's own network only (specifically, all of the devices must be behind the same NAT), but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune. - -For more details, see "Download mode" in [Delivery optimization reference](waas-delivery-optimization-reference.md#download-mode). - - -## Set up Delivery Optimization - -See [Set up Delivery Optimization](waas-delivery-optimization-setup.md) for suggested values for a number of common scenarios. - -You can use Group Policy or an MDM solution like Intune to configure Delivery Optimization. - -You will find the Delivery Optimization settings in Group Policy under **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization**. -In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**. - -Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](https://docs.microsoft.com/intune/delivery-optimization-windows)) - -**Starting with Windows 10, version 1903,** you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5. - -## Reference - -For complete list of every possible Delivery Optimization setting, see [Delivery Optimization reference](waas-delivery-optimization-reference.md). - - -## How Microsoft uses Delivery Optimization -At Microsoft, to help ensure that ongoing deployments weren’t affecting our network and taking away bandwidth for other services, Microsoft IT used a couple of different bandwidth management strategies. Delivery Optimization, peer-to-peer caching enabled through Group Policy, was piloted and then deployed to all managed devices using Group Policy. Based on recommendations from the Delivery Optimization team, we used the "group" configuration to limit sharing of content to only the devices that are members of the same Active Directory domain. The content is cached for 24 hours. More than 76 percent of content came from peer devices versus the Internet. - -For more details, check out the [Adopting Windows as a Service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft) technical case study. - - - -## Frequently asked questions - -**Does Delivery Optimization work with WSUS?**: Yes. Devices will obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination. - -**Which ports does Delivery Optimization use?**: For peer-to-peer traffic, it uses 7680 for TCP/IP or 3544 for NAT traversal (optionally Teredo). For client-service communication, it uses HTTP or HTTPS over port 80/443. - -**What are the requirements if I use a proxy?**: You must allow Byte Range requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details. - -**What hostnames should I allow through my firewall to support Delivery Optimization?**: - -For communication between clients and the Delivery Optimization cloud service: **\*.do.dsp.mp.microsoft.com**. - -For Delivery Optimization metadata: - -- *.dl.delivery.mp.microsoft.com -- *.emdl.ws.microsoft.com - -For the payloads (optional): - -- *.download.windowsupdate.com -- *.windowsupdate.com - -**Does Delivery Optimization use multicast?**: No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP. - -**How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?**: Starting in Windows 10, version 1903, Delivery Optimizatio uses LEDBAT to relieve such congestion. For more details see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819). - - -## Troubleshooting - -This section summarizes common problems and some solutions to try. - -### If you don't see any bytes from peers - -If you don’t see any bytes coming from peers the cause might be one of the following issues: - -- Clients aren’t able to reach the Delivery Optimization cloud services. -- The cloud service doesn’t see other peers on the network. -- Clients aren’t able to connect to peers that are offered back from the cloud service. - - -### Clients aren't able to reach the Delivery Optimization cloud services. - -If you suspect this is the problem, try these steps: - -1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga"). -2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and observe the DownloadMode setting. For peering to work, DownloadMode should be 1, 2, or 3. -3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. - - - -### The cloud service doesn't see other peers on the network. - -If you suspect this is the problem, try these steps: - -1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads. -2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and ensure that **DownloadMode** is 1 or 2 on both devices. -3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated Powershell window on the second device. The **NumberOfPeers** field should be non-zero. -4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. To do this, open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices aren’t reporting the same public IP address. - - -### Clients aren't able to connect to peers offered by the cloud service - -If you suspect this is the problem, try a Telnet test between two devices on the network to ensure they can connect using port 7680. To do this, follow these steps: - -1. Install Telnet by running **dism /online /Enable-Feature /FeatureName:TelnetClient** from an elevated command prompt. -2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success. - - - - - -## Learn more - -[Windows 10, Delivery Optimization, and WSUS](https://blogs.technet.microsoft.com/mniehaus/2016/08/16/windows-10-delivery-optimization-and-wsus-take-2/) - - -## Related topics - -- [Update Windows 10 in the enterprise](index.md) -- [Overview of Windows as a service](waas-overview.md) -- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) -- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) -- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) -- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) -- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) -- [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) -- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) -- [Configure Windows Update for Business](waas-configure-wufb.md) -- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) -- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) -- [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md) -- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md) -- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) -- [Manage device restarts after updates](waas-restart.md) +--- +title: Configure Delivery Optimization for Windows 10 updates (Windows 10) +ms.reviewer: +manager: laurawi +description: Delivery Optimization is a peer-to-peer distribution method in Windows 10 +keywords: oms, operations management suite, wdav, updates, downloads, log analytics +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + +# Delivery Optimization for Windows 10 updates + + +**Applies to** + +- Windows 10 + +> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) + +Windows updates, upgrades, and applications can contain packages with very large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization can accomplish this because it is a self-organizing distributed cache that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization in conjunction with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or System Center Configuration Manager (when installation of Express Updates is enabled). + +Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimization cloud services is a requirement. This means that in order to use the peer-to-peer functionality of Delivery Optimization, devices must have access to the internet. + + +>[!NOTE] +>WSUS can also use [BranchCache](waas-branchcache.md) for content sharing and caching. If Delivery Optimization is enabled on devices that use BranchCache, Delivery Optimization will be used instead. + +## Requirements + +The following table lists the minimum Windows 10 version that supports Delivery Optimization: + +| Device type | Minimum Windows version | +|------------------|---------------| +| Computers running Windows 10 | 1511 | +| Computers running Server Core installations of Windows Server | 1709 | +| IoT devices | 1803 | +| HoloLens devices | 1803 | + +**Types of download packages supported by Delivery Optimization** + +| Download package | Minimum Windows version | +|------------------|---------------| +| Windows 10 updates (feature updates and quality updates) | 1511 | +| Windows 10 drivers | 1511 | +| Windows Store files | 1511 | +| Windows Store for Business files | 1511 | +| Windows Defender definition updates | 1511 | +| Office Click-to-Run updates | 1709 | +| Win32 apps for Intune | 1709 | +| SCCM Express Updates | 1709 + Configuration Manager version 1711 | + + + + + + +By default in Windows 10 Enterprise and Education editions, Delivery Optimization allows peer-to-peer sharing on the organization's own network only (specifically, all of the devices must be behind the same NAT), but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune. + +For more details, see "Download mode" in [Delivery optimization reference](waas-delivery-optimization-reference.md#download-mode). + + +## Set up Delivery Optimization + +See [Set up Delivery Optimization](waas-delivery-optimization-setup.md) for suggested values for a number of common scenarios. + +You can use Group Policy or an MDM solution like Intune to configure Delivery Optimization. + +You will find the Delivery Optimization settings in Group Policy under **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization**. +In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**. + +Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](https://docs.microsoft.com/intune/delivery-optimization-windows)) + +**Starting with Windows 10, version 1903,** you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5. + +## Reference + +For complete list of every possible Delivery Optimization setting, see [Delivery Optimization reference](waas-delivery-optimization-reference.md). + + +## How Microsoft uses Delivery Optimization +At Microsoft, to help ensure that ongoing deployments weren’t affecting our network and taking away bandwidth for other services, Microsoft IT used a couple of different bandwidth management strategies. Delivery Optimization, peer-to-peer caching enabled through Group Policy, was piloted and then deployed to all managed devices using Group Policy. Based on recommendations from the Delivery Optimization team, we used the "group" configuration to limit sharing of content to only the devices that are members of the same Active Directory domain. The content is cached for 24 hours. More than 76 percent of content came from peer devices versus the Internet. + +For more details, check out the [Adopting Windows as a Service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft) technical case study. + + + +## Frequently asked questions + +**Does Delivery Optimization work with WSUS?**: Yes. Devices will obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination. + +**Which ports does Delivery Optimization use?**: For peer-to-peer traffic, it uses 7680 for TCP/IP or 3544 for NAT traversal (optionally Teredo). For client-service communication, it uses HTTP or HTTPS over port 80/443. + +**What are the requirements if I use a proxy?**: You must allow Byte Range requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details. + +**What hostnames should I allow through my firewall to support Delivery Optimization?**: + +For communication between clients and the Delivery Optimization cloud service: **\*.do.dsp.mp.microsoft.com**. + +For Delivery Optimization metadata: + +- *.dl.delivery.mp.microsoft.com +- *.emdl.ws.microsoft.com + +For the payloads (optional): + +- *.download.windowsupdate.com +- *.windowsupdate.com + +**Does Delivery Optimization use multicast?**: No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP. + +**How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?**: Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more details see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819). + + +## Troubleshooting + +This section summarizes common problems and some solutions to try. + +### If you don't see any bytes from peers + +If you don’t see any bytes coming from peers the cause might be one of the following issues: + +- Clients aren’t able to reach the Delivery Optimization cloud services. +- The cloud service doesn’t see other peers on the network. +- Clients aren’t able to connect to peers that are offered back from the cloud service. + + +### Clients aren't able to reach the Delivery Optimization cloud services. + +If you suspect this is the problem, try these steps: + +1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga"). +2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and observe the DownloadMode setting. For peering to work, DownloadMode should be 1, 2, or 3. +3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. + + + +### The cloud service doesn't see other peers on the network. + +If you suspect this is the problem, try these steps: + +1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads. +2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and ensure that **DownloadMode** is 1 or 2 on both devices. +3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated Powershell window on the second device. The **NumberOfPeers** field should be non-zero. +4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. To do this, open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices aren’t reporting the same public IP address. + + +### Clients aren't able to connect to peers offered by the cloud service + +If you suspect this is the problem, try a Telnet test between two devices on the network to ensure they can connect using port 7680. To do this, follow these steps: + +1. Install Telnet by running **dism /online /Enable-Feature /FeatureName:TelnetClient** from an elevated command prompt. +2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success. + + + + + +## Learn more + +[Windows 10, Delivery Optimization, and WSUS](https://blogs.technet.microsoft.com/mniehaus/2016/08/16/windows-10-delivery-optimization-and-wsus-take-2/) + + +## Related topics + +- [Update Windows 10 in the enterprise](index.md) +- [Overview of Windows as a service](waas-overview.md) +- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) +- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) +- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) +- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) +- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) +- [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) +- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) +- [Configure Windows Update for Business](waas-configure-wufb.md) +- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) +- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) +- [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md) +- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md) +- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) +- [Manage device restarts after updates](waas-restart.md) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index d5142a89da..ff3e259787 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -1,218 +1,220 @@ ---- -title: Overview of Windows as a service (Windows 10) -description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy. -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.audience: itpro author: greg-lindsay -ms.date: 09/24/2018 -ms.reviewer: -manager: laurawi -ms.topic: article ---- - -# Overview of Windows as a service - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile -- Windows 10 IoT Mobile - -> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) - -The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. - -Click the following Microsoft Mechanics video for an overview of the release model, particularly the Semi-Annual Channel. - - -[![YouTube video of Michael Niehouse explaining how the Semi-Annual Channel works](images/SAC_vid_crop.jpg)](https://youtu.be/qSAsiM01GOU) - -## Building - -Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features — a scenario that doesn’t work in today’s rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges. Windows as a service will deliver smaller feature updates two times per year, around March and September, to help address these issues. - -In the past, when Microsoft developed new versions of Windows, it typically released technical previews near the end of the process, when Windows was nearly ready to ship. With Windows 10, new features will be delivered to the [Windows Insider community](https://insider.windows.com/) as soon as possible — during the development cycle, through a process called *flighting* — so that organizations can see exactly what Microsoft is developing and start their testing as soon as possible. - -Microsoft also depends on receiving feedback from organizations throughout the development process so that it can make adjustments as quickly as possible rather than waiting until after release. For more information about the Windows Insider Program and how to sign up, see the section [Windows Insider](#windows-insider). - -Of course Microsoft also performs extensive internal testing, with engineering teams installing new builds daily, and larger groups of employees installing builds frequently, all before those builds are ever released to the Windows Insider Program. - -## Deploying - -Deploying Windows 10 is simpler than with previous versions of Windows. When migrating from earlier versions of Windows, an easy in-place upgrade process can be used to automatically preserve all apps, settings, and data. And once running Windows 10, deployment of Windows 10 feature updates will be equally simple. - -One of the biggest challenges for organizations when it comes to deploying a new version of Windows is compatibility testing. Whereas compatibility was previously a concern for organizations upgrading to a new version of Windows, Windows 10 is compatible with most hardware and software capable of running on Windows 7 or later. Because of this high level of compatibility, the app compatibility testing process can be greatly simplified. - -### Application compatibility - -Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. With Windows 10, application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously. Microsoft understands the challenges organizations experienced when they migrated from the Windows XP operating system to Windows 7 and has been working to make Windows 10 upgrades a much better experience. - -Most Windows 7–compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal. Combined with valuable feedback via the Windows Insider Program and diagnostic data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10. - -For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. If it’s unclear whether an application is compatible with Windows 10, IT pros can either consult with the ISV or check the supported software directory at [http://www.readyforwindows.com](http://www.readyforwindows.com). - -### Device compatibility - -Device compatibility in Windows 10 is also very strong; new hardware is not needed for Windows 10 as any device capable of running Windows 7 or later can run Windows 10. In fact, the minimum hardware requirements to run Windows 10 are the same as those required for Windows 7. Most hardware drivers that functioned in Windows 8.1, Windows 8, or Windows 7 will continue to function in Windows 10. - -## Servicing - -Traditional Windows servicing has included several release types: major revisions (e.g., the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10, there are two release types: feature updates that add new functionality twice per year, and quality updates that provide security and reliability fixes at least once a month. - -With Windows 10, organizations will need to change the way they approach deploying updates. Servicing channels are the first way to separate users into deployment groups for feature and quality updates. With the introduction of servicing channels comes the concept of a [deployment ring](waas-deployment-rings-windows-10-updates.md), which is simply a way to categorize the combination of a deployment group and a servicing channel to group devices for successive waves of deployment. For more information about developing a deployment strategy that leverages servicing channels and deployment rings, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md). - -For information about each servicing tool available for Windows 10, see [Servicing tools](#servicing-tools). - -To align with this new update delivery model, Windows 10 has three servicing channels, each of which provides different levels of flexibility over when these updates are delivered to client computers. For information about the servicing channels available in Windows 10, see [Servicing channels](#servicing-channels). - -### Naming changes - -As part of the alignment with Windows 10 and Office 365 ProPlus, we are adopting common terminology to make it as easy as possible to understand the servicing process. Going forward, these are the new terms we will be using: -* Semi-Annual Channel - We will be referring to Current Branch (CB) as "Semi-Annual Channel (Targeted)", while Current Branch for Business (CBB) will simply be referred to as "Semi-Annual Channel". -* Long-Term Servicing Channel -  The Long-Term Servicing Branch (LTSB) will be referred to as Long-Term Servicing Channel (LTSC). - ->[!IMPORTANT] ->With each Semi-Annual Channel release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion, regardless of the "Targeted" designation. This will enable you to gain access to new features, experiences, and integrated security as soon as possible. For more information, see the blog post [Windows 10 and the "disappearing" SAC-T](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747). - ->[!NOTE] ->For additional information, see the section about [Servicing Channels](#servicing-channels). -> ->You can also read the blog post [Waas simplified and aligned](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/), with details on this change. - ->[!IMPORTANT] ->Devices on the Semi-Annual Channel (formerly called Current Branch for Business) must have their diagnostic data set to **1 (Basic)** or higher, in order to ensure that the service is performing at the expected quality. If diagnostic data is set to **0**, the device will be treated as if it were in the Semi-Annual Channel (Targeted)(formerly called Current Branch or CB) branch. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels). - -### Feature updates - -With Windows 10, Microsoft will package new features into feature updates that can be deployed using existing management tools. Because feature updates are delivered more frequently than with previous Windows releases — twice per year, around March and September, rather than every 3–5 years — changes will be in bite-sized chunks rather than all at once and end user readiness time much shorter. - ->[!TIP] -> The feature update cadence has been aligned with Office 365 ProPlus updates. Starting with this falls' update, both Windows and Office will deliver their major updates semi-annually, around March and September. See [upcoming changes to Office 365 ProPlus update management](https://support.office.com/article/Overview-of-the-upcoming-changes-to-Office-365-ProPlus-update-management-78b33779-9356-4cdf-9d2c-08350ef05cca) for more information about changes to Office update management. - -### Quality updates - -Monthly updates in previous Windows versions were often overwhelming because of the sheer number of updates available each month. Many organizations selectively chose which updates they wanted to install and which they didn’t, and this created countless scenarios in which organizations deployed essential security updates but picked only a subset of non-security fixes. - -In Windows 10, rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators will see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes patching simpler and ensures that customers’ devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from patching. The left side of Figure 1 provides an example of Windows 7 devices in an enterprise and what their current patch level might look like. On the right is what Microsoft’s test environment PCs contain. This drastic difference is the basis for many compatibility issues and system anomalies related to Windows updates. - -**Figure 1** - -![Comparison of patch environment in enterprise compared to test](images/waas-overview-patch.png) - - - -## Servicing channels - -To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how frequently their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. - -With that in mind, Windows 10 offers 3 servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). - -The concept of servicing channels is new, but organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows. For more information about the servicing tool options for Windows 10 and their capabilities, see [Servicing tools](#servicing-tools). - ->[!NOTE] ->Servicing channels are not the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md). - -### Semi-Annual Channel - -In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Windows 10, version 1607 and onward, includes more servicing tools that can delay feature updates for up to 365 days. This servicing model is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment. - -When Microsoft officially releases a feature update for Windows 10, it is made available to any PC not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about Windows 10 servicing tools, see [Servicing tools](#servicing-tools). - - -Organizations are expected to initiate targeted deployment on Semi-Annual Channel releases. All customers, independent software vendors (ISVs), and partners should use this time for testing and piloting within their environments. After 2-4 months, we will transition to broad deployment and encourage customers and partners to expand and accelerate the deployment of the release. For customers using Windows Update for Business, the Semi-Annual Channel provides three months of additional total deployment time before being required to update to the next release. - -> [!NOTE] -> All releases of Windows 10 have 18 months of servicing for all editions--these updates provide security and feature updates for the release. Customers running Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. These versions include Enterprise and Education editions for Windows 10, versions 1607, 1703, 1709 and 1803. Starting in October 2018, all Semi-Annual Channel releases in the September/October timeframe will also have the additional 12 months of servicing for a total of 30 months from the initial release. The Semi-Annual Channel versions released in March/April timeframe will continue to have an 18 month lifecycle. -> -> -> [!NOTE] -> Organizations can electively delay feature updates into as many phases as they wish by using one of the servicing tools mentioned in the section Servicing tools. - -### Long-term Servicing Channel - -Specialized systems—such as PCs that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Windows 10 Enterprise LTSB devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSB clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools. - ->[!NOTE] ->Windows 10 Enterprise LTSB is a separate Long Term Servicing Channel version. -> ->Long-term Servicing channel is not intended for deployment on most or all the PCs in an organization; it should be used only for special-purpose devices. As a general guideline, a PC with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel. - -Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. - ->[!NOTE] ->Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products). - -The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even if you install by using sideloading. - ->[!NOTE] ->If an organization has devices currently running Windows 10 Enterprise LTSB that it would like to change to the Semi-Annual Channel, it can make the change without losing user data. Because LTSB is its own SKU, however, an upgrade is required from Windows 10 Enterprise LTSB to Windows 10 Enterprise, which supports the Semi-Annual Channel. - -### Windows Insider - -For many IT pros, gaining visibility into feature updates early—before they’re available to the Semi-Annual Channel — can be both intriguing and valuable for future end user communications as well as provide the means to test for any issues on the next Semi-Annual Channel release. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft. - -Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](waas-windows-insider-for-business.md). - ->[!NOTE] ->Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub app. -> ->The Windows Insider Program isn’t intended to replace Semi-Annual Channel deployments in an organization. Rather, it provides IT pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft. - - - -## Servicing tools - -There are many tools with which IT pros can service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates: - -- **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the Semi-Annual Channel. Organizations can target which devices defer updates by selecting the Defer upgrades check box in Start\Settings\Update & Security\Advanced Options on a Windows 10 client. -- **Windows Update for Business** is the second option for servicing Windows as a service. This servicing tool includes control over update deferment and provides centralized management using Group Policy. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the Semi-Annual Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune. -- **Windows Server Update Services (WSUS)** provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready. -- **System Center Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times. - -With all these options, which an organization chooses depends on the resources, staff, and expertise its IT organization already has. For example, if IT already uses System Center Configuration Manager to manage Windows updates, it can continue to use it. Similarly, if IT is using WSUS, it can continue to use that. For a consolidated look at the benefits of each tool, see Table 1. - -**Table 1** - -| Servicing tool | Can updates be deferred? | Ability to approve updates | Peer-to-peer option | Additional features | -| --- | --- | --- | --- | --- | -| Windows Update | Yes (manual) | No | Delivery Optimization | None| -| Windows Update for Business | Yes | No | Delivery Optimization | Other Group Policy objects | -| WSUS | Yes | Yes | BranchCache or Delivery Optimization | Upstream/downstream server scalability | -| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache | Distribution points, multiple deployment options | - ->[!NOTE] ->Due to [naming changes](#naming-changes), older terms like CB,CBB and LTSB may still be displayed in some of our products. - -
      - -## Steps to manage updates for Windows 10 - -| | | -| --- | --- | -| ![done](images/checklistdone.png) | Learn about updates and servicing channels (this topic) | -| ![to do](images/checklistbox.gif) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | -| ![to do](images/checklistbox.gif) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) | -| ![to do](images/checklistbox.gif) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) | -| ![to do](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | -| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
      or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
      or [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) | - - - -## Related topics - -- [Update Windows 10 in the enterprise](index.md) -- [Quick guide to Windows as a service](waas-quick-start.md) -- [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) -- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) -- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) -- [Configure Windows Update for Business](waas-configure-wufb.md) -- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) -- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) -- [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md) -- [Manage device restarts after updates](waas-restart.md) - +--- +title: Overview of Windows as a service (Windows 10) +description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy. +keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.audience: itpro +author: greg-lindsay +ms.date: 09/24/2018 +ms.reviewer: +manager: laurawi +ms.topic: article +--- + +# Overview of Windows as a service + + +**Applies to** + +- Windows 10 +- Windows 10 Mobile +- Windows 10 IoT Mobile + +> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) + +The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. + +Click the following Microsoft Mechanics video for an overview of the release model, particularly the Semi-Annual Channel. + + +[![YouTube video of Michael Niehouse explaining how the Semi-Annual Channel works](images/SAC_vid_crop.jpg)](https://youtu.be/qSAsiM01GOU) + +## Building + +Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features — a scenario that doesn’t work in today’s rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges. Windows as a service will deliver smaller feature updates two times per year, around March and September, to help address these issues. + +In the past, when Microsoft developed new versions of Windows, it typically released technical previews near the end of the process, when Windows was nearly ready to ship. With Windows 10, new features will be delivered to the [Windows Insider community](https://insider.windows.com/) as soon as possible — during the development cycle, through a process called *flighting* — so that organizations can see exactly what Microsoft is developing and start their testing as soon as possible. + +Microsoft also depends on receiving feedback from organizations throughout the development process so that it can make adjustments as quickly as possible rather than waiting until after release. For more information about the Windows Insider Program and how to sign up, see the section [Windows Insider](#windows-insider). + +Of course Microsoft also performs extensive internal testing, with engineering teams installing new builds daily, and larger groups of employees installing builds frequently, all before those builds are ever released to the Windows Insider Program. + +## Deploying + +Deploying Windows 10 is simpler than with previous versions of Windows. When migrating from earlier versions of Windows, an easy in-place upgrade process can be used to automatically preserve all apps, settings, and data. And once running Windows 10, deployment of Windows 10 feature updates will be equally simple. + +One of the biggest challenges for organizations when it comes to deploying a new version of Windows is compatibility testing. Whereas compatibility was previously a concern for organizations upgrading to a new version of Windows, Windows 10 is compatible with most hardware and software capable of running on Windows 7 or later. Because of this high level of compatibility, the app compatibility testing process can be greatly simplified. + +### Application compatibility + +Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. With Windows 10, application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously. Microsoft understands the challenges organizations experienced when they migrated from the Windows XP operating system to Windows 7 and has been working to make Windows 10 upgrades a much better experience. + +Most Windows 7–compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal. Combined with valuable feedback via the Windows Insider Program and diagnostic data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10. + +For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. If it’s unclear whether an application is compatible with Windows 10, IT pros can either consult with the ISV or check the supported software directory at [http://www.readyforwindows.com](http://www.readyforwindows.com). + +### Device compatibility + +Device compatibility in Windows 10 is also very strong; new hardware is not needed for Windows 10 as any device capable of running Windows 7 or later can run Windows 10. In fact, the minimum hardware requirements to run Windows 10 are the same as those required for Windows 7. Most hardware drivers that functioned in Windows 8.1, Windows 8, or Windows 7 will continue to function in Windows 10. + +## Servicing + +Traditional Windows servicing has included several release types: major revisions (e.g., the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10, there are two release types: feature updates that add new functionality twice per year, and quality updates that provide security and reliability fixes at least once a month. + +With Windows 10, organizations will need to change the way they approach deploying updates. Servicing channels are the first way to separate users into deployment groups for feature and quality updates. With the introduction of servicing channels comes the concept of a [deployment ring](waas-deployment-rings-windows-10-updates.md), which is simply a way to categorize the combination of a deployment group and a servicing channel to group devices for successive waves of deployment. For more information about developing a deployment strategy that leverages servicing channels and deployment rings, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md). + +For information about each servicing tool available for Windows 10, see [Servicing tools](#servicing-tools). + +To align with this new update delivery model, Windows 10 has three servicing channels, each of which provides different levels of flexibility over when these updates are delivered to client computers. For information about the servicing channels available in Windows 10, see [Servicing channels](#servicing-channels). + +### Naming changes + +As part of the alignment with Windows 10 and Office 365 ProPlus, we are adopting common terminology to make it as easy as possible to understand the servicing process. Going forward, these are the new terms we will be using: +* Semi-Annual Channel - We will be referring to Current Branch (CB) as "Semi-Annual Channel (Targeted)", while Current Branch for Business (CBB) will simply be referred to as "Semi-Annual Channel". +* Long-Term Servicing Channel -  The Long-Term Servicing Branch (LTSB) will be referred to as Long-Term Servicing Channel (LTSC). + +>[!IMPORTANT] +>With each Semi-Annual Channel release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion, regardless of the "Targeted" designation. This will enable you to gain access to new features, experiences, and integrated security as soon as possible. For more information, see the blog post [Windows 10 and the "disappearing" SAC-T](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747). + +> [!NOTE] +>For additional information, see the section about [Servicing Channels](#servicing-channels). +> +>You can also read the blog post [Waas simplified and aligned](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/), with details on this change. + +> [!IMPORTANT] +> Devices on the Semi-Annual Channel (formerly called Current Branch for Business) must have their diagnostic data set to **1 (Basic)** or higher, in order to ensure that the service is performing at the expected quality. If diagnostic data is set to **0**, the device will be treated as if it were in the Semi-Annual Channel (Targeted)(formerly called Current Branch or CB) branch. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels). + +### Feature updates + +With Windows 10, Microsoft will package new features into feature updates that can be deployed using existing management tools. Because feature updates are delivered more frequently than with previous Windows releases — twice per year, around March and September, rather than every 3–5 years — changes will be in bite-sized chunks rather than all at once and end user readiness time much shorter. + +>[!TIP] +> The feature update cadence has been aligned with Office 365 ProPlus updates. Starting with this falls' update, both Windows and Office will deliver their major updates semi-annually, around March and September. See [upcoming changes to Office 365 ProPlus update management](https://support.office.com/article/Overview-of-the-upcoming-changes-to-Office-365-ProPlus-update-management-78b33779-9356-4cdf-9d2c-08350ef05cca) for more information about changes to Office update management. + +### Quality updates + +Monthly updates in previous Windows versions were often overwhelming because of the sheer number of updates available each month. Many organizations selectively chose which updates they wanted to install and which they didn’t, and this created countless scenarios in which organizations deployed essential security updates but picked only a subset of non-security fixes. + +In Windows 10, rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators will see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes patching simpler and ensures that customers’ devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from patching. The left side of Figure 1 provides an example of Windows 7 devices in an enterprise and what their current patch level might look like. On the right is what Microsoft’s test environment PCs contain. This drastic difference is the basis for many compatibility issues and system anomalies related to Windows updates. + +**Figure 1** + +![Comparison of patch environment in enterprise compared to test](images/waas-overview-patch.png) + + + +## Servicing channels + +To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how frequently their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. + +With that in mind, Windows 10 offers 3 servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). + +The concept of servicing channels is new, but organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows. For more information about the servicing tool options for Windows 10 and their capabilities, see [Servicing tools](#servicing-tools). + +> [!NOTE] +> Servicing channels are not the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md). + +### Semi-Annual Channel + +In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Windows 10, version 1607 and onward, includes more servicing tools that can delay feature updates for up to 365 days. This servicing model is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment. + +When Microsoft officially releases a feature update for Windows 10, it is made available to any PC not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about Windows 10 servicing tools, see [Servicing tools](#servicing-tools). + + +Organizations are expected to initiate targeted deployment on Semi-Annual Channel releases. All customers, independent software vendors (ISVs), and partners should use this time for testing and piloting within their environments. After 2-4 months, we will transition to broad deployment and encourage customers and partners to expand and accelerate the deployment of the release. For customers using Windows Update for Business, the Semi-Annual Channel provides three months of additional total deployment time before being required to update to the next release. + +> [!NOTE] +> All releases of Windows 10 have 18 months of servicing for all editions--these updates provide security and feature updates for the release. Customers running Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. These versions include Enterprise and Education editions for Windows 10, versions 1607, 1703, 1709 and 1803. Starting in October 2018, all Semi-Annual Channel releases in the September/October timeframe will also have the additional 12 months of servicing for a total of 30 months from the initial release. The Semi-Annual Channel versions released in March/April timeframe will continue to have an 18 month lifecycle. +> +> +> [!NOTE] +> Organizations can electively delay feature updates into as many phases as they wish by using one of the servicing tools mentioned in the section Servicing tools. + +### Long-term Servicing Channel + +Specialized systems—such as PCs that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Windows 10 Enterprise LTSB devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSB clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools. + +> [!NOTE] +> Windows 10 Enterprise LTSB is a separate Long Term Servicing Channel version. +> +> Long-term Servicing channel is not intended for deployment on most or all the PCs in an organization; it should be used only for special-purpose devices. As a general guideline, a PC with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel. + +Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. + +> [!NOTE] +> Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products). + +The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even if you install by using sideloading. + +> [!NOTE] +> If an organization has devices currently running Windows 10 Enterprise LTSB that it would like to change to the Semi-Annual Channel, it can make the change without losing user data. Because LTSB is its own SKU, however, an upgrade is required from Windows 10 Enterprise LTSB to Windows 10 Enterprise, which supports the Semi-Annual Channel. + +### Windows Insider + +For many IT pros, gaining visibility into feature updates early—before they’re available to the Semi-Annual Channel — can be both intriguing and valuable for future end user communications as well as provide the means to test for any issues on the next Semi-Annual Channel release. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft. + +Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](waas-windows-insider-for-business.md). + +> [!NOTE] +> Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub app. +> +> The Windows Insider Program isn’t intended to replace Semi-Annual Channel deployments in an organization. Rather, it provides IT pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft. + + + +## Servicing tools + +There are many tools with which IT pros can service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates: + +- **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the Semi-Annual Channel. Organizations can target which devices defer updates by selecting the Defer upgrades check box in Start\Settings\Update & Security\Advanced Options on a Windows 10 client. +- **Windows Update for Business** is the second option for servicing Windows as a service. This servicing tool includes control over update deferment and provides centralized management using Group Policy. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the Semi-Annual Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune. +- **Windows Server Update Services (WSUS)** provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready. +- **System Center Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times. + +With all these options, which an organization chooses depends on the resources, staff, and expertise its IT organization already has. For example, if IT already uses System Center Configuration Manager to manage Windows updates, it can continue to use it. Similarly, if IT is using WSUS, it can continue to use that. For a consolidated look at the benefits of each tool, see Table 1. + +**Table 1** + +| Servicing tool | Can updates be deferred? | Ability to approve updates | Peer-to-peer option | Additional features | +| --- | --- | --- | --- | --- | +| Windows Update | Yes (manual) | No | Delivery Optimization | None| +| Windows Update for Business | Yes | No | Delivery Optimization | Other Group Policy objects | +| WSUS | Yes | Yes | BranchCache or Delivery Optimization | Upstream/downstream server scalability | +| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache | Distribution points, multiple deployment options | + +> [!NOTE] +> Due to [naming changes](#naming-changes), older terms like CB,CBB and LTSB may still be displayed in some of our products. + +
      + +## Steps to manage updates for Windows 10 + +| | | +| --- | --- | +| ![done](images/checklistdone.png) | Learn about updates and servicing channels (this topic) | +| ![to do](images/checklistbox.gif) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | +| ![to do](images/checklistbox.gif) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) | +| ![to do](images/checklistbox.gif) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) | +| ![to do](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | +| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
      or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
      or [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) | + + + +## Related topics + +- [Update Windows 10 in the enterprise](index.md) +- [Quick guide to Windows as a service](waas-quick-start.md) +- [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) +- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) +- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) +- [Configure Windows Update for Business](waas-configure-wufb.md) +- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) +- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) +- [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md) +- [Manage device restarts after updates](waas-restart.md) + diff --git a/windows/deployment/update/waas-servicing-differences.md b/windows/deployment/update/waas-servicing-differences.md index 4e7773bbf9..fda8dac6f6 100644 --- a/windows/deployment/update/waas-servicing-differences.md +++ b/windows/deployment/update/waas-servicing-differences.md @@ -1,119 +1,121 @@ ---- -title: Servicing differences between Windows 10 and older operating systems -ms.reviewer: -manager: laurawi -description: Learn the differences between servicing Windows 10 and servicing older operating systems. -keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.audience: itpro author: greg-lindsay -ms.topic: article -ms.collection: M365-modern-desktop ---- -# Understanding the differences between servicing Windows 10-era and legacy Windows operating systems - -> Applies to: Windows 10 -> -> **February 15, 2019: This document has been corrected and edited to reflect that security-only updates for legacy OS versions are not cumulative. They were previously identified as cumulative similar to monthly rollups, which is inaccurate.** - -Today, many enterprise customers have a mix of modern and legacy client and server operating systems. Managing the servicing and updating differences between those legacy operating systems and Windows 10 versions adds a level of complexity that is not well understood. This can be confusing. With the end of support for legacy [Windows 7 SP1](https://support.microsoft.com/help/4057281/windows-7-support-will-end-on-january-14-2020) and Windows Server 2008 R2 variants on January 14, 2020, System Administrators have a critical need critical to understand how best to leverage a modern workplace to support system updates. - -The following provides an initial overview of how updating client and server differs between the Windows 10-era Operating Systems (such as, Windows 10 version 1709, Windows Server 2016) and legacy operating systems (such as Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2). - ->[!NOTE] ->A note on naming convention in this article: For brevity, "Windows 10" refers to all operating systems across client, server and IoT released since July 2015, while "legacy" refers to all operating systems prior to that period for client and server, including Windows 7, Window 8.1, Windows Server 2008 R2, Windows Server 2012 R2, etc. - -## Infinite fragmentation -Prior to Windows 10, all updates to operating system (OS) components were published individually. On "Update Tuesday," customers would pick and choose individual updates they wanted to apply. Most chose to update security fixes, while far fewer selected non-security fixes, updated drivers, or installed .NET Framework updates. - -As a result, each environment within the global Windows ecosystem that had only a subset of security and non-security fixes installed had a different set of binaries and behaviors than those that consistently installed every available update as tested by Microsoft. - -This resulted in a fragmented ecosystem that created diverse challenges in predictively testing interoperability, resulting in high update failure rates - which were subsequently mitigated by customers removing individual updates that were causing issues. Each customer that selectively removed individual updates amplified this fragmentation by creating more diverse environment permutations across the ecosystem. As an IT Administrator once quipped, "If you’ve seen one Windows 7 PC, you have seen one Windows 7 PC," suggesting no consistency or predictability across more than 250M commercial devices at the time. - -## Windows 10 – Next generation -Windows 10 provided an opportunity to end the era of infinite fragmentation. With Windows 10 and the Windows as a service model, updates came rolled together in the "latest cumulative update" (LCU) packages for both client and server. Every new update published includes all changes from previous updates, as well as new fixes. Since Windows client and server share the same code base, these LCUs allow the same update to be installed on the same client and server OS family, further reducing fragmentation. - -This helps simplify servicing. Devices with the original Release to Market (RTM) version of a feature release installed could get up to date by installing the most recent LCU. - -Windows publishes the new LCU packages for each Windows 10 version (1607, 1709, etc.) on the second Tuesday of each month. This package is classified as a required security update and contains contents from the previous LCU as well as new security, non-security and Internet Explorer 11 (IE11) fixes. The security classification, by definition, requires a reboot of the device to complete installation of the update. - - -![High level cumulative update model](images/servicing-cadence.png) -*Figure 1.0 - High level cumulative update model* - -Another benefit of the LCU model is fewer steps. Devices that have the original Release to Market (RTM) version of a release can install the most recent LCU to get up to date in one step, rather than having to install multiple updates with reboots after each. - -This cumulative update model for Windows 10 has helped provide the Windows ecosystem with consistent update experiences that can be predicted by baseline testing before release. Even with highly complex updates with hundreds of fixes, the number of incidents with monthly security updates for Windows 10 have fallen month over month since the initial release of Windows 10. - -### Points to consider - -- Windows 10 does not have the concept of a Security-Only or Monthly Rollup for updates. All updates are an LCU package, which includes the last release plus anything new. -- Windows 10 no longer has the concept of a "hotfix" since all individual updates must be rolled into the cumulative packages. (Note: Any private fix is offered for customer validation only, and then rolled into an LCU.) -- [Updates for the .NET Framework](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/) are NOT included in the Windows 10 LCU. They are separate packages with different behaviors depending on the version of .NET Framework being updated, and on which OS. As of October 2018, .NET Framework updates for Windows 10 will be separate and have their own cumulative update model. -- For Windows 10, available update types vary by publishing channel: - - For customers using Windows Server Update Services (WSUS) and for the Update Catalog, several different updates types for Windows 10 are rolled together for the core OS in a single LCU package, with exception of Servicing Stack Updates. - - Servicing Stack Updates (SSU) are available for download from the Update Catalog and can be imported through WSUS. Servicing Stack Updates (SSU) will be synced automatically (See this example for Windows 10, version 1709). Learn more about [Servicing Stack Updates](https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates). - - For customers connecting to Windows Update, the new cloud update architecture uses a database of updates which break out all the different update types, including Servicing Stack Updates (SSU) and Dynamic Updates (DU). The update scanning in the Windows 10 servicing stack on the client automatically takes only the updates that are needed by the device to be completely up to date. -- Windows 7 and other legacy operating systems have cumulative updates that operate differently than in Windows 10 (see next section). - -## Windows 7 and legacy OS versions -While Windows 10 updates could have been controlled as cumulative from "Day 1," the legacy OS ecosystem for both client and server was highly fragmented. Recognizing the challenges of update quality in a fragmented environment, we moved Windows 7 to a cumulative update model in October 2016. - -Customers saw the LCU model used for Windows 10 as having packages that were too large and represented too much of a change for legacy operating systems, so a different model was implemented. Windows instead offered one cumulative package (Monthly Rollup) and one individual package (Security Only) for all legacy operating systems. - -The Monthly Rollup includes new non-security (if appropriate), security updates, Internet Explorer (IE) updates, and all updates from the previous month similar to the Windows 10 model. The Security-only package includes only new security updates for the month. This means that any security updates from any previous month are not included in current month’s Security-Only Package. If a Security-Only update is missed, it is missed. Those updates will not appear in a future Security-Only update. Additionally, a cumulative package is offered for IE, which can be tested and installed separately, reducing the total update package size. The IE cumulative update includes both security and non-security fixes following the same model as Windows 10. - -![Legacy OS security-only update model](images/security-only-update.png) -*Figure 2.0 - Legacy OS security-only update model* - -Moving to the cumulative model for legacy OS versions continues to improve predictability of update quality. The Windows legacy environments which have fully updated machines with Monthly Rollups are running the same baseline against which all legacy OS version updates are tested. These include all of the updates (security and non-security) prior to and after October 2016. Many customer environments do not have all updates prior to this change installed, which leaves some continued fragmentation in the ecosystem. Further, customers who are installing Security-Only Updates and potentially doing so inconsistently are also more fragmented than Microsoft’s test environments for legacy OS version. This remaining fragmentation results in issues like those seen when the September 2016 Servicing Stack Update (SSU) was needed for smooth installation of the August 2018 security update. These environments did not have the SSU applied previously. - -### Points to consider -- Windows 7 and Windows 8 legacy operating system updates [moved from individual to cumulative in October 2016](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/More-on-Windows-7-and-Windows-8-1-servicing-changes/ba-p/166783). Devices with updates missing prior to that point are still missing those updates, as they were not included in the subsequent cumulative packages. -- "Hotfixes" are no longer published for legacy OS versions. All updates are rolled into the appropriate package depending on their classification as either non-security, security, or Internet Explorer updates. (Note: any private fix is offered for customer validation only. Once validated they are then rolled into a Monthly Rollup or IE cumulative update, as appropriate.) -- Both Monthly Rollups and Security-only updates released on Update Tuesday for legacy OS versions are identified as "security required" updates, because both have the full set of security updates in them. The Monthly Rollup may have additional non-security updates that are not included in the Security Only update. The "security" classification requires the device be rebooted so the update can be fully installed. -- Given the differences between the cumulative Monthly Rollups and the single-month Security-only update packages, switching between these update types is not advised. Differences in the baselines of these packages may result in installation errors and conflicts. Choosing one and staying on that update type with high consistency – Monthly Rollup or Security-only – is recommended. -- With all Legacy OS versions now in the Extended Support stage of their 10-year lifecycle, they typically receive only security updates for both Monthly Rollup and Security Only updates. Using Express for the Monthly Rollup results in almost the same package size as Security Only, with the added confidence of ensuring all relevant updates are installed. -- In [February 2017](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplified-servicing-for-Windows-7-and-Windows-8-1-the-latest/ba-p/166798), Windows pulled IE updates out of the legacy OS versions Security-only updates, while leaving them in the Monthly Rollup updates. This was done specifically to reduce package size based on customer feedback. -- The IE cumulative update includes both security and non-security updates and is also needed for to help secure the entire environment. This update can be installed separately or as part of the Monthly Rollup. -- [Updates for .NET Framework](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/) are NOT included in legacy Monthly Rollup or Security Only packages. They are separate packages with different behaviors depending on the version of the .NET Framework, and which legacy OS, being updated. -- For [Windows Server 2008 SP2](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/), cumulative updates began in October 2018, and follow the same model as Windows 7. Updates for IE9 are included in those packages, as the last supported version of Internet Explorer for that Legacy OS version. - -## Public preview releases -Lastly, the cumulative update model directly impacts the public Preview releases offered in the 3rd and/or 4th weeks of the month. Update Tuesday, also referred to as the "B" week release occurs on the second Tuesday of the month. It is always a required security update across all operating systems. In addition to this monthly release, Windows also releases non-security update "previews" targeting the 3rd (C) and the 4th (D) weeks of the month. These preview releases include that month’s B-release plus a set of non-security updates for testing and validation as a cumulative package. We recommend IT Administrators uses the C/D previews to test the update in their environments. Any issues identified with the updates in the C/D releases are identified and then fixed or removed, prior to being rolled up in to the next month’s B release package together with new security updates. Security-only Packages are not part of the C/D preview program. - -### Examples -Windows 10 version 1709: -- (9B) September 11, 2018 Update Tuesday / B release - includes security, non-security and IE update. This update is categorized as "Required, Security" it requires a system reboot. -- (9C) September 26, 2018 Preview C release - includes everything from 9B PLUS some non-security updates for testing/validation. This update is qualified as not required, non-security. No system reboot is required. -- (10B) October 9, 2018 Update Tuesday / B release includes all fixes included in 9B, all fixes in 9C and introduces new security fixes and IE updates. This update is qualified as "Required, Security" and requires a system reboot. -All of these updates are cumulative and build on each other for Windows 10. This is in contrast to legacy OS versions, where the 9C release becomes part of the "Monthly Rollup," but not the "Security Only" update. In other words, a Window 7 SP1 9C update is part of the cumulative "Monthly Rollup" but not included in the "Security Only" update because the fixes are qualified as "non-security". This is an important variation to note on the two models. - -![Preview releases in the Windows 10 LCU model](images/servicing-previews.png) -*Figure 3.0 - Preview releases within the Windows 10 LCU model* - -## Previews vs. on-demand releases -In 2018, we experienced incidents which required urgent remediation that didn’t map to the monthly update release cadence. These incidents were situations that required an immediate fix to an Update Tuesday release. While Windows engineering worked aggressively to respond within a week of the B-release, these "on-demand" releases created confusion with the C Preview releases. - -As a general policy, if a Security-Only package has a regression, which is defined as an unintentional error in the code of an update, then the fix for that regression will be added to the next month’s Security-Only Update. The fix for that regression may also be offered as part an On-Demand release and will be rolled into the next Monthly Update. (Note: Exceptions do exist to this policy, based on timing.) - -### Point to consider -- When Windows identifies an issue with a Update Tuesday release, engineering teams work to remediate or fix the issue as quickly as possible. The outcome is often a new update which may be released at any time, including during the 3rd or 4th week of the month. Such updates are independent of the regularly scheduled "C" and "D" update previews. These updates are created on-demand to remediate a customer impacting issue. In most cases they are qualified as a "non-security" update, and do not require a system reboot. -- Rarely do incidents with Update Tuesday releases impact more than .1% of the total population. With the new Windows Update (WU) architecture, updates can be targeted to affected devices. This targeting is not available through the Update Catalog or WSUS channels, however. -- On-demand releases address a specific issue with an Update Tuesday release and are often qualified as "non-security" for one of two reasons. First, the fix may not be an additional security fix, but a non-security change to the update. Second, the "non-security" designation allows individuals or companies to choose when and how to reboot the devices, rather than forcing a system reboot on all Windows devices receiving the update globally. This trade-off is rarely a difficult choice as it has the potential to impact customer experience across client and server, across consumer and commercial customers for more than one billion devices. -- Because the cumulative model is used across Window 10 and legacy Windows OS versions, despite variations between these OS versions, an out of band release will include all of the changes from the Update Tuesday release plus the fix that addresses the issue. And since Windows no longer releases hotfixes, everything is cumulative in some way. - -In closing, I hope this overview of the update model across current and legacy Windows OS versions highlights the benefits of the Windows 10 cumulative update model to help defragment the Windows ecosystem environments, simplify servicing and help make systems more secure. - -## Resources -- [Simplifying updates for Windows 7 and 8.1](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplifying-updates-for-Windows-7-and-8-1/ba-p/166530) -- [Further simplifying servicing models for Windows 7 and Windows 8.1](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Further-simplifying-servicing-models-for-Windows-7-and-Windows-8/ba-p/166772) -- [More on Windows 7 and Windows 8.1 servicing changes](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/More-on-Windows-7-and-Windows-8-1-servicing-changes/ba-p/166783) -- [.NET Framework Monthly Rollups Explained](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/) -- [Simplified servicing for Windows 7 and Windows 8.1: the latest improvements](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplified-servicing-for-Windows-7-and-Windows-8-1-the-latest/ba-p/166798) -- [Windows Server 2008 SP2 servicing changes](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/) -- [Windows 10 update servicing cadence](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376) -- [Windows 7 servicing stack updates: managing change and appreciating cumulative updates](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-7-servicing-stack-updates-managing-change-and/ba-p/260434) +--- +title: Servicing differences between Windows 10 and older operating systems +ms.reviewer: +manager: laurawi +description: Learn the differences between servicing Windows 10 and servicing older operating systems. +keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.audience: itpro +author: greg-lindsay +ms.topic: article +ms.collection: M365-modern-desktop +--- +# Understanding the differences between servicing Windows 10-era and legacy Windows operating systems + +> Applies to: Windows 10 +> +> **February 15, 2019: This document has been corrected and edited to reflect that security-only updates for legacy OS versions are not cumulative. They were previously identified as cumulative similar to monthly rollups, which is inaccurate.** + +Today, many enterprise customers have a mix of modern and legacy client and server operating systems. Managing the servicing and updating differences between those legacy operating systems and Windows 10 versions adds a level of complexity that is not well understood. This can be confusing. With the end of support for legacy [Windows 7 SP1](https://support.microsoft.com/help/4057281/windows-7-support-will-end-on-january-14-2020) and Windows Server 2008 R2 variants on January 14, 2020, System Administrators have a critical need to understand how best to leverage a modern workplace to support system updates. + +The following provides an initial overview of how updating client and server differs between the Windows 10-era Operating Systems (such as, Windows 10 version 1709, Windows Server 2016) and legacy operating systems (such as Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2). + +>[!NOTE] +>A note on naming convention in this article: For brevity, "Windows 10" refers to all operating systems across client, server and IoT released since July 2015, while "legacy" refers to all operating systems prior to that period for client and server, including Windows 7, Window 8.1, Windows Server 2008 R2, Windows Server 2012 R2, etc. + +## Infinite fragmentation +Prior to Windows 10, all updates to operating system (OS) components were published individually. On "Update Tuesday," customers would pick and choose individual updates they wanted to apply. Most chose to update security fixes, while far fewer selected non-security fixes, updated drivers, or installed .NET Framework updates. + +As a result, each environment within the global Windows ecosystem that had only a subset of security and non-security fixes installed had a different set of binaries and behaviors than those that consistently installed every available update as tested by Microsoft. + +This resulted in a fragmented ecosystem that created diverse challenges in predictively testing interoperability, resulting in high update failure rates - which were subsequently mitigated by customers removing individual updates that were causing issues. Each customer that selectively removed individual updates amplified this fragmentation by creating more diverse environment permutations across the ecosystem. As an IT Administrator once quipped, "If you’ve seen one Windows 7 PC, you have seen one Windows 7 PC," suggesting no consistency or predictability across more than 250M commercial devices at the time. + +## Windows 10 – Next generation +Windows 10 provided an opportunity to end the era of infinite fragmentation. With Windows 10 and the Windows as a service model, updates came rolled together in the "latest cumulative update" (LCU) packages for both client and server. Every new update published includes all changes from previous updates, as well as new fixes. Since Windows client and server share the same code base, these LCUs allow the same update to be installed on the same client and server OS family, further reducing fragmentation. + +This helps simplify servicing. Devices with the original Release to Market (RTM) version of a feature release installed could get up to date by installing the most recent LCU. + +Windows publishes the new LCU packages for each Windows 10 version (1607, 1709, etc.) on the second Tuesday of each month. This package is classified as a required security update and contains contents from the previous LCU as well as new security, non-security and Internet Explorer 11 (IE11) fixes. The security classification, by definition, requires a reboot of the device to complete installation of the update. + + +![High level cumulative update model](images/servicing-cadence.png) +*Figure 1.0 - High level cumulative update model* + +Another benefit of the LCU model is fewer steps. Devices that have the original Release to Market (RTM) version of a release can install the most recent LCU to get up to date in one step, rather than having to install multiple updates with reboots after each. + +This cumulative update model for Windows 10 has helped provide the Windows ecosystem with consistent update experiences that can be predicted by baseline testing before release. Even with highly complex updates with hundreds of fixes, the number of incidents with monthly security updates for Windows 10 have fallen month over month since the initial release of Windows 10. + +### Points to consider + +- Windows 10 does not have the concept of a Security-Only or Monthly Rollup for updates. All updates are an LCU package, which includes the last release plus anything new. +- Windows 10 no longer has the concept of a "hotfix" since all individual updates must be rolled into the cumulative packages. (Note: Any private fix is offered for customer validation only, and then rolled into an LCU.) +- [Updates for the .NET Framework](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/) are NOT included in the Windows 10 LCU. They are separate packages with different behaviors depending on the version of .NET Framework being updated, and on which OS. As of October 2018, .NET Framework updates for Windows 10 will be separate and have their own cumulative update model. +- For Windows 10, available update types vary by publishing channel: + - For customers using Windows Server Update Services (WSUS) and for the Update Catalog, several different updates types for Windows 10 are rolled together for the core OS in a single LCU package, with exception of Servicing Stack Updates. + - Servicing Stack Updates (SSU) are available for download from the Update Catalog and can be imported through WSUS. Servicing Stack Updates (SSU) will be synced automatically (See this example for Windows 10, version 1709). Learn more about [Servicing Stack Updates](https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates). + - For customers connecting to Windows Update, the new cloud update architecture uses a database of updates which break out all the different update types, including Servicing Stack Updates (SSU) and Dynamic Updates (DU). The update scanning in the Windows 10 servicing stack on the client automatically takes only the updates that are needed by the device to be completely up to date. +- Windows 7 and other legacy operating systems have cumulative updates that operate differently than in Windows 10 (see next section). + +## Windows 7 and legacy OS versions +While Windows 10 updates could have been controlled as cumulative from "Day 1," the legacy OS ecosystem for both client and server was highly fragmented. Recognizing the challenges of update quality in a fragmented environment, we moved Windows 7 to a cumulative update model in October 2016. + +Customers saw the LCU model used for Windows 10 as having packages that were too large and represented too much of a change for legacy operating systems, so a different model was implemented. Windows instead offered one cumulative package (Monthly Rollup) and one individual package (Security Only) for all legacy operating systems. + +The Monthly Rollup includes new non-security (if appropriate), security updates, Internet Explorer (IE) updates, and all updates from the previous month similar to the Windows 10 model. The Security-only package includes only new security updates for the month. This means that any security updates from any previous month are not included in current month’s Security-Only Package. If a Security-Only update is missed, it is missed. Those updates will not appear in a future Security-Only update. Additionally, a cumulative package is offered for IE, which can be tested and installed separately, reducing the total update package size. The IE cumulative update includes both security and non-security fixes following the same model as Windows 10. + +![Legacy OS security-only update model](images/security-only-update.png) +*Figure 2.0 - Legacy OS security-only update model* + +Moving to the cumulative model for legacy OS versions continues to improve predictability of update quality. The Windows legacy environments which have fully updated machines with Monthly Rollups are running the same baseline against which all legacy OS version updates are tested. These include all of the updates (security and non-security) prior to and after October 2016. Many customer environments do not have all updates prior to this change installed, which leaves some continued fragmentation in the ecosystem. Further, customers who are installing Security-Only Updates and potentially doing so inconsistently are also more fragmented than Microsoft’s test environments for legacy OS version. This remaining fragmentation results in issues like those seen when the September 2016 Servicing Stack Update (SSU) was needed for smooth installation of the August 2018 security update. These environments did not have the SSU applied previously. + +### Points to consider +- Windows 7 and Windows 8 legacy operating system updates [moved from individual to cumulative in October 2016](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/More-on-Windows-7-and-Windows-8-1-servicing-changes/ba-p/166783). Devices with updates missing prior to that point are still missing those updates, as they were not included in the subsequent cumulative packages. +- "Hotfixes" are no longer published for legacy OS versions. All updates are rolled into the appropriate package depending on their classification as either non-security, security, or Internet Explorer updates. (Note: any private fix is offered for customer validation only. Once validated they are then rolled into a Monthly Rollup or IE cumulative update, as appropriate.) +- Both Monthly Rollups and Security-only updates released on Update Tuesday for legacy OS versions are identified as "security required" updates, because both have the full set of security updates in them. The Monthly Rollup may have additional non-security updates that are not included in the Security Only update. The "security" classification requires the device be rebooted so the update can be fully installed. +- Given the differences between the cumulative Monthly Rollups and the single-month Security-only update packages, switching between these update types is not advised. Differences in the baselines of these packages may result in installation errors and conflicts. Choosing one and staying on that update type with high consistency – Monthly Rollup or Security-only – is recommended. +- With all Legacy OS versions now in the Extended Support stage of their 10-year lifecycle, they typically receive only security updates for both Monthly Rollup and Security Only updates. Using Express for the Monthly Rollup results in almost the same package size as Security Only, with the added confidence of ensuring all relevant updates are installed. +- In [February 2017](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplified-servicing-for-Windows-7-and-Windows-8-1-the-latest/ba-p/166798), Windows pulled IE updates out of the legacy OS versions Security-only updates, while leaving them in the Monthly Rollup updates. This was done specifically to reduce package size based on customer feedback. +- The IE cumulative update includes both security and non-security updates and is also needed for to help secure the entire environment. This update can be installed separately or as part of the Monthly Rollup. +- [Updates for .NET Framework](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/) are NOT included in legacy Monthly Rollup or Security Only packages. They are separate packages with different behaviors depending on the version of the .NET Framework, and which legacy OS, being updated. +- For [Windows Server 2008 SP2](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/), cumulative updates began in October 2018, and follow the same model as Windows 7. Updates for IE9 are included in those packages, as the last supported version of Internet Explorer for that Legacy OS version. + +## Public preview releases +Lastly, the cumulative update model directly impacts the public Preview releases offered in the 3rd and/or 4th weeks of the month. Update Tuesday, also referred to as the "B" week release occurs on the second Tuesday of the month. It is always a required security update across all operating systems. In addition to this monthly release, Windows also releases non-security update "previews" targeting the 3rd (C) and the 4th (D) weeks of the month. These preview releases include that month’s B-release plus a set of non-security updates for testing and validation as a cumulative package. We recommend IT Administrators uses the C/D previews to test the update in their environments. Any issues identified with the updates in the C/D releases are identified and then fixed or removed, prior to being rolled up in to the next month’s B release package together with new security updates. Security-only Packages are not part of the C/D preview program. + +### Examples +Windows 10 version 1709: +- (9B) September 11, 2018 Update Tuesday / B release - includes security, non-security and IE update. This update is categorized as "Required, Security" it requires a system reboot. +- (9C) September 26, 2018 Preview C release - includes everything from 9B PLUS some non-security updates for testing/validation. This update is qualified as not required, non-security. No system reboot is required. +- (10B) October 9, 2018 Update Tuesday / B release includes all fixes included in 9B, all fixes in 9C and introduces new security fixes and IE updates. This update is qualified as "Required, Security" and requires a system reboot. +All of these updates are cumulative and build on each other for Windows 10. This is in contrast to legacy OS versions, where the 9C release becomes part of the "Monthly Rollup," but not the "Security Only" update. In other words, a Window 7 SP1 9C update is part of the cumulative "Monthly Rollup" but not included in the "Security Only" update because the fixes are qualified as "non-security". This is an important variation to note on the two models. + +![Preview releases in the Windows 10 LCU model](images/servicing-previews.png) +*Figure 3.0 - Preview releases within the Windows 10 LCU model* + +## Previews vs. on-demand releases +In 2018, we experienced incidents which required urgent remediation that didn’t map to the monthly update release cadence. These incidents were situations that required an immediate fix to an Update Tuesday release. While Windows engineering worked aggressively to respond within a week of the B-release, these "on-demand" releases created confusion with the C Preview releases. + +As a general policy, if a Security-Only package has a regression, which is defined as an unintentional error in the code of an update, then the fix for that regression will be added to the next month’s Security-Only Update. The fix for that regression may also be offered as part an On-Demand release and will be rolled into the next Monthly Update. (Note: Exceptions do exist to this policy, based on timing.) + +### Point to consider +- When Windows identifies an issue with a Update Tuesday release, engineering teams work to remediate or fix the issue as quickly as possible. The outcome is often a new update which may be released at any time, including during the 3rd or 4th week of the month. Such updates are independent of the regularly scheduled "C" and "D" update previews. These updates are created on-demand to remediate a customer impacting issue. In most cases they are qualified as a "non-security" update, and do not require a system reboot. +- Rarely do incidents with Update Tuesday releases impact more than .1% of the total population. With the new Windows Update (WU) architecture, updates can be targeted to affected devices. This targeting is not available through the Update Catalog or WSUS channels, however. +- On-demand releases address a specific issue with an Update Tuesday release and are often qualified as "non-security" for one of two reasons. First, the fix may not be an additional security fix, but a non-security change to the update. Second, the "non-security" designation allows individuals or companies to choose when and how to reboot the devices, rather than forcing a system reboot on all Windows devices receiving the update globally. This trade-off is rarely a difficult choice as it has the potential to impact customer experience across client and server, across consumer and commercial customers for more than one billion devices. +- Because the cumulative model is used across Window 10 and legacy Windows OS versions, despite variations between these OS versions, an out of band release will include all of the changes from the Update Tuesday release plus the fix that addresses the issue. And since Windows no longer releases hotfixes, everything is cumulative in some way. + +In closing, I hope this overview of the update model across current and legacy Windows OS versions highlights the benefits of the Windows 10 cumulative update model to help defragment the Windows ecosystem environments, simplify servicing and help make systems more secure. + +## Resources +- [Simplifying updates for Windows 7 and 8.1](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplifying-updates-for-Windows-7-and-8-1/ba-p/166530) +- [Further simplifying servicing models for Windows 7 and Windows 8.1](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Further-simplifying-servicing-models-for-Windows-7-and-Windows-8/ba-p/166772) +- [More on Windows 7 and Windows 8.1 servicing changes](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/More-on-Windows-7-and-Windows-8-1-servicing-changes/ba-p/166783) +- [.NET Framework Monthly Rollups Explained](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/) +- [Simplified servicing for Windows 7 and Windows 8.1: the latest improvements](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplified-servicing-for-Windows-7-and-Windows-8-1-the-latest/ba-p/166798) +- [Windows Server 2008 SP2 servicing changes](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/) +- [Windows 10 update servicing cadence](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376) +- [Windows 7 servicing stack updates: managing change and appreciating cumulative updates](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-7-servicing-stack-updates-managing-change-and/ba-p/260434) diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index d38b3d01e4..9646afd361 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -1,262 +1,264 @@ ---- -title: Manage additional Windows Update settings (Windows 10) -description: Additional settings to control the behavior of Windows Update (WU) in Windows 10 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.audience: itpro author: greg-lindsay -ms.date: 07/27/2017 -ms.reviewer: -manager: laurawi -ms.topic: article ---- - -# Manage additional Windows Update settings - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) - -You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update (WU) on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more. - ->[!IMPORTANT] ->In Windows 10, any Group Policy user configuration settings for Windows Update were deprecated and are no longer supported on this platform. - -## Summary of Windows Update settings - -| Group Policy setting | MDM setting | Supported from version | -| --- | --- | --- | -| [Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) | [UpdateServiceUrl](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurl) and [UpdateServiceUrlAlternate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | All | -| [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) | [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency) | 1703 | -| [Remove access to use all Windows Update features](#remove-access-to-use-all-windows-update-features) | | All | -| [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) | | All | -| [Enable client-side targeting](#enable-client-side-targeting) | | All | -| [Allow signed updates from an intranet Microsoft update service location](#allow-signed-updates-from-an-intranet-microsoft-update-service-location) | [AllowNonMicrosoftSignedUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | All | -| [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) | [ExcludeWUDriversInQualityUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | 1607 | -| [Configure Automatic Updates](#configure-automatic-updates) | [AllowAutoUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowautoupdate) | All | - ->[!IMPORTANT] ->Additional information about settings to manage device restarts and restart notifications for updates is available on **[Manage device restarts after updates](waas-restart.md)**. -> ->Additional settings that configure when Feature and Quality updates are received are detailed on **[Configure Windows Update for Business](waas-configure-wufb.md)**. - -## Scanning for updates - -With Windows 10, admins have a lot of flexibility in configuring how their devices scan and receive updates. - -[Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) allows admins to point devices to an internal Microsoft update service location, while [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) gives them to option to restrict devices to just that internal update service. [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) controls how frequently devices scan for updates. - -You can make custom device groups that'll work with your internal Microsoft update service by using [Enable client-side targeting](#enable-client-side-targeting). You can also make sure your devices receive updates that were not signed by Microsoft from your internal Microsoft update service, through [Allow signed updates from an intranet Microsoft update service location](#allow-signed-updates-from-an-intranet-microsoft-update-service-location). - -Finally, to make sure the updating experience is fully controlled by the admins, you can [Remove access to use all Windows Update features](#remove-access-to-use-all-windows-update-features) for users. - -For additional settings that configure when Feature and Quality updates are received, see [Configure Windows Update for Business](waas-configure-wufb.md). - -### Specify Intranet Microsoft update service location - -Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. -This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. - -To use this setting in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify Intranet Microsoft update service location**. You must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update Agent to download updates from an alternate download server instead of the intranet update service. - -If the setting is set to **Enabled**, the Automatic Updates client connects to the specified intranet Microsoft update service (or alternate download server), instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organization don’t have to go through a firewall to get updates, and it gives you the opportunity to test updates after deploying them. -If the setting is set to **Disabled** or **Not Configured**, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. - -The alternate download server configures the Windows Update Agent to download files from an alternative download server instead of the intranet update service. -The option to download files with missing Urls allows content to be downloaded from the Alternate Download Server when there are no download Urls for files in the update metadata. This option should only be used when the intranet update service does not provide download Urls in the update metadata for files which are present on the alternate download server. - ->[!NOTE] ->If the "Configure Automatic Updates" policy is disabled, then this policy has no effect. -> ->If the "Alternate Download Server" is not set, it will use the intranet update service by default to download updates. -> ->The option to "Download files with no Url..." is only used if the "Alternate Download Server" is set. - -To configure this policy with MDM, use [UpdateServiceUrl](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurl) and [UpdateServiceUrlAlternate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurlalternate). - -### Automatic Updates detection frequency - -Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours specified here minus zero to twenty percent of the hours specified. For example, if this policy is used to specify a 20-hour detection frequency, then all clients to which this policy is applied will check for updates anywhere between 16 to 20 hours. - -To set this setting with Group Policy, navigate to **Computer Configuration\Administrative Templates\Windows Components\Windows Update\Automatic Updates detection frequency**. - -If the setting is set to **Enabled**, Windows will check for available updates at the specified interval. -If the setting is set to **Disabled** or **Not Configured**, Windows will check for available updates at the default interval of 22 hours. - ->[!NOTE] ->The “Specify intranet Microsoft update service location” setting must be enabled for this policy to have effect. -> ->If the “Configure Automatic Updates” policy is disabled, this policy has no effect. - -To configure this policy with MDM, use [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency). - -### Remove access to use all Windows Update features - -By enabling the Group Policy setting under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Remove access to use all Windows update features**, administrators can disable the "Check for updates" option for users. Any background update scans, downloads and installations will continue to work as configured. - -### Do not connect to any Windows Update Internet locations - -Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store. - -Use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not connect to any Windows Update Internet locations** to enable this policy. When enabled, this policy will disable the functionality described above, and may cause connection to public services such as the Microsoft Store, Windows Update for Business and Delivery Optimization to stop working. - ->[!NOTE] ->This policy applies only when the device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. - -### Enable client-side targeting - -Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service. This allows admins to configure device groups that will receive different updates from sources like WSUS or SCCM. - -This Group Policy setting can be found under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Enable client-side targeting**. -If the setting is set to **Enabled**, the specified target group information is sent to the intranet Microsoft update service which uses it to determine which updates should be deployed to this computer. -If the setting is set to **Disabled** or **Not Configured**, no target group information will be sent to the intranet Microsoft update service. - -If the intranet Microsoft update service supports multiple target groups, this policy can specify multiple group names separated by semicolons. Otherwise, a single group must be specified. - ->[!NOTE] ->This policy applies only when the intranet Microsoft update service the device is directed to is configured to support client-side targeting. If the “Specify intranet Microsoft update service location” policy is disabled or not configured, this policy has no effect. - -### Allow signed updates from an intranet Microsoft update service location - -This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. - -To configure this setting in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows update\Allow signed updates from an intranet Microsoft update service location**. - -If you enable this policy setting, Automatic Updates accepts updates received through an intranet Microsoft update service location, as specified by [Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location), if they are signed by a certificate found in the “Trusted Publishers” certificate store of the local computer. -If you disable or do not configure this policy setting, updates from an intranet Microsoft update service location must be signed by Microsoft. - ->[!NOTE] ->Updates from a service other than an intranet Microsoft update service must always be signed by Microsoft and are not affected by this policy setting. - -To configure this policy with MDM, use [AllowNonMicrosoftSignedUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate). - - -## Installing updates - -To add more flexibility to the update process, settings are available to control update installation. - -[Configure Automatic Updates](#configure-automatic-updates) offers 4 different options for automatic update installation, while [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) makes sure drivers are not installed with the rest of the received updates. - -### Do not include drivers with Windows Updates - -Allows admins to exclude Windows Update (WU) drivers during updates. - -To configure this setting in Group Policy, use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not include drivers with Windows Updates**. -Enable this policy to not include drivers with Windows quality updates. -If you disable or do not configure this policy, Windows Update will include updates that have a Driver classification. - -### Configure Automatic Updates - -Enables the IT admin to manage automatic update behavior to scan, download, and install updates. - -#### Configuring Automatic Updates by using Group Policy - -Under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Updates**, you must select one of the four options: - -**2 - Notify for download and auto install** - When Windows finds updates that apply to this device, users will be notified that updates are ready to be downloaded. After going to **Settings > Update & security > Windows Update**, users can download and install any available updates. - -**3 - Auto download and notify for Install** - Windows finds updates that apply to the device and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to **Settings > Update & security > Windows Update**, users can install them. - -**4 - Auto download and schedule the install** - Specify the schedule using the options in the Group Policy Setting. For more information about this setting, see [Schedule update installation](waas-restart.md#schedule-update-installation). - -**5 - Allow local admin to choose setting** - With this option, local administrators will be allowed to use the settings app to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. - -If this setting is set to *Disabled*, any updates that are available on Windows Update must be downloaded and installed manually. To do this, users must go to **Settings > Update & security > Windows Update**. - -If this setting is set to *Not Configured*, an administrator can still configure Automatic Updates through the settings app, under **Settings > Update & security > Windows Update > Advanced options**. - -#### Configuring Automatic Updates by editing the registry - -> [!NOTE] -> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be resolved. Modify the registry at your own risk. - -In an environment that does not have Active Directory deployed, you can edit registry settings to configure group policies for Automatic Update. - -To do this, follow these steps: - -1. Select **Start**, search for "regedit", and then open Registry Editor. - -2. Open the following registry key: - - ``` - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU - ``` - -3. Add one of the following registry values to configure Automatic Update. - - * NoAutoUpdate (REG_DWORD): - - * **0**: Automatic Updates is enabled (default). - - * **1**: Automatic Updates is disabled. - - * AUOptions (REG_DWORD): - - * **1**: Keep my computer up to date is disabled in Automatic Updates. - - * **2**: Notify of download and installation. - - * **3**: Automatically download and notify of installation. - - * **4**: Automatically download and scheduled installation. - - * ScheduledInstallDay (REG_DWORD): - - * **0**: Every day. - - * **1** through **7**: The days of the week from Sunday (1) to Saturday (7). - - * ScheduledInstallTime (REG_DWORD): - - **n**, where **n** equals the time of day in a 24-hour format (0-23). - - * UseWUServer (REG_DWORD) - - Set this value to **1** to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update. - - * RescheduleWaitTime (REG_DWORD) - - **m**, where **m** equals the time period to wait between the time Automatic Updates starts and the time that it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes) - - > [!NOTE] - > This setting only affects client behavior after the clients have updated to the SUS SP1 client version or later versions. - - * NoAutoRebootWithLoggedOnUsers (REG_DWORD): - - **0** (false) or **1** (true). If set to **1**, Automatic Updates does not automatically restart a computer while users are logged on. - - > [!NOTE] - > This setting affects client behavior after the clients have updated to the SUS SP1 client version or later versions. - -To use Automatic Updates with a server that is running Software Update Services, see the Deploying Microsoft Windows Server Update Services 2.0 guidance. - -When you configure Automatic Updates directly by using the policy registry keys, the policy overrides the preferences that are set by the local administrative user to configure the client. If an administrator removes the registry keys at a later date, the preferences that were set by the local administrative user are used again. - -To determine the WSUS server that the client computers and servers connect to for updates, add the following registry values to the registry: -``` -HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -``` - -* WUServer (REG_SZ) - - This value sets the WSUS server by HTTP name (for example, http://IntranetSUS). - -* WUStatusServer (REG_SZ) - - This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS). - -## Related topics - -- [Update Windows 10 in the enterprise](index.md) -- [Overview of Windows as a service](waas-overview.md) -- [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) -- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) -- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) -- [Configure Windows Update for Business](waas-configure-wufb.md) -- [Manage device restarts after updates](waas-restart.md) +--- +title: Manage additional Windows Update settings (Windows 10) +description: Additional settings to control the behavior of Windows Update (WU) in Windows 10 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.audience: itpro +author: greg-lindsay +ms.date: 07/27/2017 +ms.reviewer: +manager: laurawi +ms.topic: article +--- + +# Manage additional Windows Update settings + + +**Applies to** + +- Windows 10 +- Windows 10 Mobile + +> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) + +You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update (WU) on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more. + +>[!IMPORTANT] +>In Windows 10, any Group Policy user configuration settings for Windows Update were deprecated and are no longer supported on this platform. + +## Summary of Windows Update settings + +| Group Policy setting | MDM setting | Supported from version | +| --- | --- | --- | +| [Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) | [UpdateServiceUrl](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurl) and [UpdateServiceUrlAlternate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | All | +| [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) | [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency) | 1703 | +| [Remove access to use all Windows Update features](#remove-access-to-use-all-windows-update-features) | | All | +| [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) | | All | +| [Enable client-side targeting](#enable-client-side-targeting) | | All | +| [Allow signed updates from an intranet Microsoft update service location](#allow-signed-updates-from-an-intranet-microsoft-update-service-location) | [AllowNonMicrosoftSignedUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | All | +| [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) | [ExcludeWUDriversInQualityUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | 1607 | +| [Configure Automatic Updates](#configure-automatic-updates) | [AllowAutoUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowautoupdate) | All | + +>[!IMPORTANT] +>Additional information about settings to manage device restarts and restart notifications for updates is available on **[Manage device restarts after updates](waas-restart.md)**. +> +>Additional settings that configure when Feature and Quality updates are received are detailed on **[Configure Windows Update for Business](waas-configure-wufb.md)**. + +## Scanning for updates + +With Windows 10, admins have a lot of flexibility in configuring how their devices scan and receive updates. + +[Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) allows admins to point devices to an internal Microsoft update service location, while [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) gives them to option to restrict devices to just that internal update service. [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) controls how frequently devices scan for updates. + +You can make custom device groups that'll work with your internal Microsoft update service by using [Enable client-side targeting](#enable-client-side-targeting). You can also make sure your devices receive updates that were not signed by Microsoft from your internal Microsoft update service, through [Allow signed updates from an intranet Microsoft update service location](#allow-signed-updates-from-an-intranet-microsoft-update-service-location). + +Finally, to make sure the updating experience is fully controlled by the admins, you can [Remove access to use all Windows Update features](#remove-access-to-use-all-windows-update-features) for users. + +For additional settings that configure when Feature and Quality updates are received, see [Configure Windows Update for Business](waas-configure-wufb.md). + +### Specify Intranet Microsoft update service location + +Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. +This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. + +To use this setting in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify Intranet Microsoft update service location**. You must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update Agent to download updates from an alternate download server instead of the intranet update service. + +If the setting is set to **Enabled**, the Automatic Updates client connects to the specified intranet Microsoft update service (or alternate download server), instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organization don’t have to go through a firewall to get updates, and it gives you the opportunity to test updates after deploying them. +If the setting is set to **Disabled** or **Not Configured**, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. + +The alternate download server configures the Windows Update Agent to download files from an alternative download server instead of the intranet update service. +The option to download files with missing Urls allows content to be downloaded from the Alternate Download Server when there are no download Urls for files in the update metadata. This option should only be used when the intranet update service does not provide download Urls in the update metadata for files which are present on the alternate download server. + +>[!NOTE] +>If the "Configure Automatic Updates" policy is disabled, then this policy has no effect. +> +>If the "Alternate Download Server" is not set, it will use the intranet update service by default to download updates. +> +>The option to "Download files with no Url..." is only used if the "Alternate Download Server" is set. + +To configure this policy with MDM, use [UpdateServiceUrl](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurl) and [UpdateServiceUrlAlternate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurlalternate). + +### Automatic Updates detection frequency + +Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours specified here minus zero to twenty percent of the hours specified. For example, if this policy is used to specify a 20-hour detection frequency, then all clients to which this policy is applied will check for updates anywhere between 16 to 20 hours. + +To set this setting with Group Policy, navigate to **Computer Configuration\Administrative Templates\Windows Components\Windows Update\Automatic Updates detection frequency**. + +If the setting is set to **Enabled**, Windows will check for available updates at the specified interval. +If the setting is set to **Disabled** or **Not Configured**, Windows will check for available updates at the default interval of 22 hours. + +>[!NOTE] +>The “Specify intranet Microsoft update service location” setting must be enabled for this policy to have effect. +> +>If the “Configure Automatic Updates” policy is disabled, this policy has no effect. + +To configure this policy with MDM, use [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency). + +### Remove access to use all Windows Update features + +By enabling the Group Policy setting under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Remove access to use all Windows update features**, administrators can disable the "Check for updates" option for users. Any background update scans, downloads and installations will continue to work as configured. + +### Do not connect to any Windows Update Internet locations + +Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store. + +Use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not connect to any Windows Update Internet locations** to enable this policy. When enabled, this policy will disable the functionality described above, and may cause connection to public services such as the Microsoft Store, Windows Update for Business and Delivery Optimization to stop working. + +>[!NOTE] +>This policy applies only when the device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. + +### Enable client-side targeting + +Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service. This allows admins to configure device groups that will receive different updates from sources like WSUS or SCCM. + +This Group Policy setting can be found under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Enable client-side targeting**. +If the setting is set to **Enabled**, the specified target group information is sent to the intranet Microsoft update service which uses it to determine which updates should be deployed to this computer. +If the setting is set to **Disabled** or **Not Configured**, no target group information will be sent to the intranet Microsoft update service. + +If the intranet Microsoft update service supports multiple target groups, this policy can specify multiple group names separated by semicolons. Otherwise, a single group must be specified. + +>[!NOTE] +>This policy applies only when the intranet Microsoft update service the device is directed to is configured to support client-side targeting. If the “Specify intranet Microsoft update service location” policy is disabled or not configured, this policy has no effect. + +### Allow signed updates from an intranet Microsoft update service location + +This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. + +To configure this setting in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows update\Allow signed updates from an intranet Microsoft update service location**. + +If you enable this policy setting, Automatic Updates accepts updates received through an intranet Microsoft update service location, as specified by [Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location), if they are signed by a certificate found in the “Trusted Publishers” certificate store of the local computer. +If you disable or do not configure this policy setting, updates from an intranet Microsoft update service location must be signed by Microsoft. + +>[!NOTE] +>Updates from a service other than an intranet Microsoft update service must always be signed by Microsoft and are not affected by this policy setting. + +To configure this policy with MDM, use [AllowNonMicrosoftSignedUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate). + + +## Installing updates + +To add more flexibility to the update process, settings are available to control update installation. + +[Configure Automatic Updates](#configure-automatic-updates) offers 4 different options for automatic update installation, while [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) makes sure drivers are not installed with the rest of the received updates. + +### Do not include drivers with Windows Updates + +Allows admins to exclude Windows Update (WU) drivers during updates. + +To configure this setting in Group Policy, use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not include drivers with Windows Updates**. +Enable this policy to not include drivers with Windows quality updates. +If you disable or do not configure this policy, Windows Update will include updates that have a Driver classification. + +### Configure Automatic Updates + +Enables the IT admin to manage automatic update behavior to scan, download, and install updates. + +#### Configuring Automatic Updates by using Group Policy + +Under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Updates**, you must select one of the four options: + +**2 - Notify for download and auto install** - When Windows finds updates that apply to this device, users will be notified that updates are ready to be downloaded. After going to **Settings > Update & security > Windows Update**, users can download and install any available updates. + +**3 - Auto download and notify for Install** - Windows finds updates that apply to the device and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are ready to install. After going to **Settings > Update & security > Windows Update**, users can install them. + +**4 - Auto download and schedule the install** - Specify the schedule using the options in the Group Policy Setting. For more information about this setting, see [Schedule update installation](waas-restart.md#schedule-update-installation). + +**5 - Allow local admin to choose setting** - With this option, local administrators will be allowed to use the settings app to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. + +If this setting is set to *Disabled*, any updates that are available on Windows Update must be downloaded and installed manually. To do this, users must go to **Settings > Update & security > Windows Update**. + +If this setting is set to *Not Configured*, an administrator can still configure Automatic Updates through the settings app, under **Settings > Update & security > Windows Update > Advanced options**. + +#### Configuring Automatic Updates by editing the registry + +> [!NOTE] +> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be resolved. Modify the registry at your own risk. + +In an environment that does not have Active Directory deployed, you can edit registry settings to configure group policies for Automatic Update. + +To do this, follow these steps: + +1. Select **Start**, search for "regedit", and then open Registry Editor. + +2. Open the following registry key: + + ``` + HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU + ``` + +3. Add one of the following registry values to configure Automatic Update. + + * NoAutoUpdate (REG_DWORD): + + * **0**: Automatic Updates is enabled (default). + + * **1**: Automatic Updates is disabled. + + * AUOptions (REG_DWORD): + + * **1**: Keep my computer up to date is disabled in Automatic Updates. + + * **2**: Notify of download and installation. + + * **3**: Automatically download and notify of installation. + + * **4**: Automatically download and scheduled installation. + + * ScheduledInstallDay (REG_DWORD): + + * **0**: Every day. + + * **1** through **7**: The days of the week from Sunday (1) to Saturday (7). + + * ScheduledInstallTime (REG_DWORD): + + **n**, where **n** equals the time of day in a 24-hour format (0-23). + + * UseWUServer (REG_DWORD) + + Set this value to **1** to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update. + + * RescheduleWaitTime (REG_DWORD) + + **m**, where **m** equals the time period to wait between the time Automatic Updates starts and the time that it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes) + + > [!NOTE] + > This setting only affects client behavior after the clients have updated to the SUS SP1 client version or later versions. + + * NoAutoRebootWithLoggedOnUsers (REG_DWORD): + + **0** (false) or **1** (true). If set to **1**, Automatic Updates does not automatically restart a computer while users are logged on. + + > [!NOTE] + > This setting affects client behavior after the clients have updated to the SUS SP1 client version or later versions. + +To use Automatic Updates with a server that is running Software Update Services, see the Deploying Microsoft Windows Server Update Services 2.0 guidance. + +When you configure Automatic Updates directly by using the policy registry keys, the policy overrides the preferences that are set by the local administrative user to configure the client. If an administrator removes the registry keys at a later date, the preferences that were set by the local administrative user are used again. + +To determine the WSUS server that the client computers and servers connect to for updates, add the following registry values to the registry: +``` +HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ +``` + +* WUServer (REG_SZ) + + This value sets the WSUS server by HTTP name (for example, http://IntranetSUS). + +* WUStatusServer (REG_SZ) + + This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS). + +## Related topics + +- [Update Windows 10 in the enterprise](index.md) +- [Overview of Windows as a service](waas-overview.md) +- [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) +- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) +- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) +- [Configure Windows Update for Business](waas-configure-wufb.md) +- [Manage device restarts after updates](waas-restart.md) diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index 35a8196735..0a0a06c7eb 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -78,7 +78,7 @@ To enable data sharing, configure your proxy server to whitelist the following e >[!NOTE] >Microsoft has a strong commitment to providing the tools and resources that put you in control of your privacy. As a result, Microsoft doesn't collect the following data from devices located in European countries (EEA and Switzerland): >- Windows diagnostic data from Windows 8.1 devices ->- App usage data for Windows 7 devices +>- App usage data and [Internet Explorer site discovery](../upgrade/upgrade-readiness-additional-insights.md#site-discovery) features for Windows 7 devices diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index c9dc96d32e..cd3aaab920 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -1,524 +1,525 @@ ---- -title: SetupDiag -ms.reviewer: -manager: laurawi -ms.author: greglin -description: How to use the SetupDiag tool to diagnose Windows Setup errors -keywords: deploy, troubleshoot, windows, 10, upgrade, update, setup, diagnose -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.topic: article ---- - -# SetupDiag - -**Applies to** -- Windows 10 - ->[!NOTE] ->This is a 300 level topic (moderate advanced).
      ->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
      - - [![Download SetupDiag](../images/download.png)](https://go.microsoft.com/fwlink/?linkid=870142) - -## About SetupDiag - -Current version of SetupDiag: 1.5.0.0 - -SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. - -SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode. - -To quickly use SetupDiag on your current computer: -1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137). -2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142). -3. If your web browser asks what to do with the file, choose **Save**. By default, the file will be saved to your **Downloads** folder. You can also save it to a different location if desired by using **Save As**. -4. When SetupDiag has finished downloading, open the folder where you downloaded the file. As mentioned above, by default this is your **Downloads** folder which is displayed in File Explorer under **Quick access** in the left navigation pane. -5. Double-click the **SetupDiag** file to run it. Click **Yes** if you are asked to approve running the program. - - Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. You will need to change directories to the location of SetupDiag to run it this way. -6. A command window will open while SetupDiag diagnoses your computer. Wait for this to finish. -7. When SetupDiag finishes, two files will be created in the same folder where you double-clicked SetupDiag. One is a configuration file, the other is a log file. -8. Use Notepad to open the log file: **SetupDiagResults.log**. -9. Review the information that is displayed. If a rule was matched this can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below. - -For instructions on how to run the tool in offline mode and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below. - -The [Release notes](#release-notes) section at the bottom of this topic has information about recent updates to this tool. - -## Requirements - -1. The destination OS must be Windows 10. -2. [.NET Framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137) must be installed. If you are not sure what version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](https://docs.microsoft.com/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed). You can also use the following command-line query to display the installed v4 versions: - - ``` - reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s - ``` - -## Parameters - -| Parameter | Description | -| --- | --- | -| /? |
      • Displays interactive help
      | -| /Output:\ |
      • This optional parameter enables you to specify the output file for results. This is where you will find what SetupDiag was able to determine. Only text format output is supported. UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path. If the path has a space in it, you must enclose the entire path in double quotes (see the example section below).
      • Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same directory where SetupDiag.exe is run.
      | -| /LogsPath:\ |
      • This optional parameter tells SetupDiag.exe where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag will recursively search all child directories.
      | -| /ZipLogs:\ |
      • This optional parameter tells SetupDiag.exe to create a zip file containing the results and all the log files it parsed. The zip file is created in the same directory where SetupDiag.exe is run.
      • Default: If not specified, a value of 'true' is used.
      | -| /Format:\ |
      • This optional parameter can be used to output log files in xml or JSON format. If this parameter is not specified, text format is used by default.
      | -| /Scenario:\[Recovery\] |
      • This optional parameter instructs SetupDiag.exe to look for and process reset and recovery logs and ignore setup/upgrade logs.
      | -| /Verbose |
      • This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.
      | -| /NoTel |
      • This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.
      | -| /AddReg |
      • This optional parameter instructs SetupDiag.exe to add failure information to the registry in offline mode. By default, SetupDiag will add failure information to the registry in online mode only. Registry data is added to the following location on the system where SetupDiag is run: **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**.
      | - -Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag. -- In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0 when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter is not needed. - -### Examples: - -In the following example, SetupDiag is run with default parameters (online mode, results file is SetupDiagResults.log in the same folder where SetupDiag is run). - -``` -SetupDiag.exe -``` - -In the following example, SetupDiag is run in online mode (this is the default). It will know where to look for logs on the current (failing) system, so there is no need to gather logs ahead of time. A custom location for results is specified. - -``` -SetupDiag.exe /Output:C:\SetupDiag\Results.log -``` - -The following example uses the /Output parameter to save results to a path name that contains a space: - -``` -SetupDiag /Output:"C:\Tools\SetupDiag\SetupDiag Results\Results.log" -``` - -The following example specifies that SetupDiag is to run in offline mode, and to process the log files found in **D:\Temp\Logs\LogSet1**. - -``` -SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1 -``` - -The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the resuts to the directory specified by the /Output parameter. - -``` -SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery -``` - -The following example sets recovery scenario in online mode. In the example, SetupDiag will search for reset/recovery logs on the current system and output results in XML format. - -``` -SetupDiag.exe /Scenario:Recovery /Format:xml -``` - - -## Log files - -[Windows Setup Log Files and Event Logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, you should run SetupDiag against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to your offline location: - -\\$Windows.~bt\sources\panther -
      \\$Windows.~bt\Sources\Rollback -
      \Windows\Panther -
      \Windows\Panther\NewOS - -If you copy the parent folder and all sub-folders, SetupDiag will automatically search for log files in all subdirectories. - -## Setup bug check analysis - -When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. It is also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error. - -If crash dumps [are enabled](https://docs.microsoft.com/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup will extract a minidump (setupmem.dmp) file. SetupDiag can also debug these setup related minidumps. - -To debug a setup related bug check, you must: -- Specify the **/LogsPath** parameter. You cannot debug memory dumps in online mode. -- Gather the setup memory dump file (setupmem.dmp) from the failing system. - - Setupmem.dmp will be created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs. -- Install the [Windows Debugging Tools](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-tools) on the computer that runs SetupDiag. - -In the following example, the **setupmem.dmp** file is copied to the **D:\Dump** directory and the Windows Debugging Tools are installed prior to running SetupDiag: - -``` -SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /LogsPath:D:\Dump -``` - -## Known issues - -1. Some rules can take a long time to process if the log files involved are large. -2. If the failing computer is opted into the Insider program and getting regular pre-release updates, or an update is already pending on the computer when SetupDiag is run, it can encounter problems trying to open these log files. This will likely cause a failure to determine a root cause. In this case, try gathering the log files and running SetupDiag in offline mode. - - -## Sample output - -The following is an example where SetupDiag is run in offline mode. - -``` -D:\SetupDiag>SetupDiag.exe /output:c:\setupdiag\result.xml /logspath:D:\Tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e /format:xml - -SetupDiag v1.5.0.0 -Copyright (c) Microsoft Corporation. All rights reserved. - -Searching for setup logs... -Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_6.log with update date 6/12/2019 2:44:20 PM to be the correct setup log. -Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_1.log with update date 6/12/2019 2:45:19 PM to be the correct rollback log. - -Gathering baseline information from setup logs... - -SetupDiag: processing rule: CompatScanOnly. -...No match. - -... - -SetupDiag: processing rule: DISMImageSessionFailure. -.. -Error: SetupDiag reports DISM provider failure. -Last Phase: Safe OS -Last Operation: Apply Optional Component status -Message = Failed to get the IDismImage instance from the image session -Function: CDISMManager::CloseImageSession -Error: 0x800706ba -Recommend you re-download the update source files, reboot and try the update again. - -SetupDiag found 1 matching issue. - -SetupDiag results were logged to: c:\setupdiag\results.xml -Logs ZipFile created at: c:\setupdiag\Logs_14.zip - -``` - -## Rules - -When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file which is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. See [Release notes](#release-notes) for more information. - -Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term "down-level" refers to the first phase of the upgrade process, which runs under the starting OS. - -1. CompatScanOnly - FFDAFD37-DB75-498A-A893-472D49A1311D - - This rule indicates that setup.exe was called with a specific command line parameter that indicated setup was to do a compat scan only, not an upgrade. -2. BitLockerHardblock - C30152E2-938E-44B8-915B-D1181BA635AE - - This is a block when the target OS does not support BitLocker, yet the host OS has BitLocker enabled. -3. VHDHardblock - D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC - - This block happens when the host OS is booted to a VHD image. Upgrade is not supported when the host OS is booted from a VHD image. -4. PortableWorkspaceHardblock - 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280 - - This indicates that the host OS is booted from a Windows To-Go device (USB key). Upgrade is not supported in the Windows To-Go environment. -5. AuditModeHardblock - A03BD71B-487B-4ACA-83A0-735B0F3F1A90 - - This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state. Upgrade is not supported from this state. -6. SafeModeHardblock - 404D9523-B7A8-4203-90AF-5FBB05B6579B - - This block indicates that the host OS is booted to Safe Mode, where upgrade is not supported. -7. InsufficientSystemPartitionDiskSpaceHardblock - 3789FBF8-E177-437D-B1E3-D38B4C4269D1 - - This block is encountered when setup determines the system partition (where the boot loader files are stored) does not have enough space to be serviced with the newer boot files required during the upgrade process. -8. CompatBlockedApplicationAutoUninstall – BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5 - - This rule indicates there is an application that needs to be uninstalled before setup can continue. -9. CompatBlockedApplicationDismissable - EA52620B-E6A0-4BBC-882E-0686605736D9 - - When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies “/compat /ignore warning”. This rule indicates setup was executed in /quiet mode but there is an application dismissible block message that have prevented setup from continuing. -10. CompatBlockedApplicationManualUninstall - 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4 - - This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This typically requires manual removal of the files associated with this application to continue. -11. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B - - This indicates a device driver that is loaded on the host OS is not compatible with the newer OS version and needs to be removed prior to the upgrade. -12. HardblockMismatchedLanguage - 60BA8449-CF23-4D92-A108-D6FCEFB95B45 - - This rule indicates the host OS and the target OS language editions do not match. -13. HardblockFlightSigning - 598F2802-3E7F-4697-BD18-7A6371C8B2F8 - - This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled. This will block the pre-release signed build from booting if installed on the machine. -14. DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E - - This failure indicates the system ran out of disk space during the down-level operations of upgrade. -15. DiskSpaceFailure - 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191 - - This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade. -16. DeviceInstallHang - 37BB1C3A-4D79-40E8-A556-FDA126D40BC6 - - This failure rule indicates the system hung or bug checked during the device installation phase of upgrade. -17. DebugSetupMemoryDump - C7C63D8A-C5F6-4255-8031-74597773C3C6 - - This offline only rule indicates a bug check occurred during setup. If the debugger tools are available on the system, SetupDiag will debug the memory dump and provide details. -18. DebugSetupCrash - CEEBA202-6F04-4BC3-84B8-7B99AED924B1 - - This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details. -19. DebugMemoryDump - 505ED489-329A-43F5-B467-FCAAF6A1264C - - This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details. -20. BootFailureDetected - 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7 - - This rule indicates a boot failure occurred during a specific phase of the update. The rule will indicate the failure code and phase for diagnostic purposes. -21. FindDebugInfoFromRollbackLog - 9600EB68-1120-4A87-9FE9-3A4A70ACFC37 - - This rule will determine and give details when a bug check occurs during the setup/upgrade process that resulted in a memory dump, but without the requirement of the debugger package being on the executing machine. -22. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC - - Finds fatal advanced installer operations that cause setup failures. -23. FindMigApplyUnitFailure - A4232E11-4043-4A37-9BF4-5901C46FD781 - - Detects a migration unit failure that caused the update to fail. This rule will output the name of the migration plug-in as well as the error code it produced for diagnostic purposes. -24. FindMigGatherUnitFailure - D04C064B-CD77-4E64-96D6-D26F30B4EE29 - - Detects a migration gather unit failure that caused the update to fail. This rule will output the name of the gather unit/plug-in as well as the error code it produced for diagnostic purposes. -25. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043 - - This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It will indicate the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes. -26. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14 - - Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It will indicate the operation and error code associated with the failure for diagnostic purposes. -27. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549 - - This rule indicates the update failed to mount a wim file. It will show the name of the wim file as well as the error message and error code associated with the failure for diagnostic purposes. -28. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E - - Determines if the given setup was a success or not based off the logs. -29. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC - - Gives information about failures surfaced early in the upgrade process by setuphost.exe -30. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55 - - Gives failure information surfaced by SetupPlatform, later in the down-level phase. -31. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD - - Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly. -32. FindSetupPlatformFailedOperationInfo - 307A0133-F06B-4B75-AEA8-116C3B53C2D1 - - Gives last phase and error information when SetupPlatform indicates a critical failure. This rule will indicate the operation and error associated with the failure for diagnostic purposes. -33. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48 - - Gives last operation, failure phase and error information when a rollback occurs. -34. AdvancedInstallerGenericFailure – 4019550D-4CAA-45B0-A222-349C48E86F71 - - A rule to match AdvancedInstaller read/write failures in a generic sense. Will output the executable being called as well as the error code and exit code reported. -35. OptionalComponentFailedToGetOCsFromPackage – D012E2A2-99D8-4A8C-BBB2-088B92083D78 (NOTE: This rule replaces the OptionalComponentInstallFailure rule present in v1.10. - - This matches a specific Optional Component failure when attempting to enumerate components in a package. Will output the package name and error code. -36. OptionalComponentOpenPackageFailed – 22952520-EC89-4FBD-94E0-B67DF88347F6 - - Matches a specific Optional Component failure when attempting to open an OC package. Will output the package name and error code. -37. OptionalComponentInitCBSSessionFailed – 63340812-9252-45F3-A0F2-B2A4CA5E9317 - - Matches a specific failure where the advanced installer service or components aren’t operating or started on the system. Will output the error code. -38. UserProfileCreationFailureDuringFinalize – C6677BA6-2E53-4A88-B528-336D15ED1A64 - - Matches a specific User Profile creation error during the finalize phase of setup. Will output the failure code. -39. WimApplyExtractFailure – 746879E9-C9C5-488C-8D4B-0C811FF3A9A8 - - Matches a wim apply failure during wim extraction phases of setup. Will output the extension, path and error code. -40. UpdateAgentExpanderFailure – 66E496B3-7D19-47FA-B19B-4040B9FD17E2 - - Matches DPX expander failures in the down-level phase of update from WU. Will output the package name, function, expression and error code. -41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636 - - Matches any plug-in failure that setupplatform decides is fatal to setup. Will output the plugin name, operation and error code. -42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC - - Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes. -43. MigrationAbortedDueToPluginFailure - D07A24F6-5B25-474E-B516-A730085940C9 - - Indicates a critical failure in a migration plugin that causes setup to abort the migration. Will provide the setup operation, plug-in name, plug-in action and error code. -44. DISMAddPackageFailed - 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9 - - Indicates a critical failure during a DISM add package operation. Will specify the Package Name, DISM error and add package error code. -45. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960 - - Detects all compat blocks from Server compliance plug-ins. Outputs the block information and remediation. -46. AdvancedInstallerGenericFailure - 4019550D-4CAA-45B0-A222-349C48E86F71 - - Triggers on advanced installer failures in a generic sense, outputting the application called, phase, mode, component and error code. -47. FindMigGatherApplyFailure - A9964E6C-A2A8-45FF-B6B5-25E0BD71428E - - Shows errors when the migration Engine fails out on a gather or apply operation. Indicates the Migration Object (file or registry path), the Migration -48. OptionalComponentFailedToGetOCsFromPackage - D012E2A2-99D8-4A8C-BBB2-088B92083D78 - - Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package. Outputs the package name and error code. -49. OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6 - - Indicates the optional component migration operation failed to open an optional component Package. Outputs the package name and error code. -50. OptionalComponentInitCBSSessionFailed - 63340812-9252-45F3-A0F2-B2A4CA5E9317 - - Indicates corruption in the servicing stack on the down-level system. Outputs the error code encountered while trying to initialize the servicing component on the existing OS. -51. DISMproviderFailure - D76EF86F-B3F8-433F-9EBF-B4411F8141F4 - - Triggers when a DISM provider (plug-in) fails in a critical operation. Outputs the file (plug-in name), function called + error code, and error message from the provider. -52. SysPrepLaunchModuleFailure - 7905655C-F295-45F7-8873-81D6F9149BFD - - Indicates a sysPrep plug-in has failed in a critical operation. Indicates the plug-in name, operation name and error code. -53. UserProvidedDriverInjectionFailure - 2247C48A-7EE3-4037-AFAB-95B92DE1D980 - - A driver provided to setup (via command line input) has failed in some way. Outputs the driver install function and error code. -54. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960 - - These are for server upgrades only, will output the compliance block and remediation required. -55. PreReleaseWimMountDriverFound - 31EC76CC-27EC-4ADC-9869-66AABEDB56F0 - - Captures failures due to having an unrecognized wimmount.sys driver registered on the system. -56. WinSetupBootFilterFailure - C073BFC8-5810-4E19-B53B-4280B79E096C - - Detects failures in the kernel mode file operations. -57. WimMountDriverIssue - 565B60DD-5403-4797-AE3E-BC5CB972FBAE - - Detects failures in WimMount.sys registration on the system. -58. DISMImageSessionFailure - 61B7886B-10CD-4C98-A299-B987CB24A11C - - Captures failure information when DISM fails to start an image session successfully. -59. FindEarlyDownlevelError - A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52 - - Detects failures in down-level phase before setup platform is invoked. -60. FindSPFatalError - A4028172-1B09-48F8-AD3B-86CDD7D55852 - - Captures failure information when setup platform encounters a fatal error. - - -## Release notes - -06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center. - - All date and time outputs are updated to localized format per user request. - - Added setup Operation and Phase information to /verbose log. - - Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below). - - Performance improvement in searching setupact.logs to determine correct log to parse. - - Added SetupDiag version number to text report (xml and json always had it). - - Added "no match" reports for xml and json per user request. - - Formatted Json output for easy readability. - - Performance improvements when searching for setup logs; this should be much faster now. - - Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information. - - Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** - - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode. - - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date. - - This registry key also gets deleted when a new update instance is invoked. - - For an example, see [Sample registry key](#sample-registry-key). - -05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center. - - This release dds the ability to find and diagnose reset and recovery failures (Push Button Reset). - -12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center. - - This release includes major improvements in rule processing performance: ~3x faster rule processing performance! - - The FindDownlevelFailure rule is up to 10x faster. - - New rules have been added to analyze failures upgrading to Windows 10 version 1809. - - A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure. - - Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode. - - Some functional and output improvements were made for several rules. - -07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center. - - This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed. - -07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center. - - Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues. - - New feature: Ability to output logs in JSON and XML format. - - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic. - - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text. - - New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive. - - 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed. - -05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center. - - Fixed a bug in device install failure detection in online mode. - - Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost. - - Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing. - -05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center. - - A performance enhancment has been added to result in faster rule processing. - - Rules output now includes links to support articles, if applicable. - - SetupDiag now provides the path and name of files that it is processing. - - You can now run SetupDiag by simply clicking on it and then examining the output log file. - - An output log file is now always created, whether or not a rule was matched. - -03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center. - -## Sample logs - -### Text log sample - -``` -Matching Profile found: OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6 -System Information: - Machine Name = Offline - Manufacturer = MSI - Model = MS-7998 - HostOSArchitecture = x64 - FirmwareType = PCAT - BiosReleaseDate = 20160727000000.000000+000 - BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70 - BiosVersion = 1.70 - HostOSVersion = 10.0.15063 - HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834 - TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534) - HostOSLanguageId = 2057 - HostOSEdition = Core - RegisteredAV = Windows Defender, - FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo, - UpgradeStartTime = 3/21/2018 9:47:16 PM - UpgradeEndTime = 3/21/2018 10:02:40 PM - UpgradeElapsedTime = 00:15:24 - ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde - -Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F -Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again. Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again. -Error: SetupDiag reports down-level failure, Operation: Finalize, Error: 0x8007001F - 0x50015 -Refer to https://docs.microsoft.com/windows/deployment/upgrade/upgrade-error-codes for error information. -``` - -### XML log sample - -```xml - - - 1.5.0.0 - FindSPFatalError - A4028172-1B09-48F8-AD3B-86CDD7D55852 - - Offline - Gigabyte Technology Co., Ltd. - X470 AORUS ULTRA GAMING - 1033 - UEFI - 20180808000000.000000+000 - F3 - - 10.0.18908 - 18908.1000.amd64fre.rs_prerelease.190524-1658 - 10.0.18912.1001 (rs_prerelease.190601-1739) - - Professional - Windows Defender - - 2019-06-06T21:19:10 - - 2019-06-06T22:21:49 - 0001-01-01T00:00:00 - 0001-01-01T00:00:00 - - 0001-01-01T00:00:00 - 0001-01-01T00:00:00 - - Offline - MgUweCZk90KdwUiZ - F21F8FB6-00FD-4349-84FB-2AC75F389E73 - F21F8FB6-00FD-4349-84FB-2AC75F389E73 - - 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] - -Error: SetupDiag reports Fatal Error. -Last Setup Phase = Downlevel -Last Setup Operation: Gather data, scope: EVERYTHING -Error: 0x00000057 - LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] - LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] - -Refer to "https://docs.microsoft.com/windows/desktop/Debug/system-error-codes" for error information. - Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel - -``` - -### JSON log sample - -``` -{ - "Version":"1.5.0.0", - "ProfileName":"FindSPFatalError", - "ProfileGuid":"A4028172-1B09-48F8-AD3B-86CDD7D55852", - "SystemInfo":{ - "BiosReleaseDate":"20180808000000.000000+000", - "BiosVendor":"F3", - "BiosVersion":"F3", - "CV":"MgUweCZk90KdwUiZ", - "CommercialId":"Offline", - "FilterDrivers":"", - "FinalizeStartTime":"\/Date(-62135568000000-0800)\/", - "FirmwareType":"UEFI", - "HostOSArchitecture":"x64", - "HostOSBuildString":"18908.1000.amd64fre.rs_prerelease.190524-1658", - "HostOSEdition":"Professional", - "HostOSLanguageId":"", - "HostOSVersion":"", - "MachineName":"Offline", - "Manufacturer":"Gigabyte Technology Co., Ltd.", - "Model":"X470 AORUS ULTRA GAMING", - "PostOOBESuccessTime":"\/Date(-62135568000000-0800)\/", - "RegisteredAV":"Windows Defender", - "ReportId":"F21F8FB6-00FD-4349-84FB-2AC75F389E73", - "RollbackElapsedTime":"PT0S", - "RollbackEndTime":"\/Date(-62135568000000-0800)\/", - "RollbackStartTime":"\/Date(-62135568000000-0800)\/", - "SetupReportId":"F21F8FB6-00FD-4349-84FB-2AC75F389E73", - "TargetOSArchitecture":null, - "TargetOSBuildString":"10.0.18912.1001 (rs_prerelease.190601-1739)", - "TotalOfflineTime":"PT0S", - "UpgradeElapsedTime":"PT1H2M39S", - "UpgradeEndTime":"\/Date(1559884909000-0700)\/", - "UpgradeStartTime":"\/Date(1559881150000-0700)\/" - }, - "LogErrorLine":"2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ - gle=0x00000057 - ]", - "FailureData":[ - "\u000aError: SetupDiag reports Fatal Error.\u000aLast Setup Phase = Downlevel\u000aLast Setup Operation: Gather data, scope: EVERYTHING\u000aError: 0x00000057", - "LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ - gle=0x00000057 - ]", - "LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ - gle=0x00000057 - ]", - "\u000aRefer to \"https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/Debug\/system-error-codes\" for error information." - ], - "FailureDetails":"Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel", - "DeviceDriverInfo":null, - "Remediation":[ - - ], - "SetupPhaseInfo":null, - "SetupOperationInfo":null -} -``` - -## Sample registry key - -![Addreg](./../images/addreg.png) - -## Related topics - -[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/windows/deployment/upgrade/resolve-windows-10-upgrade-errors) +--- +title: SetupDiag +ms.reviewer: +manager: laurawi +ms.author: greglin +description: How to use the SetupDiag tool to diagnose Windows Setup errors +keywords: deploy, troubleshoot, windows, 10, upgrade, update, setup, diagnose +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.topic: article +--- + +# SetupDiag + +**Applies to** +- Windows 10 + +>[!NOTE] +>This is a 300 level topic (moderate advanced).
      +>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
      + + [![Download SetupDiag](../images/download.png)](https://go.microsoft.com/fwlink/?linkid=870142) + +## About SetupDiag + +Current version of SetupDiag: 1.5.0.0 + +SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. + +SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode. + +To quickly use SetupDiag on your current computer: +1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137). +2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142). +3. If your web browser asks what to do with the file, choose **Save**. By default, the file will be saved to your **Downloads** folder. You can also save it to a different location if desired by using **Save As**. +4. When SetupDiag has finished downloading, open the folder where you downloaded the file. As mentioned above, by default this is your **Downloads** folder which is displayed in File Explorer under **Quick access** in the left navigation pane. +5. Double-click the **SetupDiag** file to run it. Click **Yes** if you are asked to approve running the program. + - Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. You will need to change directories to the location of SetupDiag to run it this way. +6. A command window will open while SetupDiag diagnoses your computer. Wait for this to finish. +7. When SetupDiag finishes, two files will be created in the same folder where you double-clicked SetupDiag. One is a configuration file, the other is a log file. +8. Use Notepad to open the log file: **SetupDiagResults.log**. +9. Review the information that is displayed. If a rule was matched this can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below. + +For instructions on how to run the tool in offline mode and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below. + +The [Release notes](#release-notes) section at the bottom of this topic has information about recent updates to this tool. + +## Requirements + +1. The destination OS must be Windows 10. +2. [.NET Framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137) must be installed. If you are not sure what version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](https://docs.microsoft.com/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed). You can also use the following command-line query to display the installed v4 versions: + + ``` + reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s + ``` + +## Parameters + +| Parameter | Description | +| --- | --- | +| /? |
      • Displays interactive help
      | +| /Output:\ |
      • This optional parameter enables you to specify the output file for results. This is where you will find what SetupDiag was able to determine. Only text format output is supported. UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path. If the path has a space in it, you must enclose the entire path in double quotes (see the example section below).
      • Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same directory where SetupDiag.exe is run.
      | +| /LogsPath:\ |
      • This optional parameter tells SetupDiag.exe where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag will recursively search all child directories.
      | +| /ZipLogs:\ |
      • This optional parameter tells SetupDiag.exe to create a zip file containing the results and all the log files it parsed. The zip file is created in the same directory where SetupDiag.exe is run.
      • Default: If not specified, a value of 'true' is used.
      | +| /Format:\ |
      • This optional parameter can be used to output log files in xml or JSON format. If this parameter is not specified, text format is used by default.
      | +| /Scenario:\[Recovery\] |
      • This optional parameter instructs SetupDiag.exe to look for and process reset and recovery logs and ignore setup/upgrade logs.
      | +| /Verbose |
      • This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.
      | +| /NoTel |
      • This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.
      | +| /AddReg |
      • This optional parameter instructs SetupDiag.exe to add failure information to the registry in offline mode. By default, SetupDiag will add failure information to the registry in online mode only. Registry data is added to the following location on the system where SetupDiag is run: **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**.
      | + +Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag. +- In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0 when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter is not needed. + +### Examples: + +In the following example, SetupDiag is run with default parameters (online mode, results file is SetupDiagResults.log in the same folder where SetupDiag is run). + +``` +SetupDiag.exe +``` + +In the following example, SetupDiag is run in online mode (this is the default). It will know where to look for logs on the current (failing) system, so there is no need to gather logs ahead of time. A custom location for results is specified. + +``` +SetupDiag.exe /Output:C:\SetupDiag\Results.log +``` + +The following example uses the /Output parameter to save results to a path name that contains a space: + +``` +SetupDiag /Output:"C:\Tools\SetupDiag\SetupDiag Results\Results.log" +``` + +The following example specifies that SetupDiag is to run in offline mode, and to process the log files found in **D:\Temp\Logs\LogSet1**. + +``` +SetupDiag.exe /Output:C:\SetupDiag\Results.log /LogsPath:D:\Temp\Logs\LogSet1 +``` + +The following example sets recovery scenario in offline mode. In the example, SetupDiag will search for reset/recovery logs in the specified LogsPath location and output the resuts to the directory specified by the /Output parameter. + +``` +SetupDiag.exe /Output:C:\SetupDiag\RecoveryResults.log /LogsPath:D:\Temp\Cabs\PBR_Log /Scenario:Recovery +``` + +The following example sets recovery scenario in online mode. In the example, SetupDiag will search for reset/recovery logs on the current system and output results in XML format. + +``` +SetupDiag.exe /Scenario:Recovery /Format:xml +``` + + +## Log files + +[Windows Setup Log Files and Event Logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs) has information about where logs are created during Windows Setup. For offline processing, you should run SetupDiag against the contents of the entire folder. For example, depending on when the upgrade failed, copy one of the following folders to your offline location: + +\\$Windows.~bt\sources\panther +
      \\$Windows.~bt\Sources\Rollback +
      \Windows\Panther +
      \Windows\Panther\NewOS + +If you copy the parent folder and all sub-folders, SetupDiag will automatically search for log files in all subdirectories. + +## Setup bug check analysis + +When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. It is also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error. + +If crash dumps [are enabled](https://docs.microsoft.com/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup will extract a minidump (setupmem.dmp) file. SetupDiag can also debug these setup related minidumps. + +To debug a setup related bug check, you must: +- Specify the **/LogsPath** parameter. You cannot debug memory dumps in online mode. +- Gather the setup memory dump file (setupmem.dmp) from the failing system. + - Setupmem.dmp will be created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs. +- Install the [Windows Debugging Tools](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-tools) on the computer that runs SetupDiag. + +In the following example, the **setupmem.dmp** file is copied to the **D:\Dump** directory and the Windows Debugging Tools are installed prior to running SetupDiag: + +``` +SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /LogsPath:D:\Dump +``` + +## Known issues + +1. Some rules can take a long time to process if the log files involved are large. +2. If the failing computer is opted into the Insider program and getting regular pre-release updates, or an update is already pending on the computer when SetupDiag is run, it can encounter problems trying to open these log files. This will likely cause a failure to determine a root cause. In this case, try gathering the log files and running SetupDiag in offline mode. + + +## Sample output + +The following is an example where SetupDiag is run in offline mode. + +``` +D:\SetupDiag>SetupDiag.exe /output:c:\setupdiag\result.xml /logspath:D:\Tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e /format:xml + +SetupDiag v1.5.0.0 +Copyright (c) Microsoft Corporation. All rights reserved. + +Searching for setup logs... +Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_6.log with update date 6/12/2019 2:44:20 PM to be the correct setup log. +Found d:\tests\Logs\f55be736-beed-4b9b-aedf-c133536c946e\setupact_1.log with update date 6/12/2019 2:45:19 PM to be the correct rollback log. + +Gathering baseline information from setup logs... + +SetupDiag: processing rule: CompatScanOnly. +...No match. + +... + +SetupDiag: processing rule: DISMImageSessionFailure. +.. +Error: SetupDiag reports DISM provider failure. +Last Phase: Safe OS +Last Operation: Apply Optional Component status +Message = Failed to get the IDismImage instance from the image session +Function: CDISMManager::CloseImageSession +Error: 0x800706ba +Recommend you re-download the update source files, reboot and try the update again. + +SetupDiag found 1 matching issue. + +SetupDiag results were logged to: c:\setupdiag\results.xml +Logs ZipFile created at: c:\setupdiag\Logs_14.zip + +``` + +## Rules + +When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file which is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. See [Release notes](#release-notes) for more information. + +Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term "down-level" refers to the first phase of the upgrade process, which runs under the starting OS. + +1. CompatScanOnly - FFDAFD37-DB75-498A-A893-472D49A1311D + - This rule indicates that setup.exe was called with a specific command line parameter that indicated setup was to do a compat scan only, not an upgrade. +2. BitLockerHardblock - C30152E2-938E-44B8-915B-D1181BA635AE + - This is a block when the target OS does not support BitLocker, yet the host OS has BitLocker enabled. +3. VHDHardblock - D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC + - This block happens when the host OS is booted to a VHD image. Upgrade is not supported when the host OS is booted from a VHD image. +4. PortableWorkspaceHardblock - 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280 + - This indicates that the host OS is booted from a Windows To-Go device (USB key). Upgrade is not supported in the Windows To-Go environment. +5. AuditModeHardblock - A03BD71B-487B-4ACA-83A0-735B0F3F1A90 + - This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state. Upgrade is not supported from this state. +6. SafeModeHardblock - 404D9523-B7A8-4203-90AF-5FBB05B6579B + - This block indicates that the host OS is booted to Safe Mode, where upgrade is not supported. +7. InsufficientSystemPartitionDiskSpaceHardblock - 3789FBF8-E177-437D-B1E3-D38B4C4269D1 + - This block is encountered when setup determines the system partition (where the boot loader files are stored) does not have enough space to be serviced with the newer boot files required during the upgrade process. +8. CompatBlockedApplicationAutoUninstall – BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5 + - This rule indicates there is an application that needs to be uninstalled before setup can continue. +9. CompatBlockedApplicationDismissable - EA52620B-E6A0-4BBC-882E-0686605736D9 + - When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies “/compat /ignore warning”. This rule indicates setup was executed in /quiet mode but there is an application dismissible block message that have prevented setup from continuing. +10. CompatBlockedApplicationManualUninstall - 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4 + - This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This typically requires manual removal of the files associated with this application to continue. +11. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B + - This indicates a device driver that is loaded on the host OS is not compatible with the newer OS version and needs to be removed prior to the upgrade. +12. HardblockMismatchedLanguage - 60BA8449-CF23-4D92-A108-D6FCEFB95B45 + - This rule indicates the host OS and the target OS language editions do not match. +13. HardblockFlightSigning - 598F2802-3E7F-4697-BD18-7A6371C8B2F8 + - This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled. This will block the pre-release signed build from booting if installed on the machine. +14. DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E + - This failure indicates the system ran out of disk space during the down-level operations of upgrade. +15. DiskSpaceFailure - 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191 + - This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade. +16. DeviceInstallHang - 37BB1C3A-4D79-40E8-A556-FDA126D40BC6 + - This failure rule indicates the system hung or bug checked during the device installation phase of upgrade. +17. DebugSetupMemoryDump - C7C63D8A-C5F6-4255-8031-74597773C3C6 + - This offline only rule indicates a bug check occurred during setup. If the debugger tools are available on the system, SetupDiag will debug the memory dump and provide details. +18. DebugSetupCrash - CEEBA202-6F04-4BC3-84B8-7B99AED924B1 + - This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details. +19. DebugMemoryDump - 505ED489-329A-43F5-B467-FCAAF6A1264C + - This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details. +20. BootFailureDetected - 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7 + - This rule indicates a boot failure occurred during a specific phase of the update. The rule will indicate the failure code and phase for diagnostic purposes. +21. FindDebugInfoFromRollbackLog - 9600EB68-1120-4A87-9FE9-3A4A70ACFC37 + - This rule will determine and give details when a bug check occurs during the setup/upgrade process that resulted in a memory dump, but without the requirement of the debugger package being on the executing machine. +22. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC + - Finds fatal advanced installer operations that cause setup failures. +23. FindMigApplyUnitFailure - A4232E11-4043-4A37-9BF4-5901C46FD781 + - Detects a migration unit failure that caused the update to fail. This rule will output the name of the migration plug-in as well as the error code it produced for diagnostic purposes. +24. FindMigGatherUnitFailure - D04C064B-CD77-4E64-96D6-D26F30B4EE29 + - Detects a migration gather unit failure that caused the update to fail. This rule will output the name of the gather unit/plug-in as well as the error code it produced for diagnostic purposes. +25. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043 + - This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It will indicate the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes. +26. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14 + - Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It will indicate the operation and error code associated with the failure for diagnostic purposes. +27. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549 + - This rule indicates the update failed to mount a wim file. It will show the name of the wim file as well as the error message and error code associated with the failure for diagnostic purposes. +28. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E + - Determines if the given setup was a success or not based off the logs. +29. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC + - Gives information about failures surfaced early in the upgrade process by setuphost.exe +30. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55 + - Gives failure information surfaced by SetupPlatform, later in the down-level phase. +31. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD + - Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly. +32. FindSetupPlatformFailedOperationInfo - 307A0133-F06B-4B75-AEA8-116C3B53C2D1 + - Gives last phase and error information when SetupPlatform indicates a critical failure. This rule will indicate the operation and error associated with the failure for diagnostic purposes. +33. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48 + - Gives last operation, failure phase and error information when a rollback occurs. +34. AdvancedInstallerGenericFailure – 4019550D-4CAA-45B0-A222-349C48E86F71 + - A rule to match AdvancedInstaller read/write failures in a generic sense. Will output the executable being called as well as the error code and exit code reported. +35. OptionalComponentFailedToGetOCsFromPackage – D012E2A2-99D8-4A8C-BBB2-088B92083D78 (NOTE: This rule replaces the OptionalComponentInstallFailure rule present in v1.10. + - This matches a specific Optional Component failure when attempting to enumerate components in a package. Will output the package name and error code. +36. OptionalComponentOpenPackageFailed – 22952520-EC89-4FBD-94E0-B67DF88347F6 + - Matches a specific Optional Component failure when attempting to open an OC package. Will output the package name and error code. +37. OptionalComponentInitCBSSessionFailed – 63340812-9252-45F3-A0F2-B2A4CA5E9317 + - Matches a specific failure where the advanced installer service or components aren’t operating or started on the system. Will output the error code. +38. UserProfileCreationFailureDuringFinalize – C6677BA6-2E53-4A88-B528-336D15ED1A64 + - Matches a specific User Profile creation error during the finalize phase of setup. Will output the failure code. +39. WimApplyExtractFailure – 746879E9-C9C5-488C-8D4B-0C811FF3A9A8 + - Matches a wim apply failure during wim extraction phases of setup. Will output the extension, path and error code. +40. UpdateAgentExpanderFailure – 66E496B3-7D19-47FA-B19B-4040B9FD17E2 + - Matches DPX expander failures in the down-level phase of update from WU. Will output the package name, function, expression and error code. +41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636 + - Matches any plug-in failure that setupplatform decides is fatal to setup. Will output the plugin name, operation and error code. +42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC + - Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes. +43. MigrationAbortedDueToPluginFailure - D07A24F6-5B25-474E-B516-A730085940C9 + - Indicates a critical failure in a migration plugin that causes setup to abort the migration. Will provide the setup operation, plug-in name, plug-in action and error code. +44. DISMAddPackageFailed - 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9 + - Indicates a critical failure during a DISM add package operation. Will specify the Package Name, DISM error and add package error code. +45. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960 + - Detects all compat blocks from Server compliance plug-ins. Outputs the block information and remediation. +46. AdvancedInstallerGenericFailure - 4019550D-4CAA-45B0-A222-349C48E86F71 + - Triggers on advanced installer failures in a generic sense, outputting the application called, phase, mode, component and error code. +47. FindMigGatherApplyFailure - A9964E6C-A2A8-45FF-B6B5-25E0BD71428E + - Shows errors when the migration Engine fails out on a gather or apply operation. Indicates the Migration Object (file or registry path), the Migration +48. OptionalComponentFailedToGetOCsFromPackage - D012E2A2-99D8-4A8C-BBB2-088B92083D78 + - Indicates the optional component (OC) migration operation failed to enumerate optional components from an OC Package. Outputs the package name and error code. +49. OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6 + - Indicates the optional component migration operation failed to open an optional component Package. Outputs the package name and error code. +50. OptionalComponentInitCBSSessionFailed - 63340812-9252-45F3-A0F2-B2A4CA5E9317 + - Indicates corruption in the servicing stack on the down-level system. Outputs the error code encountered while trying to initialize the servicing component on the existing OS. +51. DISMproviderFailure - D76EF86F-B3F8-433F-9EBF-B4411F8141F4 + - Triggers when a DISM provider (plug-in) fails in a critical operation. Outputs the file (plug-in name), function called + error code, and error message from the provider. +52. SysPrepLaunchModuleFailure - 7905655C-F295-45F7-8873-81D6F9149BFD + - Indicates a sysPrep plug-in has failed in a critical operation. Indicates the plug-in name, operation name and error code. +53. UserProvidedDriverInjectionFailure - 2247C48A-7EE3-4037-AFAB-95B92DE1D980 + - A driver provided to setup (via command line input) has failed in some way. Outputs the driver install function and error code. +54. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960 + - These are for server upgrades only, will output the compliance block and remediation required. +55. PreReleaseWimMountDriverFound - 31EC76CC-27EC-4ADC-9869-66AABEDB56F0 + - Captures failures due to having an unrecognized wimmount.sys driver registered on the system. +56. WinSetupBootFilterFailure - C073BFC8-5810-4E19-B53B-4280B79E096C + - Detects failures in the kernel mode file operations. +57. WimMountDriverIssue - 565B60DD-5403-4797-AE3E-BC5CB972FBAE + - Detects failures in WimMount.sys registration on the system. +58. DISMImageSessionFailure - 61B7886B-10CD-4C98-A299-B987CB24A11C + - Captures failure information when DISM fails to start an image session successfully. +59. FindEarlyDownlevelError - A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52 + - Detects failures in down-level phase before setup platform is invoked. +60. FindSPFatalError - A4028172-1B09-48F8-AD3B-86CDD7D55852 + - Captures failure information when setup platform encounters a fatal error. + + +## Release notes + +06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center. + - All date and time outputs are updated to localized format per user request. + - Added setup Operation and Phase information to /verbose log. + - Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below). + - Performance improvement in searching setupact.logs to determine correct log to parse. + - Added SetupDiag version number to text report (xml and json always had it). + - Added "no match" reports for xml and json per user request. + - Formatted Json output for easy readability. + - Performance improvements when searching for setup logs; this should be much faster now. + - Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information. + - Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** + - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode. + - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date. + - This registry key also gets deleted when a new update instance is invoked. + - For an example, see [Sample registry key](#sample-registry-key). + +05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center. + - This release adds the ability to find and diagnose reset and recovery failures (Push Button Reset). + +12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center. + - This release includes major improvements in rule processing performance: ~3x faster rule processing performance! + - The FindDownlevelFailure rule is up to 10x faster. + - New rules have been added to analyze failures upgrading to Windows 10 version 1809. + - A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure. + - Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode. + - Some functional and output improvements were made for several rules. + +07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center. + - This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed. + +07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center. + - Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues. + - New feature: Ability to output logs in JSON and XML format. + - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic. + - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text. + - New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive. + - 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed. + +05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center. + - Fixed a bug in device install failure detection in online mode. + - Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost. + - Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing. + +05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center. + - A performance enhancment has been added to result in faster rule processing. + - Rules output now includes links to support articles, if applicable. + - SetupDiag now provides the path and name of files that it is processing. + - You can now run SetupDiag by simply clicking on it and then examining the output log file. + - An output log file is now always created, whether or not a rule was matched. + +03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center. + +## Sample logs + +### Text log sample + +``` +Matching Profile found: OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6 +System Information: + Machine Name = Offline + Manufacturer = MSI + Model = MS-7998 + HostOSArchitecture = x64 + FirmwareType = PCAT + BiosReleaseDate = 20160727000000.000000+000 + BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70 + BiosVersion = 1.70 + HostOSVersion = 10.0.15063 + HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834 + TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534) + HostOSLanguageId = 2057 + HostOSEdition = Core + RegisteredAV = Windows Defender, + FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo, + UpgradeStartTime = 3/21/2018 9:47:16 PM + UpgradeEndTime = 3/21/2018 10:02:40 PM + UpgradeElapsedTime = 00:15:24 + ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde + +Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F +Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again. Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again. +Error: SetupDiag reports down-level failure, Operation: Finalize, Error: 0x8007001F - 0x50015 +Refer to https://docs.microsoft.com/windows/deployment/upgrade/upgrade-error-codes for error information. +``` + +### XML log sample + +```xml + + + 1.5.0.0 + FindSPFatalError + A4028172-1B09-48F8-AD3B-86CDD7D55852 + + Offline + Gigabyte Technology Co., Ltd. + X470 AORUS ULTRA GAMING + 1033 + UEFI + 20180808000000.000000+000 + F3 + + 10.0.18908 + 18908.1000.amd64fre.rs_prerelease.190524-1658 + 10.0.18912.1001 (rs_prerelease.190601-1739) + + Professional + Windows Defender + + 2019-06-06T21:19:10 + + 2019-06-06T22:21:49 + 0001-01-01T00:00:00 + 0001-01-01T00:00:00 + + 0001-01-01T00:00:00 + 0001-01-01T00:00:00 + + Offline + MgUweCZk90KdwUiZ + F21F8FB6-00FD-4349-84FB-2AC75F389E73 + F21F8FB6-00FD-4349-84FB-2AC75F389E73 + + 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] + +Error: SetupDiag reports Fatal Error. +Last Setup Phase = Downlevel +Last Setup Operation: Gather data, scope: EVERYTHING +Error: 0x00000057 + LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] + LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057] + +Refer to "https://docs.microsoft.com/windows/desktop/Debug/system-error-codes" for error information. + Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel + +``` + +### JSON log sample + +``` +{ + "Version":"1.5.0.0", + "ProfileName":"FindSPFatalError", + "ProfileGuid":"A4028172-1B09-48F8-AD3B-86CDD7D55852", + "SystemInfo":{ + "BiosReleaseDate":"20180808000000.000000+000", + "BiosVendor":"F3", + "BiosVersion":"F3", + "CV":"MgUweCZk90KdwUiZ", + "CommercialId":"Offline", + "FilterDrivers":"", + "FinalizeStartTime":"\/Date(-62135568000000-0800)\/", + "FirmwareType":"UEFI", + "HostOSArchitecture":"x64", + "HostOSBuildString":"18908.1000.amd64fre.rs_prerelease.190524-1658", + "HostOSEdition":"Professional", + "HostOSLanguageId":"", + "HostOSVersion":"", + "MachineName":"Offline", + "Manufacturer":"Gigabyte Technology Co., Ltd.", + "Model":"X470 AORUS ULTRA GAMING", + "PostOOBESuccessTime":"\/Date(-62135568000000-0800)\/", + "RegisteredAV":"Windows Defender", + "ReportId":"F21F8FB6-00FD-4349-84FB-2AC75F389E73", + "RollbackElapsedTime":"PT0S", + "RollbackEndTime":"\/Date(-62135568000000-0800)\/", + "RollbackStartTime":"\/Date(-62135568000000-0800)\/", + "SetupReportId":"F21F8FB6-00FD-4349-84FB-2AC75F389E73", + "TargetOSArchitecture":null, + "TargetOSBuildString":"10.0.18912.1001 (rs_prerelease.190601-1739)", + "TotalOfflineTime":"PT0S", + "UpgradeElapsedTime":"PT1H2M39S", + "UpgradeEndTime":"\/Date(1559884909000-0700)\/", + "UpgradeStartTime":"\/Date(1559881150000-0700)\/" + }, + "LogErrorLine":"2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ + gle=0x00000057 + ]", + "FailureData":[ + "\u000aError: SetupDiag reports Fatal Error.\u000aLast Setup Phase = Downlevel\u000aLast Setup Operation: Gather data, scope: EVERYTHING\u000aError: 0x00000057", + "LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ + gle=0x00000057 + ]", + "LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5\/2\/2019 to structure[ + gle=0x00000057 + ]", + "\u000aRefer to \"https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/Debug\/system-error-codes\" for error information." + ], + "FailureDetails":"Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel", + "DeviceDriverInfo":null, + "Remediation":[ + + ], + "SetupPhaseInfo":null, + "SetupOperationInfo":null +} +``` + +## Sample registry key + +![Addreg](./../images/addreg.png) + +## Related topics + +[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/windows/deployment/upgrade/resolve-windows-10-upgrade-errors) diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md index 1eef483854..8ad77cca4e 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md +++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md @@ -1,190 +1,191 @@ ---- -title: Upgrade Readiness deployment script (Windows 10) -ms.reviewer: -manager: laurawi -ms.author: greglin -description: Deployment script for Upgrade Readiness. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.topic: article -ms.collection: M365-analytics ---- - -# Upgrade Readiness deployment script - -To automate the steps provided in [Get started with Upgrade Readiness](upgrade-readiness-get-started.md), and to troubleshoot data sharing issues, you can run the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft. - ->[!IMPORTANT] ->Upgrade Readiness was previously called Upgrade Analytics. References to Upgrade Analytics in any scripts or online content pertain to the Upgrade Readiness solution. - ->[!IMPORTANT] ->The latest version of the Upgrade Readiness Script is **2.4.4 - 10.10.2018** - -For detailed information about using the Upgrade Readiness (also known as upgrade analytics) deployment script, see the [Upgrade Analytics blog](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/New-version-of-the-Upgrade-Analytics-Deployment-Script-available/ba-p/187164?advanced=false&collapse_discussion=true&q=new%20version%20of%20the%20upgrade%20analytics%20deployment%20script%20available&search_type=thread). - -> The following guidance applies to version **2.4.4 - 10.10.2018** of the Upgrade Readiness deployment script. If you are using an older version, download the latest from the [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409). - -The Upgrade Readiness deployment script does the following: - -1. Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys. -2. Verifies that user computers can send data to Microsoft. -3. Checks whether the computer has a pending restart.   -4. Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended). -5. If enabled, turns on verbose mode for troubleshooting. -6. Initiates the collection of the diagnostic data that Microsoft needs to assess your organization’s upgrade readiness. -7. If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file. - -## Running the script - ->There should be no performance impact caused by the script. The script is a light wrapper of Windows in-box components that undergo performance testing and optimization to avoid any performance impact. However, typically the script is scheduled to be run outside of working hours. -> ->Do not run the script at each sign-on. It is recommended to run the script once every 30 days. -> ->The length of time the script takes to run on each system depends on the number of apps and drivers, and the type of hardware. Anti-virus software scanning simultaneously can increase the script run time, but the script should require no longer than 10 minutes to run, and typically the time is much shorter. If the script is observed running for an extended period of time, please run the Pilot script, and collect logs to share with Microsoft. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: **%SystemDrive%\UADiagnostics**. - -To run the Upgrade Readiness deployment script: - -1. Download the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract the .zip file. Inside, there are two folders: **Pilot** and **Deployment**. The **Pilot** folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The **Deployment** folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly. Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization. - -2. Edit the following parameters in RunConfig.bat: - - 1. Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics - - 2. Input your commercial ID key. To find your commercial ID, first navigate to the **Solutions** tab for your workspace, and then select the solution. From there, select the **Settings** page, where you can find and copy your commercial ID: - - 3. By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options: - - > *logMode = 0 log to console only* - > - > *logMode = 1 log to file and console* - > - > *logMode = 2 log to file only* - -3. To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected: - - > *IEOptInLevel = 0 Internet Explorer data collection is disabled* - > - > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones* - > - > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones* - > - > *IEOptInLevel = 3 Data collection is enabled for all sites* - -4. The deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**. - - The data that is sent is the same data that is collected in the text log file that captures the events and error codes while running the script. This file is named in the following format: **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: **%SystemDrive%\UADiagnostics**. - - This data gives us the ability to determine the status of your machines and to help troubleshoot issues. If you choose to opt-in to and send this data to Microsoft, you must also allow https traffic to be sent to the following wildcard endpoints: - - \*vortex\*.data.microsoft.com
      - \*settings\*.data.microsoft.com - -5. The deployment script configures insider builds to continue to send the device name to the diagnostic data management service and the analytics portal. If you do not want to have insider builds send the device name sent to analytics and be available in the analytics portal, set **DeviceNAmeOptIn = false**. By default it is true, which preserves the behavior on previous versions of Windows. This setting only applies to insider builds. Note that the device name is also sent to AppInsights, so to ensure the device name is not sent to either place you would need to also set **AppInsightsOptIn = false**. - -6. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system. - -## Exit codes - -The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered. - -| Exit code | Suggested fix | -|-----------|--------------| -| 0 - Success | N/A | -| 1 - Unexpected error occurred while executing the script. | The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966) from the download center and try again. | -| 2 - Error when logging to console. $logMode = 0. (console only) | Try changing the $logMode value to **1** and try again. $logMode value 1 logs to both console and file. | -| 3 - Error when logging to console and file. $logMode = 1. | Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. | -| 4 - Error when logging to file. $logMode = 2. | Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. | -| 5 - Error when logging to console and file. $logMode = unknown. | Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. | -| 6 - The commercialID parameter is set to unknown. | Modify the runConfig.bat file to set the CommercialID value. The value for parameter in the runconfig.bat file should match the Commercial ID key for your workspace. See [Generate your Commercial ID key](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#generate-your-commercial-id-key) for instructions on generating a Commercial ID key for your workspace. | -| 8 - Failure to create registry key path: **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection**. The Commercial Id property is set at the following registry key path: **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | Verify that the context under which the script in running has access to the registry key. | -| 9 - The script failed to write Commercial Id to registry. -Error creating or updating registry key: **CommercialId** at **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | Verify that the context under which the script in running has access to the registry key. | -| 10 - Error when writing **CommercialDataOptIn** to the registry at **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | Verify that the deployment script is running in a context that has access to the registry key. | -| 11 - Function **SetupCommercialId** failed with an unexpected exception. The **SetupCommercialId** function updates the Commercial Id at the registry key path: **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | Verify that the configuration script has access to this location. | -| 12 - Can’t connect to Microsoft - Vortex. Check your network/proxy settings. | **Http Get** on the end points did not return a success exit code. For Windows 10, connectivity is verified by connecting to https://v10.vortex-win.data.microsoft.com/health/keepalive. For previous operating systems, connectivity is verified by connecting to https://vortex-win.data.microsoft.com/health/keepalive. If there is an error verifying connectivity, this will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enrolling devices in Windows Analytics](../update/windows-analytics-get-started.md) | -| 13 - Can’t connect to Microsoft - setting. | An error occurred connecting to https://settings.data.microsoft.com/qos. This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enrolling devices in Windows Analytics](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). Verify that the required endpoints are whitelisted correctly. See Whitelist select endpoints for more details. | -| 14 - Can’t connect to Microsoft - compatexchange. An error occurred connecting to [CompatibilityExchangeService.svc](https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc). | This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enrolling devices in Windows Analytics](../update/windows-analytics-get-started.md). | -| 15 - Function CheckVortexConnectivity failed with an unexpected exception. | This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enrolling devices in Windows Analytics](../update/windows-analytics-get-started.md). Check the logs for the exception message and the HResult. | -| 16 - The computer requires a reboot before running the script. | Restart the device to complete the installation of the compatibility update and related updates. Reboot the computer before running the Upgrade Readiness deployment script. | -| 17 - Function **CheckRebootRequired** failed with an unexpected exception. | Restart the device to complete installation of the compatibility update and related updates. Check the logs for the exception message and the HResult. | -|18 - Appraiser KBs not installed or **appraiser.dll** not found. | Either the Appraiser-related updates are not installed, or the **appraiser.dll** file was not found. For more information, see appraiser diagnostic data events and fields information in the [Data collection](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#data-collection-and-privacy) and privacy topic. | -| 19 - Function **CheckAppraiserKB**, which checks the compatibility update KBs, failed with unexpected exception. | Check the logs for the Exception message and HResult. The script will not run further if this error is not fixed. | -| 20 - An error occurred when creating or updating the registry key **RequestAllAppraiserVersions** at **HKLM:\SOFTWARE\Microsoft\WindowsNT \CurrentVersion\AppCompatFlags\Appraiser** | The registry key is required for data collection to work correctly. Verify that the script is running in a context that has access to the registry key. | -| 21 - Function **SetRequestAllAppraiserVersions** failed with an unexpected exception. | Check the logs for the exception message and HResult. | -| 22 - **RunAppraiser** failed with unexpected exception. | Check the logs for the exception message and HResult. Check the **%windir%\System32** directory for the file **CompatTelRunner.exe**. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization's Group Policy to verify it does not remove this file. | -| 23 - Error finding system variable **%WINDIR%**. | Verify that this environment variable is configured on the computer. | -| 24 - The script failed when writing **IEDataOptIn** to the registry. An error occurred when creating registry key **IEOptInLevel** at **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | This is a required registry key for IE data collection to work correctly. Verify that the deployment script in running in a context that has access to the registry key. Check the logs for the exception message and HResult. | -| 25 - The function **SetIEDataOptIn** failed with unexpected exception. | Check the logs for the exception message and HResult. | -| 27 - The script is not running under **System** account. | The Upgrade Readiness configuration script must be run as **System**. | -| 28 - Could not create log file at the specified **logPath**. | Make sure the deployment script has access to the location specified in the **logPath** parameter. | -| 29 - Connectivity check failed for proxy authentication. | Install cumulative updates on the device and enable the **DisableEnterpriseAuthProxy** authentication proxy setting. The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7\. For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled). For more information on authentication proxy support, see [Authentication proxy support added in new version (12.28.16) of the Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?linkid=838688). | -| 30 - Connectivity check failed. Registry key property **DisableEnterpriseAuthProxy** is not enabled. | The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7\. For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688). | -| 31 - There is more than one instance of the Upgrade Readiness data collector running at the same time on this computer. Use Task Manager to check if **CompatTelRunner.exe** is running, and wait until it has completed to rerun the script. The Upgrade Readiness task is scheduled by default to run daily at 0300. | -| 32 - Appraiser version on the machine is outdated. | The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#deploy-the-compatibility-update-and-related-updates) for Windows 7 SP1/Windows 8.1. | -| 33 - **CompatTelRunner.exe** exited with an exit code | **CompatTelRunner.exe** runs the appraise task on the device. If it fails, it will provide a specific exit code. The script will return exit code 33 when **CompatTelRunner.exe** itself exits with an exit code. Check the logs for more details. Also see the **Note** following this table for additional steps to follow. | -| 34 - Function **CheckProxySettings** failed with an unexpected exception. | Check the logs for the exception message and HResult. | -| 35 - Function **CheckAuthProxy** failed with an unexpected exception. Check the logs for the exception message and HResult. | -| 36 - Function **CheckAppraiserEndPointsConnectivity** failed with an unexpected exception. | Check the logs for the exception message and HResult. | -| 37 - **Diagnose_internal.cmd** failed with an unexpected exception. | Check the logs for the exception message and HResult. | -| 38 - Function **Get-SqmID** failed with an unexpected exception. | Check the logs for the exception message and HResult. | -| 39 - For Windows 10: AllowTelemetry property is not set to 1 or higher at registry key path **HKLM:\SOFTWARE\Policies\Microsoft \Windows\DataCollection** or **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | For Windows 10 devices, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will return an error if this is not true. For more information, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). | -| 40 - Function **CheckTelemetryOptIn** failed with an unexpected exception. | Check the logs for the exception message and HResult. | -| 41 - The script failed to impersonate the currently logged on user. | The script mimics the UTC client to collect upgrade readiness data. When auth proxy is set, the UTC client impersonates the user that is logged on. The script also tries to mimic this, but the process failed. | -| 42 - Function **StartImpersonatingLoggedOnUser** failed with an unexpected exception. | Check the logs for the exception message and HResult. | -| 43 - Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception. | Check the logs for the exception message and HResult. | -| 44 - Diagtrack.dll version is old, so Auth Proxy will not work. | Update the device using Windows Update or Windows Server Update Services. | -| 45 - Diagtrack.dll was not found. | Update the device using Windows Update or Windows Server Update Services. | -| 48 - **CommercialID** mentioned in RunConfig.bat should be a GUID. | Copy the commercial ID from your workspace. To find your commercial ID, first navigate to the Solutions tab for your workspace in Azure Portal, and then select the solution. From there, select the **Settings** page, where you can find and copy your commercial ID.| -| 50 - Diagtrack Service is not running. | The Diagtrack service is required to send data to Microsoft. Enable and run the "Connected User Experiences and Telemetry" service. | -| 51 - RunCensus failed with an unexpected exception. | RunCensus explitly runs the process used to collect device information. The method failed with an unexpected exception. The most common cause is incorrect setup of diagnostic data. Check the ExceptionHResult and ExceptionMessage for more details. | -| 52 - DeviceCensus.exe not found on a Windows 10 machine. | On computers running Windows 10, the process devicecensus.exe should be present in the \system32 directory. Error code 52 is returned if the process was not found. Ensure that it exists at the specified location. | -| 53 - There is a different CommercialID present at the GPO path: **HKLM:\SOFTWARE\Policies\Microsoft \Windows\DataCollection**. This will take precedence over the CommercialID provided in the script. | Provide the correct CommercialID at the GPO location. | -| 54 - Microsoft Account Sign In Assistant Service is Disabled. | This service is required for devices running Windows 10. The diagnostic data client relies on the Microsoft Account Sign In Assistant (MSA) to get the Global Device ID for the device. Without the MSA service running, the global device ID will not be generated and sent by the client and Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). | -| 55 - SetDeviceNameOptIn function failed to create registry key path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** | The function SetDeviceNameOptIn sets the registry key value which determines whether to send the device name in diagnostic data. The function tries to create the registry key path if it does not already exist. Verify that the account has the correct permissions to change or add registry keys. | -| 56 - SetDeviceNameOptIn function failed to create property AllowDeviceNameInTelemetry at registry key path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** | Verify that the account has the correct permissions to change or add registry keys.| -| 57 - SetDeviceNameOptIn function failed to update AllowDeviceNameInTelemetry property to value 1 at registry key path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** | Verify that the account has the correct permissions to change or add registry keys. | -| 58 - SetDeviceNameOptIn function failed with unexpected exception | The function SetDeviceNameOptIn failed with an unexpected exception. | -| 59 - CleanupOneSettings failed to delete LastPersistedEventTimeOrFirstBoot property at registry key path: **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Diagtrack** |The CleanupOneSettings function clears some of the cached values needed by the Appraiser which is the data collector on the monitored device. This helps in the download of the most recent for accurate running of the data collector. Verify that the account has the correct permissions to change or add registry keys. | -| 60 - CleanupOneSettings failed to delete registry key: **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\ Diagnostics\Diagtrack\SettingsRequests** | Verify that the account has the correct permissions to change or add registry keys. | -| 61 - CleanupOneSettings failed with an exception | CleanupOneSettings failed with an unexpected exception. | -| 62 - AllowTelemetry property value at registry key path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** is not of type REG_DWORD. It should be of type REG_DWORD. | Ensure that the **AllowTelemetry** property at path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** is a REG_DWORD. | -| 63 - Diagnostic data is disabled for the device | If AllowTelemetry equals **0**, devices cannot send diagnostic data. To resolve this, set the **AllowTelemetry** value at **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**. | -| 64 - AllowTelemetry property value at registry key path **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection** is not of type REG_DWORD. It should be of type REG_DWORD. | Ensure that the **AllowTelemetry** property at **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection** is a REG_DWORD. | -| 65 - Diagnostic data is disabled for the device | If AllowTelemetry equals **0**, devices cannot send diagnostic data. To resolve this, set the **AllowTelemetry** value at **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**. | -| 66 - All recent data uploads for the Universal Telemetry Client failed. | Review the UtcConnectionReport in WMI in the namespace **root\cimv2\mdm\dmmap** under the **MDM_Win32CompatibilityAppraiser_UniversalTelemetryClient01** class. Only SYSTEM has access to this class. Use [PSExec](https://docs.microsoft.com/sysinternals/downloads/psexec) to execute your WMI utility as SYSTEM. | -| 67 - CheckUtcCsp failed with an exception | There was an error reading the WIM/CIM class **MDM_Win32CompatibilityAppraiser_UniversalTelemetryClient01** in the namespace **root\cimv2\mdm\dmmap**. Review system for WMI errors. | - - - - - - -> [!NOTE] -> **Additional steps to follow if you receive exit code 33** -> -> Check the exit code for any of these messages: -> -> - CompatTelRunner.exe exited with last error code: 0x800703F1 -> - CompatTelRunner.exe exited with last error code: 0x80070005 -> - CompatTelRunner.exe exited with last error code: 0x80080005 ->  -> -> If the exit code includes any of those messages, then run these commands from an elevated command prompt: -> -> 1. Net stop diagtrack -> 2. Net stop pcasvc -> 3. Net stop dps -> 4. Del %windir%\appcompat\programs\amcache.hve -> 5. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags" /v AmiHivePermissionsCorrect /f -> 6. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags" /v LogFlags /t REG_DWORD /d 4 /f -> 7. Net start diagtrack -> 8. Net start pcasvc -> 9. Net start dps -> -> Then run the Enterprise Config script (RunConfig.bat) again. -> -> If the script still fails, then send mail to uasupport@microsoft.com including log files from the RunConfig.bat script. These log files are stored on the drive that is specified in the RunConfig.bat file. By default this is set to **%SystemDrive%\UADiagnostics**. The log file is named with the format **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. There will be some additional logs generated under your **\\Windows\Temp** directory with the names similar to **AslLog_....txt**. You should send those logs as well. - +--- +title: Upgrade Readiness deployment script (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +description: Deployment script for Upgrade Readiness. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.topic: article +ms.collection: M365-analytics +--- + +# Upgrade Readiness deployment script + +To automate the steps provided in [Get started with Upgrade Readiness](upgrade-readiness-get-started.md), and to troubleshoot data sharing issues, you can run the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft. + +>[!IMPORTANT] +>Upgrade Readiness was previously called Upgrade Analytics. References to Upgrade Analytics in any scripts or online content pertain to the Upgrade Readiness solution. + +>[!IMPORTANT] +>The latest version of the Upgrade Readiness Script is **2.4.4 - 10.10.2018** + +For detailed information about using the Upgrade Readiness (also known as upgrade analytics) deployment script, see the [Upgrade Analytics blog](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/New-version-of-the-Upgrade-Analytics-Deployment-Script-available/ba-p/187164?advanced=false&collapse_discussion=true&q=new%20version%20of%20the%20upgrade%20analytics%20deployment%20script%20available&search_type=thread). + +> The following guidance applies to version **2.4.4 - 10.10.2018** of the Upgrade Readiness deployment script. If you are using an older version, download the latest from the [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409). + +The Upgrade Readiness deployment script does the following: + +1. Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys. +2. Verifies that user computers can send data to Microsoft. +3. Checks whether the computer has a pending restart.   +4. Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended). +5. If enabled, turns on verbose mode for troubleshooting. +6. Initiates the collection of the diagnostic data that Microsoft needs to assess your organization’s upgrade readiness. +7. If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file. + +## Running the script + +>There should be no performance impact caused by the script. The script is a light wrapper of Windows in-box components that undergo performance testing and optimization to avoid any performance impact. However, typically the script is scheduled to be run outside of working hours. +> +>Do not run the script at each sign-on. It is recommended to run the script once every 30 days. +> +>The length of time the script takes to run on each system depends on the number of apps and drivers, and the type of hardware. Anti-virus software scanning simultaneously can increase the script run time, but the script should require no longer than 10 minutes to run, and typically the time is much shorter. If the script is observed running for an extended period of time, please run the Pilot script, and collect logs to share with Microsoft. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: **%SystemDrive%\UADiagnostics**. + +To run the Upgrade Readiness deployment script: + +1. Download the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract the .zip file. Inside, there are two folders: **Pilot** and **Deployment**. The **Pilot** folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The **Deployment** folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly. Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization. + +2. Edit the following parameters in RunConfig.bat: + + 1. Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics + + 2. Input your commercial ID key. To find your commercial ID, first navigate to the **Solutions** tab for your workspace, and then select the solution. From there, select the **Settings** page, where you can find and copy your commercial ID: + + 3. By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options: + + > *logMode = 0 log to console only* + > + > *logMode = 1 log to file and console* + > + > *logMode = 2 log to file only* + +3. To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected: + + > *IEOptInLevel = 0 Internet Explorer data collection is disabled* + > + > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones* + > + > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones* + > + > *IEOptInLevel = 3 Data collection is enabled for all sites* + +4. The deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**. + + The data that is sent is the same data that is collected in the text log file that captures the events and error codes while running the script. This file is named in the following format: **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: **%SystemDrive%\UADiagnostics**. + + This data gives us the ability to determine the status of your machines and to help troubleshoot issues. If you choose to opt-in to and send this data to Microsoft, you must also allow https traffic to be sent to the following wildcard endpoints: + + \*vortex\*.data.microsoft.com
      + \*settings\*.data.microsoft.com + +5. The deployment script configures insider builds to continue to send the device name to the diagnostic data management service and the analytics portal. If you do not want to have insider builds send the device name sent to analytics and be available in the analytics portal, set **DeviceNAmeOptIn = false**. By default it is true, which preserves the behavior on previous versions of Windows. This setting only applies to insider builds. Note that the device name is also sent to AppInsights, so to ensure the device name is not sent to either place you would need to also set **AppInsightsOptIn = false**. + +6. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system. + +## Exit codes + +The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered. + +| Exit code | Suggested fix | +|-----------|--------------| +| 0 - Success | N/A | +| 1 - Unexpected error occurred while executing the script. | The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966) from the download center and try again. | +| 2 - Error when logging to console. $logMode = 0. (console only) | Try changing the $logMode value to **1** and try again. $logMode value 1 logs to both console and file. | +| 3 - Error when logging to console and file. $logMode = 1. | Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. | +| 4 - Error when logging to file. $logMode = 2. | Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. | +| 5 - Error when logging to console and file. $logMode = unknown. | Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. | +| 6 - The commercialID parameter is set to unknown. | Modify the runConfig.bat file to set the CommercialID value. The value for parameter in the runconfig.bat file should match the Commercial ID key for your workspace. See [Generate your Commercial ID key](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#generate-your-commercial-id-key) for instructions on generating a Commercial ID key for your workspace. | +| 8 - Failure to create registry key path: **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection**. The Commercial Id property is set at the following registry key path: **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | Verify that the context under which the script in running has access to the registry key. | +| 9 - The script failed to write Commercial Id to registry. +Error creating or updating registry key: **CommercialId** at **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | Verify that the context under which the script in running has access to the registry key. | +| 10 - Error when writing **CommercialDataOptIn** to the registry at **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | Verify that the deployment script is running in a context that has access to the registry key. | +| 11 - Function **SetupCommercialId** failed with an unexpected exception. The **SetupCommercialId** function updates the Commercial Id at the registry key path: **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | Verify that the configuration script has access to this location. | +| 12 - Can’t connect to Microsoft - Vortex. Check your network/proxy settings. | **Http Get** on the end points did not return a success exit code. For Windows 10, connectivity is verified by connecting to https://v10.vortex-win.data.microsoft.com/health/keepalive. For previous operating systems, connectivity is verified by connecting to https://vortex-win.data.microsoft.com/health/keepalive. If there is an error verifying connectivity, this will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enrolling devices in Windows Analytics](../update/windows-analytics-get-started.md) | +| 13 - Can’t connect to Microsoft - setting. | An error occurred connecting to https://settings.data.microsoft.com/qos. This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enrolling devices in Windows Analytics](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). Verify that the required endpoints are whitelisted correctly. See Whitelist select endpoints for more details. | +| 14 - Can’t connect to Microsoft - compatexchange. An error occurred connecting to [CompatibilityExchangeService.svc](https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc). | This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enrolling devices in Windows Analytics](../update/windows-analytics-get-started.md). | +| 15 - Function CheckVortexConnectivity failed with an unexpected exception. | This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enrolling devices in Windows Analytics](../update/windows-analytics-get-started.md). Check the logs for the exception message and the HResult. | +| 16 - The computer requires a reboot before running the script. | Restart the device to complete the installation of the compatibility update and related updates. Reboot the computer before running the Upgrade Readiness deployment script. | +| 17 - Function **CheckRebootRequired** failed with an unexpected exception. | Restart the device to complete installation of the compatibility update and related updates. Check the logs for the exception message and the HResult. | +|18 - Appraiser KBs not installed or **appraiser.dll** not found. | Either the Appraiser-related updates are not installed, or the **appraiser.dll** file was not found. For more information, see appraiser diagnostic data events and fields information in the [Data collection](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#data-collection-and-privacy) and privacy topic. | +| 19 - Function **CheckAppraiserKB**, which checks the compatibility update KBs, failed with unexpected exception. | Check the logs for the Exception message and HResult. The script will not run further if this error is not fixed. | +| 20 - An error occurred when creating or updating the registry key **RequestAllAppraiserVersions** at **HKLM:\SOFTWARE\Microsoft\WindowsNT \CurrentVersion\AppCompatFlags\Appraiser** | The registry key is required for data collection to work correctly. Verify that the script is running in a context that has access to the registry key. | +| 21 - Function **SetRequestAllAppraiserVersions** failed with an unexpected exception. | Check the logs for the exception message and HResult. | +| 22 - **RunAppraiser** failed with unexpected exception. | Check the logs for the exception message and HResult. Check the **%windir%\System32** directory for the file **CompatTelRunner.exe**. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization's Group Policy to verify it does not remove this file. | +| 23 - Error finding system variable **%WINDIR%**. | Verify that this environment variable is configured on the computer. | +| 24 - The script failed when writing **IEDataOptIn** to the registry. An error occurred when creating registry key **IEOptInLevel** at **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | This is a required registry key for IE data collection to work correctly. Verify that the deployment script in running in a context that has access to the registry key. Check the logs for the exception message and HResult. | +| 25 - The function **SetIEDataOptIn** failed with unexpected exception. | Check the logs for the exception message and HResult. | +| 27 - The script is not running under **System** account. | The Upgrade Readiness configuration script must be run as **System**. | +| 28 - Could not create log file at the specified **logPath**. | Make sure the deployment script has access to the location specified in the **logPath** parameter. | +| 29 - Connectivity check failed for proxy authentication. | Install cumulative updates on the device and enable the **DisableEnterpriseAuthProxy** authentication proxy setting. The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7\. For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled). For more information on authentication proxy support, see [Authentication proxy support added in new version (12.28.16) of the Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?linkid=838688). | +| 30 - Connectivity check failed. Registry key property **DisableEnterpriseAuthProxy** is not enabled. | The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7\. For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688). | +| 31 - There is more than one instance of the Upgrade Readiness data collector running at the same time on this computer. Use Task Manager to check if **CompatTelRunner.exe** is running, and wait until it has completed to rerun the script. The Upgrade Readiness task is scheduled by default to run daily at 0300. | +| 32 - Appraiser version on the machine is outdated. | The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#deploy-the-compatibility-update-and-related-updates) for Windows 7 SP1/Windows 8.1. | +| 33 - **CompatTelRunner.exe** exited with an exit code | **CompatTelRunner.exe** runs the appraise task on the device. If it fails, it will provide a specific exit code. The script will return exit code 33 when **CompatTelRunner.exe** itself exits with an exit code. Check the logs for more details. Also see the **Note** following this table for additional steps to follow. | +| 34 - Function **CheckProxySettings** failed with an unexpected exception. | Check the logs for the exception message and HResult. | +| 35 - Function **CheckAuthProxy** failed with an unexpected exception. Check the logs for the exception message and HResult. | +| 36 - Function **CheckAppraiserEndPointsConnectivity** failed with an unexpected exception. | Check the logs for the exception message and HResult. | +| 37 - **Diagnose_internal.cmd** failed with an unexpected exception. | Check the logs for the exception message and HResult. | +| 38 - Function **Get-SqmID** failed with an unexpected exception. | Check the logs for the exception message and HResult. | +| 39 - For Windows 10: AllowTelemetry property is not set to 1 or higher at registry key path **HKLM:\SOFTWARE\Policies\Microsoft \Windows\DataCollection** or **HKLM:\SOFTWARE\Microsoft\Windows \CurrentVersion\Policies\DataCollection** | For Windows 10 devices, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will return an error if this is not true. For more information, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). | +| 40 - Function **CheckTelemetryOptIn** failed with an unexpected exception. | Check the logs for the exception message and HResult. | +| 41 - The script failed to impersonate the currently logged on user. | The script mimics the UTC client to collect upgrade readiness data. When auth proxy is set, the UTC client impersonates the user that is logged on. The script also tries to mimic this, but the process failed. | +| 42 - Function **StartImpersonatingLoggedOnUser** failed with an unexpected exception. | Check the logs for the exception message and HResult. | +| 43 - Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception. | Check the logs for the exception message and HResult. | +| 44 - Diagtrack.dll version is old, so Auth Proxy will not work. | Update the device using Windows Update or Windows Server Update Services. | +| 45 - Diagtrack.dll was not found. | Update the device using Windows Update or Windows Server Update Services. | +| 48 - **CommercialID** mentioned in RunConfig.bat should be a GUID. | Copy the commercial ID from your workspace. To find your commercial ID, first navigate to the Solutions tab for your workspace in Azure Portal, and then select the solution. From there, select the **Settings** page, where you can find and copy your commercial ID.| +| 50 - Diagtrack Service is not running. | The Diagtrack service is required to send data to Microsoft. Enable and run the "Connected User Experiences and Telemetry" service. | +| 51 - RunCensus failed with an unexpected exception. | RunCensus explitly runs the process used to collect device information. The method failed with an unexpected exception. The most common cause is incorrect setup of diagnostic data. Check the ExceptionHResult and ExceptionMessage for more details. | +| 52 - DeviceCensus.exe not found on a Windows 10 machine. | On computers running Windows 10, the process devicecensus.exe should be present in the \system32 directory. Error code 52 is returned if the process was not found. Ensure that it exists at the specified location. | +| 53 - There is a different CommercialID present at the GPO path: **HKLM:\SOFTWARE\Policies\Microsoft \Windows\DataCollection**. This will take precedence over the CommercialID provided in the script. | Provide the correct CommercialID at the GPO location. | +| 54 - Microsoft Account Sign In Assistant Service is Disabled. | This service is required for devices running Windows 10. The diagnostic data client relies on the Microsoft Account Sign In Assistant (MSA) to get the Global Device ID for the device. Without the MSA service running, the global device ID will not be generated and sent by the client and Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). | +| 55 - SetDeviceNameOptIn function failed to create registry key path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** | The function SetDeviceNameOptIn sets the registry key value which determines whether to send the device name in diagnostic data. The function tries to create the registry key path if it does not already exist. Verify that the account has the correct permissions to change or add registry keys. | +| 56 - SetDeviceNameOptIn function failed to create property AllowDeviceNameInTelemetry at registry key path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** | Verify that the account has the correct permissions to change or add registry keys.| +| 57 - SetDeviceNameOptIn function failed to update AllowDeviceNameInTelemetry property to value 1 at registry key path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** | Verify that the account has the correct permissions to change or add registry keys. | +| 58 - SetDeviceNameOptIn function failed with unexpected exception | The function SetDeviceNameOptIn failed with an unexpected exception. | +| 59 - CleanupOneSettings failed to delete LastPersistedEventTimeOrFirstBoot property at registry key path: **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Diagtrack** |The CleanupOneSettings function clears some of the cached values needed by the Appraiser which is the data collector on the monitored device. This helps in the download of the most recent for accurate running of the data collector. Verify that the account has the correct permissions to change or add registry keys. | +| 60 - CleanupOneSettings failed to delete registry key: **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\ Diagnostics\Diagtrack\SettingsRequests** | Verify that the account has the correct permissions to change or add registry keys. | +| 61 - CleanupOneSettings failed with an exception | CleanupOneSettings failed with an unexpected exception. | +| 62 - AllowTelemetry property value at registry key path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** is not of type REG_DWORD. It should be of type REG_DWORD. | Ensure that the **AllowTelemetry** property at path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** is a REG_DWORD. | +| 63 - Diagnostic data is disabled for the device | If AllowTelemetry equals **0**, devices cannot send diagnostic data. To resolve this, set the **AllowTelemetry** value at **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**. | +| 64 - AllowTelemetry property value at registry key path **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection** is not of type REG_DWORD. It should be of type REG_DWORD. | Ensure that the **AllowTelemetry** property at **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection** is a REG_DWORD. | +| 65 - Diagnostic data is disabled for the device | If AllowTelemetry equals **0**, devices cannot send diagnostic data. To resolve this, set the **AllowTelemetry** value at **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**. | +| 66 - All recent data uploads for the Universal Telemetry Client failed. | Review the UtcConnectionReport in WMI in the namespace **root\cimv2\mdm\dmmap** under the **MDM_Win32CompatibilityAppraiser_UniversalTelemetryClient01** class. Only SYSTEM has access to this class. Use [PSExec](https://docs.microsoft.com/sysinternals/downloads/psexec) to execute your WMI utility as SYSTEM. | +| 67 - CheckUtcCsp failed with an exception | There was an error reading the WIM/CIM class **MDM_Win32CompatibilityAppraiser_UniversalTelemetryClient01** in the namespace **root\cimv2\mdm\dmmap**. Review system for WMI errors. | + + + + + + +> [!NOTE] +> **Additional steps to follow if you receive exit code 33** +> +> Check the exit code for any of these messages: +> +> - CompatTelRunner.exe exited with last error code: 0x800703F1 +> - CompatTelRunner.exe exited with last error code: 0x80070005 +> - CompatTelRunner.exe exited with last error code: 0x80080005 +>  +> +> If the exit code includes any of those messages, then run these commands from an elevated command prompt: +> +> 1. Net stop diagtrack +> 2. Net stop pcasvc +> 3. Net stop dps +> 4. Del %windir%\appcompat\programs\amcache.hve +> 5. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags" /v AmiHivePermissionsCorrect /f +> 6. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags" /v LogFlags /t REG_DWORD /d 4 /f +> 7. Net start diagtrack +> 8. Net start pcasvc +> 9. Net start dps +> +> Then run the Enterprise Config script (RunConfig.bat) again. +> +> If the script still fails, then contact support@microsoft.com and share the log files from the RunConfig.bat script. These log files are stored on the drive that is specified in the RunConfig.bat file. By default this is set to **%SystemDrive%\UADiagnostics**. The log file is named with the format **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. There will be some additional logs generated under your **\\Windows\Temp** directory with the names similar to **AslLog_....txt**. You should send those logs as well. + diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md index cf9e600103..c1cf90e9a0 100644 --- a/windows/deployment/upgrade/windows-10-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md @@ -1,283 +1,284 @@ ---- -title: Windows 10 upgrade paths (Windows 10) -ms.reviewer: -manager: laurawi -ms.author: greglin -description: You can upgrade to Windows 10 from a previous version of Windows if the upgrade path is supported. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.localizationpriority: medium -ms.pagetype: mobile -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Windows 10 upgrade paths -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -## Upgrade paths - -This topic provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. This includes upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported. For more information about migrating to a different edition of Windows 10, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). - -> **Windows 10 version upgrade**: You can directly upgrade a supported version of Windows 10 to a newer version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information. -> -> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions. -> -> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-information/) to Windows 10 LTSC is not supported. **Note**: Windows 10 LTSC 2015 did not block this upgrade path. This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). -> -> **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process. -> -> **Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355). - -✔ = Full upgrade is supported including personal data, settings, and applications.
      -D = Edition downgrade; personal data is maintained, applications and settings are removed. - -
      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            Windows 10 HomeWindows 10 ProWindows 10 Pro EducationWindows 10 EducationWindows 10 EnterpriseWindows 10 MobileWindows 10 Mobile Enterprise
      Windows 7
      Starter
      Home Basic
      Home Premium
      ProfessionalD
      UltimateD
      Enterprise
      Windows 8.1
      (Core)
      Connected
      ProD
      Pro StudentD
      Pro WMCD
      Enterprise
      Embedded Industry
      Windows RT
      Windows Phone 8.1
      Windows 10
      Home
      ProD
      EducationD
      Enterprise
      Mobile
      Mobile EnterpriseD
      - - -## Related Topics - -[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
      -[Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)
      -[Windows 10 edition upgrade](windows-10-edition-upgrades.md) - - - - - +--- +title: Windows 10 upgrade paths (Windows 10) +ms.reviewer: +manager: laurawi +ms.author: greglin +description: You can upgrade to Windows 10 from a previous version of Windows if the upgrade path is supported. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.localizationpriority: medium +ms.pagetype: mobile +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Windows 10 upgrade paths +**Applies to** + +- Windows 10 +- Windows 10 Mobile + +## Upgrade paths + +This topic provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. This includes upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported. For more information about migrating to a different edition of Windows 10, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). + +> **Windows 10 version upgrade**: You can directly upgrade a supported version of Windows 10 to a newer version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information. +> +> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions. +> +> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-information/) to Windows 10 LTSC is not supported. **Note**: Windows 10 LTSC 2015 did not block this upgrade path. This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**. +> +> **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process. +> +> **Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355). + +✔ = Full upgrade is supported including personal data, settings, and applications.
      +D = Edition downgrade; personal data is maintained, applications and settings are removed. + +
      + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
            Windows 10 HomeWindows 10 ProWindows 10 Pro EducationWindows 10 EducationWindows 10 EnterpriseWindows 10 MobileWindows 10 Mobile Enterprise
      Windows 7
      Starter
      Home Basic
      Home Premium
      ProfessionalD
      UltimateD
      Enterprise
      Windows 8.1
      (Core)
      Connected
      ProD
      Pro StudentD
      Pro WMCD
      Enterprise
      Embedded Industry
      Windows RT
      Windows Phone 8.1
      Windows 10
      Home
      ProD
      EducationD
      Enterprise
      Mobile
      Mobile EnterpriseD
      + + +## Related Topics + +[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
      +[Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)
      +[Windows 10 edition upgrade](windows-10-edition-upgrades.md) + + + + + diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index 8e45d24439..2eab7ea7b8 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -1,268 +1,269 @@ ---- -title: Offline Migration Reference (Windows 10) -description: Offline Migration Reference -ms.assetid: f347547c-d601-4c3e-8f2d-0138edeacfda -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Offline Migration Reference - - -Offline migration enables the ScanState tool to run inside a different Windows® operating system than the Windows operating system from which ScanState is gathering files and settings. There are two primary offline scenarios: - -- **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine. - -- **Windows.old.** The ScanState tool can now gather files and settings from the Windows.old directory that is created during Windows installation on a partition that contains a previous installation of Windows. For example, the ScanState tool can run in Windows 10, gathering files from a previous Windows 7or Windows 8 installation contained in the Windows.old directory. - -When you use User State Migration Tool (USMT) 10.0 to gather and restore user state, offline migration reduces the cost of deployment by: - -- **Reducing complexity.** In computer-refresh scenarios, migrations from the Windows.old directory reduce complexity by eliminating the need for the ScanState tool to be run before the operating system is deployed. Also, migrations from the Windows.old directory enable ScanState and LoadState to be run successively. - -- **Improving performance.** When USMT runs in an offline Windows Preinstallation Environment (WinPE) environment, it has better access to the hardware resources. This may increase performance on older machines with limited hardware resources and numerous installed software applications. - -- **New recovery scenario.** In scenarios where a machine no longer restarts properly, it might be possible to gather user state with the ScanState tool from within WinPE. - -## In This Topic - - -- [What Will Migrate Offline?](#bkmk-whatwillmigrate) - -- [What Offline Environments are Supported?](#bkmk-offlineenvironments) - -- [User-Group Membership and Profile Control](#bkmk-usergroupmembership) - -- [Command-Line Options](#bkmk-commandlineoptions) - -- [Environment Variables](#bkmk-environmentvariables) - -- [Offline.xml Elements](#bkmk-offlinexml) - -## What Will Migrate Offline? - - -The following user data and settings migrate offline, similar to an online migration: - -- Data and registry keys specified in MigXML - -- User accounts - -- Application settings - -- Limited set of operating-system settings - -- EFS files - -- Internet Explorer® Favorites - -For exceptions to what you can migrate offline, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) - -## What Offline Environments are Supported? - - -The following table defines the supported combination of online and offline operating systems in USMT. - - ---- - - - - - - - - - - - - - - - - -
      Running Operating SystemOffline Operating System

      WinPE 5.0 or greater, with the MSXML library

      Windows Vista, Windows 7, Windows 8, Windows 10

      Windows 7, Windows 8, Windows 10

      Windows.old directory

      - - - -**Note**   -It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](https://go.microsoft.com/fwlink/p/?LinkId=190314). - - - -## User-Group Membership and Profile Control - - -User-group membership is not preserved during offline migrations. You must configure a **<ProfileControl>** section in the Config.xml file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group: - -``` syntax - - - - - - - * - - - - - - -``` - -For information about the format of a Config.xml file, see [Config.xml File](usmt-configxml-file.md). - -## Command-Line Options - - -An offline migration can either be enabled by using a configuration file on the command line, or by using one of the following command line options: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
      ComponentOptionDescription

      ScanState.exe

      /offline:<path to offline.xml>

      This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.

      ScanState.exe

      /offlineWinDir:<Windows directory>

      This command-line option enables the offline-migration mode and starts the migration from the location specified. It is only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.

      ScanState.exe

      /OfflineWinOld:<Windows.old directory>

      This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.

      - - - -You can use only one of the **/offline**,**/offlineWinDir** , or **/OfflineWinOld** command-line options at a time; USMT does not support using more than one together. - -## Environment Variables - - -The following system environment variables are necessary in the scenarios outlined below. - - ----- - - - - - - - - - - - - - - - - - - - -
      VariableValueScenario

      USMT_WORKING_DIR

      Full path to a working directory

      Required when USMT binaries are located on read-only media, which does not support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following:

      -
      Set USMT_WORKING_DIR=[path to working directory]

      MIG_OFFLINE_PLATFORM_ARCH

      32 or 64

      While operating offline, this environment variable defines the architecture of the offline system, if the system does not match the WinPE and Scanstate.exe architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. This is required when auto-detection of the offline architecture doesn’t function properly, for example, when the source system is running a 64-bit version of Windows XP. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following:

      -
      Set MIG_OFFLINE_PLATFORM_ARCH=32
      - - - -## Offline.xml Elements - - -Use an offline.xml file when running the ScanState tool on a computer that has multiple Windows directories. The offline.xml file specifies which directories to scan for windows files. An offline.xml file can be used with the /offline option as an alternative to specifying a single Windows directory path with the /offlineDir option. - -### <offline> - -This element contains other elements that define how an offline migration is to be performed. - -Syntax: <offline> </offline> - -### <winDir> - -This element is a required child of **<offline>** and contains information about how the offline volume can be selected. The migration will be performed from the first element of **<winDir>** that contains a valid Windows system volume. - -Syntax: < winDir > </ winDir > - -### <path> - -This element is a required child of **<winDir>** and contains a file path pointing to a valid Windows directory. Relative paths are interpreted from the ScanState tool’s working directory. - -Syntax: <path> c:\\windows </path> - --or- - -Syntax, when used with the **<mappings>** element: <path> C:\\, D:\\ </path> - -### <mappings> - -This element is an optional child of **<offline>**. When specified, the **<mappings>** element will override the automatically detected WinPE drive mappings. Each child **<path>** element will provide a mapping from one system volume to another. Additionally, mappings between folders can be provided, since an entire volume can be mounted to a specific folder. - -Syntax: <mappings> </mappings> - -### <failOnMultipleWinDir> - -This element is an optional child of **<offline>**. The **<failOnMultipleWinDir>** element allows the user to specify that the migration should fail when USMT detects that there are multiple instances of Windows installed on the source machine. When the **<failOnMultipleWinDir>** element isn’t present, the default behavior is that the migration does not fail. - -Syntax: <failOnMultipleWinDir>1</failOnMultipleWinDir> or Syntax: <failOnMultipleWinDir>0</failOnMultipleWinDir> - -### Offline .xml Example - -The following XML example illustrates some of the elements discussed earlier in this topic. - -``` syntax - - - C:\Windows - D:\Windows - E:\ - - 1 - -``` - -## Related topics - - -[Plan Your Migration](usmt-plan-your-migration.md) - - - - - - - - - +--- +title: Offline Migration Reference (Windows 10) +description: Offline Migration Reference +ms.assetid: f347547c-d601-4c3e-8f2d-0138edeacfda +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Offline Migration Reference + + +Offline migration enables the ScanState tool to run inside a different Windows® operating system than the Windows operating system from which ScanState is gathering files and settings. There are two primary offline scenarios: + +- **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine. + +- **Windows.old.** The ScanState tool can now gather files and settings from the Windows.old directory that is created during Windows installation on a partition that contains a previous installation of Windows. For example, the ScanState tool can run in Windows 10, gathering files from a previous Windows 7or Windows 8 installation contained in the Windows.old directory. + +When you use User State Migration Tool (USMT) 10.0 to gather and restore user state, offline migration reduces the cost of deployment by: + +- **Reducing complexity.** In computer-refresh scenarios, migrations from the Windows.old directory reduce complexity by eliminating the need for the ScanState tool to be run before the operating system is deployed. Also, migrations from the Windows.old directory enable ScanState and LoadState to be run successively. + +- **Improving performance.** When USMT runs in an offline Windows Preinstallation Environment (WinPE) environment, it has better access to the hardware resources. This may increase performance on older machines with limited hardware resources and numerous installed software applications. + +- **New recovery scenario.** In scenarios where a machine no longer restarts properly, it might be possible to gather user state with the ScanState tool from within WinPE. + +## In This Topic + + +- [What Will Migrate Offline?](#bkmk-whatwillmigrate) + +- [What Offline Environments are Supported?](#bkmk-offlineenvironments) + +- [User-Group Membership and Profile Control](#bkmk-usergroupmembership) + +- [Command-Line Options](#bkmk-commandlineoptions) + +- [Environment Variables](#bkmk-environmentvariables) + +- [Offline.xml Elements](#bkmk-offlinexml) + +## What Will Migrate Offline? + + +The following user data and settings migrate offline, similar to an online migration: + +- Data and registry keys specified in MigXML + +- User accounts + +- Application settings + +- Limited set of operating-system settings + +- EFS files + +- Internet Explorer® Favorites + +For exceptions to what you can migrate offline, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) + +## What Offline Environments are Supported? + + +The following table defines the supported combination of online and offline operating systems in USMT. + + ++++ + + + + + + + + + + + + + + + + +
      Running Operating SystemOffline Operating System

      WinPE 5.0 or greater, with the MSXML library

      Windows Vista, Windows 7, Windows 8, Windows 10

      Windows 7, Windows 8, Windows 10

      Windows.old directory

      + + + +**Note**   +It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](https://go.microsoft.com/fwlink/p/?LinkId=190314). + + + +## User-Group Membership and Profile Control + + +User-group membership is not preserved during offline migrations. You must configure a **<ProfileControl>** section in the Config.xml file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group: + +``` xml + + + + + + + * + + + + + + +``` + +For information about the format of a Config.xml file, see [Config.xml File](usmt-configxml-file.md). + +## Command-Line Options + + +An offline migration can either be enabled by using a configuration file on the command line, or by using one of the following command line options: + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      ComponentOptionDescription

      ScanState.exe

      /offline:<path to offline.xml>

      This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.

      ScanState.exe

      /offlineWinDir:<Windows directory>

      This command-line option enables the offline-migration mode and starts the migration from the location specified. It is only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.

      ScanState.exe

      /OfflineWinOld:<Windows.old directory>

      This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.

      + + + +You can use only one of the **/offline**,**/offlineWinDir** , or **/OfflineWinOld** command-line options at a time; USMT does not support using more than one together. + +## Environment Variables + + +The following system environment variables are necessary in the scenarios outlined below. + + +++++ + + + + + + + + + + + + + + + + + + + +
      VariableValueScenario

      USMT_WORKING_DIR

      Full path to a working directory

      Required when USMT binaries are located on read-only media, which does not support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following:

      +
      Set USMT_WORKING_DIR=[path to working directory]

      MIG_OFFLINE_PLATFORM_ARCH

      32 or 64

      While operating offline, this environment variable defines the architecture of the offline system, if the system does not match the WinPE and Scanstate.exe architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. This is required when auto-detection of the offline architecture doesn’t function properly, for example, when the source system is running a 64-bit version of Windows XP. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following:

      +
      Set MIG_OFFLINE_PLATFORM_ARCH=32
      + + + +## Offline.xml Elements + + +Use an offline.xml file when running the ScanState tool on a computer that has multiple Windows directories. The offline.xml file specifies which directories to scan for windows files. An offline.xml file can be used with the /offline option as an alternative to specifying a single Windows directory path with the /offlineDir option. + +### <offline> + +This element contains other elements that define how an offline migration is to be performed. + +Syntax: <offline> </offline> + +### <winDir> + +This element is a required child of **<offline>** and contains information about how the offline volume can be selected. The migration will be performed from the first element of **<winDir>** that contains a valid Windows system volume. + +Syntax: < winDir > </ winDir > + +### <path> + +This element is a required child of **<winDir>** and contains a file path pointing to a valid Windows directory. Relative paths are interpreted from the ScanState tool’s working directory. + +Syntax: <path> c:\\windows </path> + +-or- + +Syntax, when used with the **<mappings>** element: <path> C:\\, D:\\ </path> + +### <mappings> + +This element is an optional child of **<offline>**. When specified, the **<mappings>** element will override the automatically detected WinPE drive mappings. Each child **<path>** element will provide a mapping from one system volume to another. Additionally, mappings between folders can be provided, since an entire volume can be mounted to a specific folder. + +Syntax: <mappings> </mappings> + +### <failOnMultipleWinDir> + +This element is an optional child of **<offline>**. The **<failOnMultipleWinDir>** element allows the user to specify that the migration should fail when USMT detects that there are multiple instances of Windows installed on the source machine. When the **<failOnMultipleWinDir>** element isn’t present, the default behavior is that the migration does not fail. + +Syntax: <failOnMultipleWinDir>1</failOnMultipleWinDir> or Syntax: <failOnMultipleWinDir>0</failOnMultipleWinDir> + +### Offline .xml Example + +The following XML example illustrates some of the elements discussed earlier in this topic. + +``` xml + + + C:\Windows + D:\Windows + E:\ + + 1 + +``` + +## Related topics + + +[Plan Your Migration](usmt-plan-your-migration.md) + + + + + + + + + diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 6b8d904b03..bc484bd496 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -1,541 +1,542 @@ ---- -title: Understanding Migration XML Files (Windows 10) -description: Understanding Migration XML Files -ms.assetid: d3d1fe89-085c-4da8-9657-fd54b8bfc4b7 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Understanding Migration XML Files - - -You can modify the behavior of a basic User State Migration Tool (USMT)10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the MigDocs.xml and MigUser.xml files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a Config.xml file to further customize your migration. - -This topic provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file. The MigDocs.xml file uses the new **GenerateDocPatterns** function available in USMT to automatically find user documents on a source computer. - -## In This Topic - - -[Overview of the Config.xml file](#bkmk-config) - -[Overview of the MigApp.xml file](#bkmk-migapp) - -[Overview of the MigDocs.xml file](#bkmk-migdocs) - -[Overview of the MigUser.xml file](#bkmk-miguser) - -[Using multiple XML files](#bkmk-multiple) - -[XML rules for migrating user files](#bkmk-userfiles) - -[The GenerateDocPatterns function](#bkmk-generate) - -[Understanding the system and user context](#bkmk-context) - -[Sample migration rules for customized versions of XML files](#bkmk-samples) - -[Exclude rules usage examples](#bkmk-exclude) - -[Include rules usage examples](#bkmk-include) - -[Next Steps](#bkmk-next) - -## Overview of the Config.xml file - - -The Config.xml file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The Config.xml file can be used in conjunction with other XML files, such as in the following example: `scanstate /i:migapps.xml /i:migdocs.xml /genconfig:c:\myFolder\config.xml`. When used this way, the Config.xml file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the Config.xml file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md). - -**Note**   -When modifying the XML elements in the Config.xml file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files. - - - -## Overview of the MigApp.xml file - - -The MigApp.xml file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the MigApp.xml file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The MigDocs.xml and MigUser.xml files do not migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). - -**Important**   -The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. See the [Sample migration rules for customized versions of XML files](#bkmk-samples) section of this document for more information about migrating .pst files that are not linked to Outlook. - - - -## Overview of the MigDocs.xml file - - -The MigDocs.xml file uses the new **GenerateDocPatterns** helper function to create instructions for USMT to migrate files from the source computer, based on the location of the files. You can use the MigDocs.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. - -The default MigDocs.xml file migrates the following: - -- All files on the root of the drive except %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA%, or %USERS%. - -- All folders in the root directory of all fixed drives. For example: c:\\data\_mail\\\*\[\*\] - -- All files from the root of the Profiles folder, except for files in the system profile. For example: c:\\users\\name\[mail.pst\] - -- All folders from the root of the Profiles folder, except for the system-profile folders. For example: c:\\users\\name\\new folder\\\*\[\*\] - -- Standard shared folders: - - - CSIDL\_COMMON\_DESKTOPDIRECTORY - - - CSIDL\_COMMON\_FAVORITES - - - CSIDL\_COMMON\_DOCUMENTS - - - CSIDL\_COMMON\_MUSIC - - - CSIDL\_COMMON\_PICTURES - - - CSIDL\_COMMON\_VIDEO - - - FOLDERID\_PublicDownloads - -- Standard user-profile folders for each user: - - - CSIDL\_MYDOCUMENTS - - - CSIDL\_MYPICTURES - - - FOLDERID\_OriginalImages - - - CSIDL\_MYMUSIC - - - CSIDL\_MYVIDEO - - - CSIDL\_FAVORITES - - - CSIDL\_DESKTOP - - - CSIDL\_QUICKLAUNCH - - - FOLDERID\_Contacts - - - FOLDERID\_Libraries - - - FOLDERID\_Downloads - - - FOLDERID\_SavedGames - - - FOLDERID\_RecordedTV - -The default MigDocs.xml file will not migrate the following: - -- Files tagged with both the **hidden** and **system** attributes. - -- Files and folders on removable drives. - -- Data from the %WINDIR%, %PROGRAMDATA%, and %PROGRAMFILES% folders. - -- Folders that contain installed applications. - -You can also use the **/genmigxml** option with the ScanState tool to review and modify what files will be migrated. - -## Overview of the MigUser.xml file - - -The MigUser.xml file includes instructions for USMT to migrate user files based on file name extensions. You can use the MigUser.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The MigUser.xml file will gather all files from the standard user-profile folders, as well as any files on the computer with the specified file name extensions. - -The default MigUser.xml file migrates the following: - -- All files from the standard user-profile folders which are described as: - - - CSIDL\_MYVIDEO - - - CSIDL\_MYMUSIC - - - CSIDL\_DESKTOP - - - CSIDL\_STARTMENU - - - CSIDL\_PERSONAL - - - CSIDL\_MYPICTURES - - - CSIDL\_FAVORITES - - - CSIDL\_QUICK LAUNCH - -- Files with the following extensions: - - .qdf, .qsd, .qel, .qph, .doc\*, .dot\*, .rtf, .mcw, .wps, .scd, .wri, .wpd, .xl\*, .csv, .iqy, .dqy, .oqy, .rqy, .wk\*, .wq1, .slk, .dif, .ppt\*, .pps\*, .pot\*, .sh3, .ch3, .pre, .ppa, .txt, .pst, .one\*, .vl\*, .vsd, .mpp, .or6, .accdb, .mdb, .pub - -The default MigUser.xml file does not migrate the following: - -- Files tagged with both the **hidden** and **system** attributes. - -- Files and folders on removable drives, - -- Data from the %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA% folders. - -- ACLS for files in folders outside the user profile. - -You can make a copy of the MigUser.xml file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the MigUser.xml file to move all of your relevant data, regardless of the location of the files. However, this may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. - -**Note**   -Each file name extension you include in the rules within the MigUser.xml file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than three hundred file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document. - - - -## Using multiple XML files - - -You can use multiple XML files with the ScanState and LoadState tools. Each of the default XML files included with or generated by USMT is configured for a specific component of the migration. You can also use custom XML files to supplement these default files with additional migration rules. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
      XML migration fileModifies the following components:

      Config.xml file

      Operating-system components such as desktop wallpaper and background theme.

      -

      You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see Customize USMT XML Files and Config.xml File.

      MigApps.xml file

      Applications settings.

      MigUser.xml or MigDocs.xml files

      User files and profile settings.

      Custom XML files

      Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.

      - - - -For example, you can use all of the XML migration file types for a single migration, as in the following example: - -``` syntax -Scanstate /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml /i:customrules.xml -``` - -### XML rules for migrating user files - -**Important**   -You should not use the MigUser.xml and MigDocs.xml files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer. - - - -If your data set is unknown or if many files are stored outside of the standard user-profile folders, the MigDocs.xml is a better choice than the MigUser.xml file, because the MigDocs.xml file will gather a broader scope of data. The MigDocs.xml file migrates folders of data based on location. The MigUser.xml file migrates only the files with the specified file name extensions. - -If you want more control over the migration, you can create custom XML files. See the [Creating and editing a custom ,xml file](#bkmk-createxml) section of this document. - -## Creating and editing a custom XML file - - -You can use the **/genmigxml** command-line option to determine which files will be included in your migration. The **/genmigxml** option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary. - -**Note**   -If you reinstall USMT, the default migration XML files will be overwritten and any customizations you make directly to these files will be lost. Consider creating separate XML files for your custom migration rules and saving them in a secure location. - - - -To generate the XML migration rules file for a source computer: - -1. Click **Start**, click **All Programs**, click **Accessories**, right-click **Command Prompt**, and then click **Run as**. - -2. Select an account with administrator privileges, supply a password, and then click **OK**. - -3. At the command prompt, type: - - ``` syntax - cd /d - scanstate.exe /genmigxml: - ``` - - Where *<USMTpath>* is the location on your source computer where you have saved the USMT files and tools, and *<filepath.xml>* is the full path to a file where you can save the report. For example, type: - - ``` syntax - cd /d c:\USMT - scanstate.exe /genmigxml:"C:\Documents and Settings\USMT Tester\Desktop\genMig.xml" - ``` - -### The GenerateDocPatterns function - -The MigDocs.xml file calls the **GenerateDocPatterns** function, which takes three Boolean values. You can change the settings to modify the way the MigDocs.xml file generates the XML rules for migration. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingValueDefault Value

      ScanProgramFiles

      The ScanProgramFiles argument is valid only when the GenerateDocPatterns function is called in a system context. This argument determines whether or not to scan the Program Files directory to gather registered file name extensions for known applications.

      -

      For example, when set to TRUE, the function discovers and migrates .doc files under the Microsoft Office directory, because .doc is a file name extension registered to a Microsoft Office application. The GenerateDocPatterns function generates this inclusion pattern for .doc files:

      -
      <pattern type="File">C:\Program Files\Microsoft Office[.doc]</pattern>
      -

      If a child folder of an included folder contains an installed application, ScanProgramFiles will also create an exclusion rule for the child folder. All folders under the application folder will be scanned recursively for registered file name extensions.

      False

      IncludePatterns

      The IncludePatterns argument determines whether to generate exclude or include patterns in the XML. When this argument is set to TRUE, the GenerateDocPatterns function generates include patterns and the function must be added under the <include> element. Changing this argument to FALSE generates exclude patterns and the function must be added under the <exclude> element.

      True

      SystemDrive

      The SystemDrive argument determines whether to generate patterns for all fixed drives or only for the system drive. Changing this argument to TRUE restricts all patterns to the system drive.

      False

      - - - -**Usage:** - -``` syntax -MigXmlHelper.GenerateDocPatterns ("", "", "") -``` - -To create include data patterns for only the system drive: - -``` syntax - - - - - -``` - -To create an include rule to gather files for registered extensions from the %PROGRAMFILES% directory: - -``` syntax - - - - - -``` - -To create exclude data patterns: - -``` syntax - - - - - -``` - -### Understanding the system and user context - -The migration XML files contain two <component> elements with different **context** settings. The system context applies to files on the computer that are not stored in the User Profiles directory, while the user context applies to files that are particular to an individual user. - -**System context** - -The system context includes rules for data outside of the User Profiles directory. For example, when called in a system context in the MigDocs.xml file, the **GenerateDocPatterns** function creates patterns for all common shell folders, files in the root directory of hard drives, and folders located at the root of hard drives. The following folders are included: - -- CSIDL\_COMMON\_DESKTOPDIRECTORY - -- CSIDL\_COMMON\_FAVORITES - -- CSIDL\_COMMON\_DOCUMENTS - -- CSIDL\_COMMON\_MUSIC - -- CSIDL\_COMMON\_PICTURES - -- CSIDL\_COMMON\_VIDEO - -- FOLDERID\_PublicDownloads - -**User context** - -The user context includes rules for data in the User Profiles directory. When called in a user context in the MigDocs.xml file, the **GenerateDocPatterns** function creates patterns for all user shell folders, files located at the root of the profile, and folders located at the root of the profile. The following folders are included: - -- CSIDL\_MYDOCUMENTS - -- CSIDL\_MYPICTURES - -- FOLDERID\_OriginalImages - -- CSIDL\_MYMUSIC - -- CSIDL\_MYVIDEO - -- CSIDL\_FAVORITES - -- CSIDL\_DESKTOP - -- CSIDL\_QUICKLAUNCH - -- FOLDERID\_Contacts - -- FOLDERID\_Libraries - -- FOLDERID\_Downloads - -- FOLDERID\_SavedGames - -- FOLDERID\_RecordedTV - -**Note**   -Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the MigDocs.xml files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable. - - - -### Sample migration rules for customized versions of XML files - -**Note**   -For best practices and requirements for customized XML files in USMT, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [General Conventions](usmt-general-conventions.md). - - - -### Exclude rules usage examples - -In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default MigDocs.xml behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are: - - ---- - - - - - - - - - - -

      Rule 1

      <pattern type="File">d:\new folder[new text document.txt]</pattern>

      Rule 2

      <pattern type="File">d:\new folder[]</pattern>
      - - - -To exclude the new text document.txt file as well as any .txt files in “new folder”, you can do the following: - -**Example 1: Exclude all .txt files in a folder** - -To exclude Rule 1, there needs to be an exact match of the file name. However, for Rule 2, you can create a pattern to exclude files by using the file name extension. - -``` syntax - - - D:\Newfolder\[new text document.txt] - D:\New folder\*[*.txt] - - -``` - -**Example 2: Use the UnconditionalExclude element to give a rule precedence over include rules** - -If you do not know the file name or location of the file, but you do know the file name extension, you can use the **GenerateDrivePatterns** function. However, the rule will be less specific than the default include rule generated by the MigDocs.xml file, so it will not have precedence. You must use the <UnconditionalExclude> element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). - -``` syntax - - - - - -``` - -**Example 3 : Use a UserandSystem context component to run rules in both contexts** - -If you want the <UnconditionalExclude> element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts. - -``` syntax - - MigDocExcludes - - - - - - - - - - -``` - -For more examples of exclude rules that you can use in custom migration XML files, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md). - -### Include rules usage examples - -The application data directory is the most common location that you would need to add an include rule for. The **GenerateDocPatterns** function excludes this location by default. If your company uses an application that saves important data to this location, you can create include rules to migrate the data. For example, the default location for .pst files is: `%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook`. The Migapp.xml file contains migration rules to move only those .pst files that are linked to Microsoft Outlook. To include .pst files that are not linked, you can do the following: - -**Example 1: Include a file name extension in a known user folder** - -This rule will include .pst files that are located in the default location, but are not linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer. - -``` syntax - - - %CSIDL_LOCAL_APPDATA%\Microsoft\Outlook\*[*.pst] - - -``` - -**Example 2: Include a file name extension in Program Files** - -For locations outside the user profile, such as the Program Files folder, you can add the rule to the system context component. - -``` syntax - - - %CSIDL_PROGRAM_FILES%\*[*.pst] - - -``` - -For more examples of include rules that you can use in custom migration XML files, see [Include Files and Settings](usmt-include-files-and-settings.md). - -**Note**   -For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). - - - -## Next steps - - -You can include additional rules for the migration in the MigDocs.xml file or other XML migration files. For example, you can use the <locationModify> element to move files from the folder where they were gathered to a different folder, when they are applied to the destination computer. - -You can use an XML schema (MigXML.xsd) file to validate the syntax of your customized XML files. For more information, see [USMT Resources](usmt-resources.md). - -## Related topics - - -[Exclude Files and Settings](usmt-exclude-files-and-settings.md) - -[Include Files and Settings](usmt-include-files-and-settings.md) - - - - - - - - - +--- +title: Understanding Migration XML Files (Windows 10) +description: Understanding Migration XML Files +ms.assetid: d3d1fe89-085c-4da8-9657-fd54b8bfc4b7 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Understanding Migration XML Files + + +You can modify the behavior of a basic User State Migration Tool (USMT)10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the MigDocs.xml and MigUser.xml files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a Config.xml file to further customize your migration. + +This topic provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file. The MigDocs.xml file uses the new **GenerateDocPatterns** function available in USMT to automatically find user documents on a source computer. + +## In This Topic + + +[Overview of the Config.xml file](#bkmk-config) + +[Overview of the MigApp.xml file](#bkmk-migapp) + +[Overview of the MigDocs.xml file](#bkmk-migdocs) + +[Overview of the MigUser.xml file](#bkmk-miguser) + +[Using multiple XML files](#bkmk-multiple) + +[XML rules for migrating user files](#bkmk-userfiles) + +[The GenerateDocPatterns function](#bkmk-generate) + +[Understanding the system and user context](#bkmk-context) + +[Sample migration rules for customized versions of XML files](#bkmk-samples) + +[Exclude rules usage examples](#bkmk-exclude) + +[Include rules usage examples](#bkmk-include) + +[Next Steps](#bkmk-next) + +## Overview of the Config.xml file + + +The Config.xml file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The Config.xml file can be used in conjunction with other XML files, such as in the following example: `scanstate /i:migapps.xml /i:migdocs.xml /genconfig:c:\myFolder\config.xml`. When used this way, the Config.xml file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the Config.xml file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md). + +**Note**   +When modifying the XML elements in the Config.xml file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files. + + + +## Overview of the MigApp.xml file + + +The MigApp.xml file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the MigApp.xml file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The MigDocs.xml and MigUser.xml files do not migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). + +**Important**   +The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. See the [Sample migration rules for customized versions of XML files](#bkmk-samples) section of this document for more information about migrating .pst files that are not linked to Outlook. + + + +## Overview of the MigDocs.xml file + + +The MigDocs.xml file uses the new **GenerateDocPatterns** helper function to create instructions for USMT to migrate files from the source computer, based on the location of the files. You can use the MigDocs.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. + +The default MigDocs.xml file migrates the following: + +- All files on the root of the drive except %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA%, or %USERS%. + +- All folders in the root directory of all fixed drives. For example: c:\\data\_mail\\\*\[\*\] + +- All files from the root of the Profiles folder, except for files in the system profile. For example: c:\\users\\name\[mail.pst\] + +- All folders from the root of the Profiles folder, except for the system-profile folders. For example: c:\\users\\name\\new folder\\\*\[\*\] + +- Standard shared folders: + + - CSIDL\_COMMON\_DESKTOPDIRECTORY + + - CSIDL\_COMMON\_FAVORITES + + - CSIDL\_COMMON\_DOCUMENTS + + - CSIDL\_COMMON\_MUSIC + + - CSIDL\_COMMON\_PICTURES + + - CSIDL\_COMMON\_VIDEO + + - FOLDERID\_PublicDownloads + +- Standard user-profile folders for each user: + + - CSIDL\_MYDOCUMENTS + + - CSIDL\_MYPICTURES + + - FOLDERID\_OriginalImages + + - CSIDL\_MYMUSIC + + - CSIDL\_MYVIDEO + + - CSIDL\_FAVORITES + + - CSIDL\_DESKTOP + + - CSIDL\_QUICKLAUNCH + + - FOLDERID\_Contacts + + - FOLDERID\_Libraries + + - FOLDERID\_Downloads + + - FOLDERID\_SavedGames + + - FOLDERID\_RecordedTV + +The default MigDocs.xml file will not migrate the following: + +- Files tagged with both the **hidden** and **system** attributes. + +- Files and folders on removable drives. + +- Data from the %WINDIR%, %PROGRAMDATA%, and %PROGRAMFILES% folders. + +- Folders that contain installed applications. + +You can also use the **/genmigxml** option with the ScanState tool to review and modify what files will be migrated. + +## Overview of the MigUser.xml file + + +The MigUser.xml file includes instructions for USMT to migrate user files based on file name extensions. You can use the MigUser.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The MigUser.xml file will gather all files from the standard user-profile folders, as well as any files on the computer with the specified file name extensions. + +The default MigUser.xml file migrates the following: + +- All files from the standard user-profile folders which are described as: + + - CSIDL\_MYVIDEO + + - CSIDL\_MYMUSIC + + - CSIDL\_DESKTOP + + - CSIDL\_STARTMENU + + - CSIDL\_PERSONAL + + - CSIDL\_MYPICTURES + + - CSIDL\_FAVORITES + + - CSIDL\_QUICK LAUNCH + +- Files with the following extensions: + + .qdf, .qsd, .qel, .qph, .doc\*, .dot\*, .rtf, .mcw, .wps, .scd, .wri, .wpd, .xl\*, .csv, .iqy, .dqy, .oqy, .rqy, .wk\*, .wq1, .slk, .dif, .ppt\*, .pps\*, .pot\*, .sh3, .ch3, .pre, .ppa, .txt, .pst, .one\*, .vl\*, .vsd, .mpp, .or6, .accdb, .mdb, .pub + +The default MigUser.xml file does not migrate the following: + +- Files tagged with both the **hidden** and **system** attributes. + +- Files and folders on removable drives, + +- Data from the %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA% folders. + +- ACLS for files in folders outside the user profile. + +You can make a copy of the MigUser.xml file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the MigUser.xml file to move all of your relevant data, regardless of the location of the files. However, this may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. + +**Note**   +Each file name extension you include in the rules within the MigUser.xml file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than three hundred file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document. + + + +## Using multiple XML files + + +You can use multiple XML files with the ScanState and LoadState tools. Each of the default XML files included with or generated by USMT is configured for a specific component of the migration. You can also use custom XML files to supplement these default files with additional migration rules. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      XML migration fileModifies the following components:

      Config.xml file

      Operating-system components such as desktop wallpaper and background theme.

      +

      You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see Customize USMT XML Files and Config.xml File.

      MigApps.xml file

      Applications settings.

      MigUser.xml or MigDocs.xml files

      User files and profile settings.

      Custom XML files

      Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.

      + + + +For example, you can use all of the XML migration file types for a single migration, as in the following example: + +``` +Scanstate /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml /i:customrules.xml +``` + +### XML rules for migrating user files + +**Important**   +You should not use the MigUser.xml and MigDocs.xml files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer. + + + +If your data set is unknown or if many files are stored outside of the standard user-profile folders, the MigDocs.xml is a better choice than the MigUser.xml file, because the MigDocs.xml file will gather a broader scope of data. The MigDocs.xml file migrates folders of data based on location. The MigUser.xml file migrates only the files with the specified file name extensions. + +If you want more control over the migration, you can create custom XML files. See the [Creating and editing a custom ,xml file](#bkmk-createxml) section of this document. + +## Creating and editing a custom XML file + + +You can use the **/genmigxml** command-line option to determine which files will be included in your migration. The **/genmigxml** option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary. + +**Note**   +If you reinstall USMT, the default migration XML files will be overwritten and any customizations you make directly to these files will be lost. Consider creating separate XML files for your custom migration rules and saving them in a secure location. + + + +To generate the XML migration rules file for a source computer: + +1. Click **Start**, click **All Programs**, click **Accessories**, right-click **Command Prompt**, and then click **Run as**. + +2. Select an account with administrator privileges, supply a password, and then click **OK**. + +3. At the command prompt, type: + + ``` + cd /d + scanstate.exe /genmigxml: + ``` + + Where *<USMTpath>* is the location on your source computer where you have saved the USMT files and tools, and *<filepath.xml>* is the full path to a file where you can save the report. For example, type: + + ``` + cd /d c:\USMT + scanstate.exe /genmigxml:"C:\Documents and Settings\USMT Tester\Desktop\genMig.xml" + ``` + +### The GenerateDocPatterns function + +The MigDocs.xml file calls the **GenerateDocPatterns** function, which takes three Boolean values. You can change the settings to modify the way the MigDocs.xml file generates the XML rules for migration. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingValueDefault Value

      ScanProgramFiles

      The ScanProgramFiles argument is valid only when the GenerateDocPatterns function is called in a system context. This argument determines whether or not to scan the Program Files directory to gather registered file name extensions for known applications.

      +

      For example, when set to TRUE, the function discovers and migrates .doc files under the Microsoft Office directory, because .doc is a file name extension registered to a Microsoft Office application. The GenerateDocPatterns function generates this inclusion pattern for .doc files:

      +
      <pattern type="File">C:\Program Files\Microsoft Office[.doc]</pattern>
      +

      If a child folder of an included folder contains an installed application, ScanProgramFiles will also create an exclusion rule for the child folder. All folders under the application folder will be scanned recursively for registered file name extensions.

      False

      IncludePatterns

      The IncludePatterns argument determines whether to generate exclude or include patterns in the XML. When this argument is set to TRUE, the GenerateDocPatterns function generates include patterns and the function must be added under the <include> element. Changing this argument to FALSE generates exclude patterns and the function must be added under the <exclude> element.

      True

      SystemDrive

      The SystemDrive argument determines whether to generate patterns for all fixed drives or only for the system drive. Changing this argument to TRUE restricts all patterns to the system drive.

      False

      + + + +**Usage:** + +``` +MigXmlHelper.GenerateDocPatterns ("", "", "") +``` + +To create include data patterns for only the system drive: + +``` xml + + + + + +``` + +To create an include rule to gather files for registered extensions from the %PROGRAMFILES% directory: + +``` xml + + + + + +``` + +To create exclude data patterns: + +``` xml + + + + + +``` + +### Understanding the system and user context + +The migration XML files contain two <component> elements with different **context** settings. The system context applies to files on the computer that are not stored in the User Profiles directory, while the user context applies to files that are particular to an individual user. + +**System context** + +The system context includes rules for data outside of the User Profiles directory. For example, when called in a system context in the MigDocs.xml file, the **GenerateDocPatterns** function creates patterns for all common shell folders, files in the root directory of hard drives, and folders located at the root of hard drives. The following folders are included: + +- CSIDL\_COMMON\_DESKTOPDIRECTORY + +- CSIDL\_COMMON\_FAVORITES + +- CSIDL\_COMMON\_DOCUMENTS + +- CSIDL\_COMMON\_MUSIC + +- CSIDL\_COMMON\_PICTURES + +- CSIDL\_COMMON\_VIDEO + +- FOLDERID\_PublicDownloads + +**User context** + +The user context includes rules for data in the User Profiles directory. When called in a user context in the MigDocs.xml file, the **GenerateDocPatterns** function creates patterns for all user shell folders, files located at the root of the profile, and folders located at the root of the profile. The following folders are included: + +- CSIDL\_MYDOCUMENTS + +- CSIDL\_MYPICTURES + +- FOLDERID\_OriginalImages + +- CSIDL\_MYMUSIC + +- CSIDL\_MYVIDEO + +- CSIDL\_FAVORITES + +- CSIDL\_DESKTOP + +- CSIDL\_QUICKLAUNCH + +- FOLDERID\_Contacts + +- FOLDERID\_Libraries + +- FOLDERID\_Downloads + +- FOLDERID\_SavedGames + +- FOLDERID\_RecordedTV + +**Note**   +Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the MigDocs.xml files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable. + + + +### Sample migration rules for customized versions of XML files + +**Note**   +For best practices and requirements for customized XML files in USMT, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [General Conventions](usmt-general-conventions.md). + + + +### Exclude rules usage examples + +In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default MigDocs.xml behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are: + + ++++ + + + + + + + + + + +

      Rule 1

      <pattern type="File">d:\new folder[new text document.txt]</pattern>

      Rule 2

      <pattern type="File">d:\new folder[]</pattern>
      + + + +To exclude the new text document.txt file as well as any .txt files in “new folder”, you can do the following: + +**Example 1: Exclude all .txt files in a folder** + +To exclude Rule 1, there needs to be an exact match of the file name. However, for Rule 2, you can create a pattern to exclude files by using the file name extension. + +``` xml + + + D:\Newfolder\[new text document.txt] + D:\New folder\*[*.txt] + + +``` + +**Example 2: Use the UnconditionalExclude element to give a rule precedence over include rules** + +If you do not know the file name or location of the file, but you do know the file name extension, you can use the **GenerateDrivePatterns** function. However, the rule will be less specific than the default include rule generated by the MigDocs.xml file, so it will not have precedence. You must use the <UnconditionalExclude> element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). + +``` xml + + + + + +``` + +**Example 3 : Use a UserandSystem context component to run rules in both contexts** + +If you want the <UnconditionalExclude> element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts. + +``` xml + + MigDocExcludes + + + + + + + + + + +``` + +For more examples of exclude rules that you can use in custom migration XML files, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md). + +### Include rules usage examples + +The application data directory is the most common location that you would need to add an include rule for. The **GenerateDocPatterns** function excludes this location by default. If your company uses an application that saves important data to this location, you can create include rules to migrate the data. For example, the default location for .pst files is: `%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook`. The Migapp.xml file contains migration rules to move only those .pst files that are linked to Microsoft Outlook. To include .pst files that are not linked, you can do the following: + +**Example 1: Include a file name extension in a known user folder** + +This rule will include .pst files that are located in the default location, but are not linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer. + +``` xml + + + %CSIDL_LOCAL_APPDATA%\Microsoft\Outlook\*[*.pst] + + +``` + +**Example 2: Include a file name extension in Program Files** + +For locations outside the user profile, such as the Program Files folder, you can add the rule to the system context component. + +``` xml + + + %CSIDL_PROGRAM_FILES%\*[*.pst] + + +``` + +For more examples of include rules that you can use in custom migration XML files, see [Include Files and Settings](usmt-include-files-and-settings.md). + +**Note**   +For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). + + + +## Next steps + + +You can include additional rules for the migration in the MigDocs.xml file or other XML migration files. For example, you can use the <locationModify> element to move files from the folder where they were gathered to a different folder, when they are applied to the destination computer. + +You can use an XML schema (MigXML.xsd) file to validate the syntax of your customized XML files. For more information, see [USMT Resources](usmt-resources.md). + +## Related topics + + +[Exclude Files and Settings](usmt-exclude-files-and-settings.md) + +[Include Files and Settings](usmt-include-files-and-settings.md) + + + + + + + + + diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index 3e694996e9..48782e0bdc 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -1,158 +1,159 @@ ---- -title: USMT Best Practices (Windows 10) -description: USMT Best Practices -ms.assetid: e3cb1e78-4230-4eae-b179-e6e9160542d2 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# USMT Best Practices - - -This topic discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. - -## General Best Practices - - -- **Install applications before running the LoadState tool** - - Though it is not always essential, it is best practice to install all applications on the destination computer before restoring the user state. This helps ensure that migrated settings are preserved. - -- **Do not use MigUser.xml and MigDocs.xml together** - - If you use both .xml files, some migrated files may be duplicated if conflicting instructions are given about target locations. You can use the **/genmigxml** command-line option to determine which files will be included in your migration, and to determine if any modifications are necessary. For more information, see [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md). - -- **Use MigDocs.xml for a better migration experience** - - If your data set is unknown or if many files are stored outside of the standard user-profile folders, the MigDocs.xml file is a better choice than the MigUser.xml file, because the MigDocs.xml file will gather a broader scope of data. The MigDocs.xml file migrates folders of data based on location, and on registered file type by querying the registry for registered application extensions. The MigUser.xml file migrates only the files with the specified file extensions. - -- **Close all applications before running either the ScanState or LoadState tools** - - Although using the **/vsc** switch can allow the migration of many files that are open with another application it is a best practice to close all applications in order to ensure all files and settings migrate. Without the **/vsc** or **/c** switch USMT will fail when it cannot migrate a file or setting. When you use the **/c** option USMT will ignore any files or settings that it cannot migrate and log an error each time. - -- **Log off after you run the LoadState** - - Some settings, such as fonts, wallpaper, and screensaver settings, will not take effect until the next time the user logs on. For this reason, you should log off after you run the LoadState tool. - -- **Managed environment** - - To create a managed environment, you can move all of the end user’s documents into My Documents (%CSIDL\_PERSONAL%). We recommend that you migrate files into the smallest-possible number of folders on the destination computer. This will help you to clean up files on the destination computer, if the LoadState command fails before completion. - -- **Chkdsk.exe** - - We recommend that you run Chkdsk.exe before running the ScanState and LoadState tools. Chkdsk.exe creates a status report for a hard disk drive and lists and corrects common errors. For more information about the Chkdsk.exe tool, see [Chkdsk](https://go.microsoft.com/fwlink/p/?LinkId=140244). - -- **Migrate in groups** - - If you decide to perform the migration while users are using the network, it is best to migrate user accounts in groups. To minimize the impact on network performance, determine the size of the groups based on the size of each user account. Migrating in phases also allows you to make sure each phase is successful before starting the next phase. Using this method, you can make any necessary modifications to your plan between groups. - -## Security Best Practices - - -As the authorized administrator, it is your responsibility to protect the privacy of the users and maintain security during and after the migration. In particular, you must consider the following issues: - -- **Encrypting File System (EFS)** - - Take extreme caution when migrating encrypted files, because the end user does not need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For more information about EFS best practices, see this article in the [Microsoft Knowledge Base](https://go.microsoft.com/fwlink/p/?linkid=163). For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md). - - **Important**   - If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration. - - - -- **Encrypt the store** - - Consider using the **/encrypt** option with the ScanState command and the **/decrypt** option with the LoadState command. However, use extreme caution with this set of options, because anyone who has access to the ScanState command-line script also has access to the encryption key. - -- **Virus Scan** - - We recommend that you scan both the source and destination computers for viruses before running USMT. In addition, you should scan the destination computer image. To help protect data from viruses, we strongly recommend running an antivirus utility before migration. - -- **Maintain security of the file server and the deployment server** - - We recommend that you manage the security of the file and deployment servers. It is important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files is not exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657). - -- **Password Migration** - - To ensure the privacy of the end users, USMT does not migrate passwords, including those for applications such as Windows Live™ Mail, Microsoft Internet Explorer®, as well as Remote Access Service (RAS) connections and mapped network drives. It is important to make sure that end users know their passwords. - -- **Local Account Creation** - - Before you migrate local accounts, see the Migrating Local Accounts section in the [Identify Users](usmt-identify-users.md) topic. - -## XML File Best Practices - - -- **Specify the same set of mig\*.xml files in both the ScanState and the LoadState tools** - - If you used a particular set of mig\*.xml files in the ScanState tool, either called through the "/auto" option, or individually through the "/i" option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool. - -- **The <CustomFileName> in the migration urlid should match the name of the file** - - Although it is not a requirement, it is good practice for <CustomFileName> to match the name of the file. For example, the following is from the MigApp.xml file: - - ``` syntax - - - ``` - -- **Use the XML Schema (MigXML.xsd) when authoring .xml files to validate syntax** - - The MigXML.xsd schema file should not be included on the command line or in any of the .xml files. - -- **Use the default migration XML files as models** - - To create a custom .xml file, you can use the migration .xml files as models to create your own. If you need to migrate user data files, model your custom .xml file on MigUser.xml. To migrate application settings, model your custom .xml file on the MigApp.xml file. - -- **Consider the impact on performance when using the <context> parameter** - - Your migration performance can be affected when you use the <context> element with the <component> element; for example, as in when you want to encapsulate logical units of file- or path-based <include> and <exclude> rules. - - In the **User** context, a rule is processed one time for each user on the system. - - In the **System** context, a rule is processed one time for the system. - - In the **UserAndSystem** context, a rule is processed one time for each user on the system and one time for the system. - - **Note**   - The number of times a rule is processed does not affect the number of times a file is migrated. The USMT migration engine ensures that each file migrates only once. - - - -- **We recommend that you create a separate .xml file instead of adding your .xml code to one of the existing migration .xml files** - - For example, if you have code that migrates the settings for an application, you should not just add the code to the MigApp.xml file. - -- **You should not create custom .xml files to alter the operating system settings that are migrated** - - These settings are migrated by manifests and you cannot modify those files. If you want to exclude certain operating system settings from the migration, you should create and modify a Config.xml file. - -- **You can use the asterisk (\*) wildcard character in any migration XML file that you create** - - **Note**   - The question mark is not valid as a wildcard character in USMT .xml files. - - - -## Related topics - - -[Migration Store Encryption](usmt-migration-store-encryption.md) - -[Plan Your Migration](usmt-plan-your-migration.md) - - - - - - - - - +--- +title: USMT Best Practices (Windows 10) +description: USMT Best Practices +ms.assetid: e3cb1e78-4230-4eae-b179-e6e9160542d2 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# USMT Best Practices + + +This topic discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. + +## General Best Practices + + +- **Install applications before running the LoadState tool** + + Though it is not always essential, it is best practice to install all applications on the destination computer before restoring the user state. This helps ensure that migrated settings are preserved. + +- **Do not use MigUser.xml and MigDocs.xml together** + + If you use both .xml files, some migrated files may be duplicated if conflicting instructions are given about target locations. You can use the **/genmigxml** command-line option to determine which files will be included in your migration, and to determine if any modifications are necessary. For more information, see [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md). + +- **Use MigDocs.xml for a better migration experience** + + If your data set is unknown or if many files are stored outside of the standard user-profile folders, the MigDocs.xml file is a better choice than the MigUser.xml file, because the MigDocs.xml file will gather a broader scope of data. The MigDocs.xml file migrates folders of data based on location, and on registered file type by querying the registry for registered application extensions. The MigUser.xml file migrates only the files with the specified file extensions. + +- **Close all applications before running either the ScanState or LoadState tools** + + Although using the **/vsc** switch can allow the migration of many files that are open with another application it is a best practice to close all applications in order to ensure all files and settings migrate. Without the **/vsc** or **/c** switch USMT will fail when it cannot migrate a file or setting. When you use the **/c** option USMT will ignore any files or settings that it cannot migrate and log an error each time. + +- **Log off after you run the LoadState** + + Some settings, such as fonts, wallpaper, and screensaver settings, will not take effect until the next time the user logs on. For this reason, you should log off after you run the LoadState tool. + +- **Managed environment** + + To create a managed environment, you can move all of the end user’s documents into My Documents (%CSIDL\_PERSONAL%). We recommend that you migrate files into the smallest-possible number of folders on the destination computer. This will help you to clean up files on the destination computer, if the LoadState command fails before completion. + +- **Chkdsk.exe** + + We recommend that you run Chkdsk.exe before running the ScanState and LoadState tools. Chkdsk.exe creates a status report for a hard disk drive and lists and corrects common errors. For more information about the Chkdsk.exe tool, see [Chkdsk](https://go.microsoft.com/fwlink/p/?LinkId=140244). + +- **Migrate in groups** + + If you decide to perform the migration while users are using the network, it is best to migrate user accounts in groups. To minimize the impact on network performance, determine the size of the groups based on the size of each user account. Migrating in phases also allows you to make sure each phase is successful before starting the next phase. Using this method, you can make any necessary modifications to your plan between groups. + +## Security Best Practices + + +As the authorized administrator, it is your responsibility to protect the privacy of the users and maintain security during and after the migration. In particular, you must consider the following issues: + +- **Encrypting File System (EFS)** + + Take extreme caution when migrating encrypted files, because the end user does not need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For more information about EFS best practices, see this article in the [Microsoft Knowledge Base](https://go.microsoft.com/fwlink/p/?linkid=163). For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md). + + **Important**   + If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration. + + + +- **Encrypt the store** + + Consider using the **/encrypt** option with the ScanState command and the **/decrypt** option with the LoadState command. However, use extreme caution with this set of options, because anyone who has access to the ScanState command-line script also has access to the encryption key. + +- **Virus Scan** + + We recommend that you scan both the source and destination computers for viruses before running USMT. In addition, you should scan the destination computer image. To help protect data from viruses, we strongly recommend running an antivirus utility before migration. + +- **Maintain security of the file server and the deployment server** + + We recommend that you manage the security of the file and deployment servers. It is important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files is not exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657). + +- **Password Migration** + + To ensure the privacy of the end users, USMT does not migrate passwords, including those for applications such as Windows Live™ Mail, Microsoft Internet Explorer®, as well as Remote Access Service (RAS) connections and mapped network drives. It is important to make sure that end users know their passwords. + +- **Local Account Creation** + + Before you migrate local accounts, see the Migrating Local Accounts section in the [Identify Users](usmt-identify-users.md) topic. + +## XML File Best Practices + + +- **Specify the same set of mig\*.xml files in both the ScanState and the LoadState tools** + + If you used a particular set of mig\*.xml files in the ScanState tool, either called through the "/auto" option, or individually through the "/i" option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool. + +- **The <CustomFileName> in the migration urlid should match the name of the file** + + Although it is not a requirement, it is good practice for <CustomFileName> to match the name of the file. For example, the following is from the MigApp.xml file: + + ``` xml + + + ``` + +- **Use the XML Schema (MigXML.xsd) when authoring .xml files to validate syntax** + + The MigXML.xsd schema file should not be included on the command line or in any of the .xml files. + +- **Use the default migration XML files as models** + + To create a custom .xml file, you can use the migration .xml files as models to create your own. If you need to migrate user data files, model your custom .xml file on MigUser.xml. To migrate application settings, model your custom .xml file on the MigApp.xml file. + +- **Consider the impact on performance when using the <context> parameter** + + Your migration performance can be affected when you use the <context> element with the <component> element; for example, as in when you want to encapsulate logical units of file- or path-based <include> and <exclude> rules. + + In the **User** context, a rule is processed one time for each user on the system. + + In the **System** context, a rule is processed one time for the system. + + In the **UserAndSystem** context, a rule is processed one time for each user on the system and one time for the system. + + **Note**   + The number of times a rule is processed does not affect the number of times a file is migrated. The USMT migration engine ensures that each file migrates only once. + + + +- **We recommend that you create a separate .xml file instead of adding your .xml code to one of the existing migration .xml files** + + For example, if you have code that migrates the settings for an application, you should not just add the code to the MigApp.xml file. + +- **You should not create custom .xml files to alter the operating system settings that are migrated** + + These settings are migrated by manifests and you cannot modify those files. If you want to exclude certain operating system settings from the migration, you should create and modify a Config.xml file. + +- **You can use the asterisk (\*) wildcard character in any migration XML file that you create** + + **Note**   + The question mark is not valid as a wildcard character in USMT .xml files. + + + +## Related topics + + +[Migration Store Encryption](usmt-migration-store-encryption.md) + +[Plan Your Migration](usmt-plan-your-migration.md) + + + + + + + + + diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index bdb613b683..db0aad8633 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -1,589 +1,590 @@ ---- -title: Config.xml File (Windows 10) -description: Config.xml File -ms.assetid: 9dc98e76-5155-4641-bcb3-81915db538e8 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Config.xml File - - -## Config.xml File - - -The Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the **/genconfig** option with the ScanState.exe tool. If you want to include all of the default components, and do not want to change the default store-creation or profile-migration behavior, you do not need to create a Config.xml file. - -However, if you are satisfied with the default migration behavior defined in the MigApp.xml, MigUser.xml and MigDocs.xml files, but you want to exclude certain components, you can create and modify a Config.xml file and leave the other .xml files unchanged. For example, you must create and modify the Config.xml file if you want to exclude any of the operating-system settings that are migrated. It is necessary to create and modify this file if you want to change any of the default store-creation or profile-migration behavior. - -The Config.xml file has a different format than the other migration .xml files, because it does not contain any migration rules. It contains only a list of the operating-system components, applications, user documents that can be migrated, as well as user-profile policy and error-control policy. For this reason, excluding components using the Config.xml file is easier than modifying the migration .xml files, because you do not need to be familiar with the migration rules and syntax. However, you cannot use wildcard characters in this file. - -For more information about using the Config.xml file with other migration files, such as the MigDocs.xml and MigApps.xml files, see [Understanding Migration XML Files](understanding-migration-xml-files.md). - -**Note**   -To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration. - - - -## In This Topic - - -In USMT there are new migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the Config.xml file only. - -[<Policies>](#bkmk-policies) - -[<ErrorControl>](#bkmk-errorcontrol) - -[<fatal>](#bkmk-fatal) - -[<fileError>](#bkmk-fileerror) - -[<nonfatal>](#bkmk-nonfatal) - -[<registryError>](#bkmk-registryerror) - -[<HardLinkStoreControl>](#bkmk-hardlinkstorecontrol) - -[<fileLocked>](#bkmk-filelock) - -[<createHardLink>](#bkmk-createhardlink) - -[<errorHardLink>](#bkmk-errorhardlink) - -[<ProfileControl>](#bkmk-profilecontrol) - -[<localGroups>](#bkmk-localgroups) - -[<mappings>](#bkmk-mappings) - -[<changeGroup>](#bkmk-changegrou) - -[<include>](#bkmk-include) - -[<exclude>](#bkmk-exclude) - -[Sample Config.xml File](#bkmk-sampleconfigxjmlfile) - -## <Policies> - - -The **<Policies>** element contains elements that describe the policies that USMT follows while creating a migration store. Valid children of the **<Policies>** element are **<ErrorControl>** and **<HardLinkStoreControl>**. The **<Policies>** element is a child of **<Configuration>**. - -Syntax: ` ` - -## <ErrorControl> - - -The **<ErrorControl>** element is an optional element you can configure in the Config.xml file. The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. - -- **Number of occurrences**: Once for each component - -- **Parent elements**: The **<Policies>** element - -- **Child elements**: The **<fileError>** and **<registryError>** element - -Syntax: `` - -The following example specifies that all locked files, regardless of their location (including files in C:\\Users), should be ignored. However, the migration fails if any file in C:\\Users cannot be accessed because of any other reason. In the example below, the **<ErrorControl>** element ignores any problems in migrating registry keys that match the supplied pattern, and it resolves them to an **Access denied** error. - -Additionally, the order in the **<ErrorControl>** section implies priority. In this example, the first **<nonFatal>** tag takes precedence over the second **<fatal>** tag. This precedence is applied, regardless of how many tags are listed. - -``` syntax - - - * [*] - C:\Users\* [*] - - - HKCU\SOFTWARE\Microsoft\* [*] - - -``` - -**Important**   -The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. - - - -### <fatal> - -The **<fatal>** element is not required. - -- **Number of occurrences**: Once for each component - -- **Parent elements**: **<fileError>** and **<registryError>** - -- **Child elements**: None. - -Syntax: ``*<pattern>*`` - - ----- - - - - - - - - - - - - - - -
      ParameterRequiredValue

      errorCode

      No

      "any" or "specify system error message here"

      - - - -You use the **<fatal>** element to specify that errors matching a specific pattern should cause USMT to halt the migration. - -## <fileError> - - -The **<fileError>** element is not required. - -- **Number of occurrences**: Once for each component - -- **Parent elements**: **<ErrorControl>** - -- **Child elements**: **<nonFatal>** and **<fatal>** - -Syntax: `` - -You use the **<fileError>** element to represent the behavior associated with file errors. - -## <nonFatal> - - -The **<nonFatal>** element is not required. - -- **Number of occurrences**: Once for each component - -- **Parent elements**: The **<fileError>** and **<registryError>** elements. - -- **Child elements**: None. - -Syntax: ``*<pattern>*`` - - ----- - - - - - - - - - - - - - - -
      ParameterRequiredValue

      <errorCode>

      No

      "any" or "specify system error message here". If system error messages are not specified, the default behavior applies the parameter to all system error messages.

      - - - -You use the **<nonFatal>** element to specify that errors matching a specific pattern should not cause USMT to halt the migration. - -## <registryError> - - -The <registryError>element is not required. - -- **Number of occurrences**: Once for each component - -- **Parent elements**: **<ErrorControl>** - -- **Child elements**: **<nonfatal>** and **<fatal>** - -Syntax: `` - - ----- - - - - - - - - - - - - - - -
      ParameterRequiredValue

      <errorCode>

      No

      "any" or "specify system error message here". If system error messages are not specified, the default behavior applies the parameter to all system error messages.

      - - - -You use the **<registryError>** element to specify that errors matching a specific pattern should not cause USMT to halt the migration. - -## <HardLinkStoreControl> - - -The **<HardLinkStoreControl>** element contains elements that describe how to handle files during the creation of a hard-link migration store. Its only valid child is **<fileLocked>**. - -Syntax: ` ` - -- **Number of occurrences**: Once for each component - -- **Parent elements**: **<Policies>** - -- **Child elements**: **<fileLocked>** - -Syntax: `` - -The **<HardLinkStoreControl>** sample code below specifies that hard links can be created to locked files only if the locked file resides somewhere under C:\\Users\\. Otherwise, a file-access error occurs when a locked file is encountered that cannot be copied, even though is technically possible for the link to be created. - -**Important**   -The **<ErrorControl>** section can be configured to conditionally ignore file access errors, based on the file’s location. - - - -``` syntax - - - - C:\Users\* - C:\* - - - - […] - - -``` - -## <fileLocked> - - -The **<fileLocked>** element contains elements that describe how to handle files that are locked for editing. The rules defined by the **<fileLocked>** element are processed in the order in which they appear in the XML file. - -Syntax: `` - -## <createHardLink> - - -The **<createHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application. - -Syntax: ``*<pattern>*`` - -## <errorHardLink> - - -The **<errorHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should not be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that is not possible, **Error\_Locked** is thrown. This is a standard Windows application programming interface (API) error that can be captured by the **<ErrorControl>** section to either cause USMT to skip the file or abort the migration. - -Syntax: ``*<pattern>*`` - -## <ProfileControl> - - -This element is used to contain other elements that establish rules for migrating profiles, users, and policies around local group membership during the migration. **<ProfileMigration>** is a child of **<Configuration>**. - -Syntax: <`ProfileControl> ` - -## <localGroups> - - -This element is used to contain other elements that establish rules for how to migrate local groups. **<localGroups>** is a child of **<ProfileControl>**. - -Syntax: ` ` - -## <mappings> - - -This element is used to contain other elements that establish mappings between groups. - -Syntax: ` ` - -## <changeGroup> - - -This element describes the source and destination groups for a local group membership change during the migration. It is a child of **<localGroups>**. The following parameters are defined: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
      ParameterRequiredValue

      From

      Yes

      A valid local group on the source machine that contains users selected for migration on the command line.

      To

      Yes

      A local group that the users are to be moved to during the migration.

      appliesTo

      Yes

      nonmigratedUsers, migratedUsers, AllUsers. This value defines which users the change group operation should apply to.

      - - - -The valid and required children of **<changeGroup>** are **<include>** and **<exclude>**. Although both can be children at the same time, only one is required. - -Syntax: ` ` - -## <include> - - -This element specifies that its required child, *<pattern>*, should be included in the migration. - -Syntax: ```` - -## <exclude> - - -This element specifies that its required child, *<pattern>*, should be excluded from the migration. - -Syntax: ``` ` - -## Sample Config.xml File - - -Refer to the following sample Config.xml file for additional details about items you can choose to exclude from a migration. - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -## Related topics - - -[USMT XML Reference](usmt-xml-reference.md) - - - - - - - - - +--- +title: Config.xml File (Windows 10) +description: Config.xml File +ms.assetid: 9dc98e76-5155-4641-bcb3-81915db538e8 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Config.xml File + + +## Config.xml File + + +The Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the **/genconfig** option with the ScanState.exe tool. If you want to include all of the default components, and do not want to change the default store-creation or profile-migration behavior, you do not need to create a Config.xml file. + +However, if you are satisfied with the default migration behavior defined in the MigApp.xml, MigUser.xml and MigDocs.xml files, but you want to exclude certain components, you can create and modify a Config.xml file and leave the other .xml files unchanged. For example, you must create and modify the Config.xml file if you want to exclude any of the operating-system settings that are migrated. It is necessary to create and modify this file if you want to change any of the default store-creation or profile-migration behavior. + +The Config.xml file has a different format than the other migration .xml files, because it does not contain any migration rules. It contains only a list of the operating-system components, applications, user documents that can be migrated, as well as user-profile policy and error-control policy. For this reason, excluding components using the Config.xml file is easier than modifying the migration .xml files, because you do not need to be familiar with the migration rules and syntax. However, you cannot use wildcard characters in this file. + +For more information about using the Config.xml file with other migration files, such as the MigDocs.xml and MigApps.xml files, see [Understanding Migration XML Files](understanding-migration-xml-files.md). + +**Note**   +To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration. + + + +## In This Topic + + +In USMT there are new migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the Config.xml file only. + +[<Policies>](#bkmk-policies) + +[<ErrorControl>](#bkmk-errorcontrol) + +[<fatal>](#bkmk-fatal) + +[<fileError>](#bkmk-fileerror) + +[<nonfatal>](#bkmk-nonfatal) + +[<registryError>](#bkmk-registryerror) + +[<HardLinkStoreControl>](#bkmk-hardlinkstorecontrol) + +[<fileLocked>](#bkmk-filelock) + +[<createHardLink>](#bkmk-createhardlink) + +[<errorHardLink>](#bkmk-errorhardlink) + +[<ProfileControl>](#bkmk-profilecontrol) + +[<localGroups>](#bkmk-localgroups) + +[<mappings>](#bkmk-mappings) + +[<changeGroup>](#bkmk-changegrou) + +[<include>](#bkmk-include) + +[<exclude>](#bkmk-exclude) + +[Sample Config.xml File](#bkmk-sampleconfigxjmlfile) + +## <Policies> + + +The **<Policies>** element contains elements that describe the policies that USMT follows while creating a migration store. Valid children of the **<Policies>** element are **<ErrorControl>** and **<HardLinkStoreControl>**. The **<Policies>** element is a child of **<Configuration>**. + +Syntax: ` ` + +## <ErrorControl> + + +The **<ErrorControl>** element is an optional element you can configure in the Config.xml file. The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. + +- **Number of occurrences**: Once for each component + +- **Parent elements**: The **<Policies>** element + +- **Child elements**: The **<fileError>** and **<registryError>** element + +Syntax: `` + +The following example specifies that all locked files, regardless of their location (including files in C:\\Users), should be ignored. However, the migration fails if any file in C:\\Users cannot be accessed because of any other reason. In the example below, the **<ErrorControl>** element ignores any problems in migrating registry keys that match the supplied pattern, and it resolves them to an **Access denied** error. + +Additionally, the order in the **<ErrorControl>** section implies priority. In this example, the first **<nonFatal>** tag takes precedence over the second **<fatal>** tag. This precedence is applied, regardless of how many tags are listed. + +``` xml + + + * [*] + C:\Users\* [*] + + + HKCU\SOFTWARE\Microsoft\* [*] + + +``` + +**Important**   +The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. + + + +### <fatal> + +The **<fatal>** element is not required. + +- **Number of occurrences**: Once for each component + +- **Parent elements**: **<fileError>** and **<registryError>** + +- **Child elements**: None. + +Syntax: ``*<pattern>*`` + + +++++ + + + + + + + + + + + + + + +
      ParameterRequiredValue

      errorCode

      No

      "any" or "specify system error message here"

      + + + +You use the **<fatal>** element to specify that errors matching a specific pattern should cause USMT to halt the migration. + +## <fileError> + + +The **<fileError>** element is not required. + +- **Number of occurrences**: Once for each component + +- **Parent elements**: **<ErrorControl>** + +- **Child elements**: **<nonFatal>** and **<fatal>** + +Syntax: `` + +You use the **<fileError>** element to represent the behavior associated with file errors. + +## <nonFatal> + + +The **<nonFatal>** element is not required. + +- **Number of occurrences**: Once for each component + +- **Parent elements**: The **<fileError>** and **<registryError>** elements. + +- **Child elements**: None. + +Syntax: ``*<pattern>*`` + + +++++ + + + + + + + + + + + + + + +
      ParameterRequiredValue

      <errorCode>

      No

      "any" or "specify system error message here". If system error messages are not specified, the default behavior applies the parameter to all system error messages.

      + + + +You use the **<nonFatal>** element to specify that errors matching a specific pattern should not cause USMT to halt the migration. + +## <registryError> + + +The <registryError>element is not required. + +- **Number of occurrences**: Once for each component + +- **Parent elements**: **<ErrorControl>** + +- **Child elements**: **<nonfatal>** and **<fatal>** + +Syntax: `` + + +++++ + + + + + + + + + + + + + + +
      ParameterRequiredValue

      <errorCode>

      No

      "any" or "specify system error message here". If system error messages are not specified, the default behavior applies the parameter to all system error messages.

      + + + +You use the **<registryError>** element to specify that errors matching a specific pattern should not cause USMT to halt the migration. + +## <HardLinkStoreControl> + + +The **<HardLinkStoreControl>** element contains elements that describe how to handle files during the creation of a hard-link migration store. Its only valid child is **<fileLocked>**. + +Syntax: ` ` + +- **Number of occurrences**: Once for each component + +- **Parent elements**: **<Policies>** + +- **Child elements**: **<fileLocked>** + +Syntax: `` + +The **<HardLinkStoreControl>** sample code below specifies that hard links can be created to locked files only if the locked file resides somewhere under C:\\Users\\. Otherwise, a file-access error occurs when a locked file is encountered that cannot be copied, even though is technically possible for the link to be created. + +**Important**   +The **<ErrorControl>** section can be configured to conditionally ignore file access errors, based on the file’s location. + + + +``` xml + + + + C:\Users\* + C:\* + + + + […] + + +``` + +## <fileLocked> + + +The **<fileLocked>** element contains elements that describe how to handle files that are locked for editing. The rules defined by the **<fileLocked>** element are processed in the order in which they appear in the XML file. + +Syntax: `` + +## <createHardLink> + + +The **<createHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application. + +Syntax: ``*<pattern>*`` + +## <errorHardLink> + + +The **<errorHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should not be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that is not possible, **Error\_Locked** is thrown. This is a standard Windows application programming interface (API) error that can be captured by the **<ErrorControl>** section to either cause USMT to skip the file or abort the migration. + +Syntax: ``*<pattern>*`` + +## <ProfileControl> + + +This element is used to contain other elements that establish rules for migrating profiles, users, and policies around local group membership during the migration. **<ProfileMigration>** is a child of **<Configuration>**. + +Syntax: <`ProfileControl> ` + +## <localGroups> + + +This element is used to contain other elements that establish rules for how to migrate local groups. **<localGroups>** is a child of **<ProfileControl>**. + +Syntax: ` ` + +## <mappings> + + +This element is used to contain other elements that establish mappings between groups. + +Syntax: ` ` + +## <changeGroup> + + +This element describes the source and destination groups for a local group membership change during the migration. It is a child of **<localGroups>**. The following parameters are defined: + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      ParameterRequiredValue

      From

      Yes

      A valid local group on the source machine that contains users selected for migration on the command line.

      To

      Yes

      A local group that the users are to be moved to during the migration.

      appliesTo

      Yes

      nonmigratedUsers, migratedUsers, AllUsers. This value defines which users the change group operation should apply to.

      + + + +The valid and required children of **<changeGroup>** are **<include>** and **<exclude>**. Although both can be children at the same time, only one is required. + +Syntax: ` ` + +## <include> + + +This element specifies that its required child, *<pattern>*, should be included in the migration. + +Syntax: ```` + +## <exclude> + + +This element specifies that its required child, *<pattern>*, should be excluded from the migration. + +Syntax: ``` ` + +## Sample Config.xml File + + +Refer to the following sample Config.xml file for additional details about items you can choose to exclude from a migration. + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +## Related topics + + +[USMT XML Reference](usmt-xml-reference.md) + + + + + + + + + diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index ecba40336b..5b40bd3e9d 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -1,464 +1,465 @@ ---- -title: Conflicts and Precedence (Windows 10) -description: Conflicts and Precedence -ms.assetid: 0e2691a8-ff1e-4424-879b-4d5a2f8a113a -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Conflicts and Precedence - - -When you include, exclude, and reroute files and settings, it is important to know how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. When working with USMT, the following are the most important conflicts and precedence guidelines to keep in mind. - -- **If there are conflicting rules within a component, the most specific rule is applied.** However, the <unconditionalExclude> rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting include and exclude rules?](#bkmk1) and the first example in [Include and exclude precedence examples](#precexamples)****later in this topic. - -- **Only rules inside the same component can affect each other, depending on specificity.** Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. - -- **If the rules are equally specific, <exclude> takes precedence over <include>.** For example, if you use the <exclude> rule to exclude a file and use the <include> rule to include the same file, the file will be excluded. - -- **The ordering of components does not matter.** It does not matter which components are listed in which .xml file, because each component is processed independently of the other components across all of the .xml files. - -- **The ordering of the <include> and <exclude> rules within a component does not matter.** - -- **You can use the <unconditionalExclude> element to globally exclude data.** This element excludes objects, regardless of any other <include> rules that are in the .xml files. For example, you can use the <unconditionalExclude> element to exclude all MP3 files on the computer or to exclude all files from C:\\UserData. - -## In This Topic - - -**General** - -- [What is the relationship between rules that are located within different components?](#bkmk2) - -- [How does precedence work with the Config.xml file?](#bkmk3) - -- [How does USMT process each component in an .xml file with multiple components?](#bkmk4) - -- [How are rules processed?](#bkmk5) - -- [How does USMT combine all of the .xml files that I specify on the command line?](#bkmk6) - -**The <include> and <exclude> rules** - -- [What happens when there are conflicting include and exclude rules?](#bkmk1) - -- [<include> and <exclude> precedence examples](#precexamples) - -**File collisions** - -- [What is the default behavior when there are file collisions?](#collisions) - -- [How does the <merge> rule work when there are file collisions?](#bkmk11) - -## General - - -### What is the relationship between rules that are located within different components? - -Only rules inside the same component can affect each other, depending on specificity, except for the <unconditionalExclude> rule. Rules that are in different components do not affect each other. If there is an <include> rule in one component and an identical <exclude> rule in another component, the data will be migrated because the two rules are independent of each other. - -If you have an <include> rule in one component and a <locationModify> rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the <include> rule, and it will be migrated based on the <locationModify> rule. - -The following .xml file migrates all files from C:\\Userdocs, including .mp3 files, because the <exclude> rule is specified in a separate component. - -``` syntax - - -User Documents - - - - - C:\Userdocs\* [*.mp3] - - - - - - - - User documents to include - - - - - C:\Userdocs\ [*] - - - - - - -``` - -### How does precedence work with the Config.xml file? - -Specifying `migrate="no"` in the Config.xml file is the same as deleting the corresponding component from the migration .xml file. However, if you set `migrate="no"` for My Documents, but you have a rule similar to the one shown below in a migration .xml file (which includes all of the .doc files from My Documents), then only the .doc files will be migrated, and all other files will be excluded. - -``` syntax - - - %CSIDL_PERSONAL%\* [*.doc] - - -``` - -### How does USMT process each component in an .xml file with multiple components? - -The ordering of components does not matter. Each component is processed independently of other components. For example, if you have an <include> rule in one component and a <locationModify> rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the <include> rule, and it will be migrated based on the <locationModify> rule. - -### How are rules processed? - -There are two broad categories of rules. - -- **Rules that affect the behavior of both the ScanState and LoadState tools**. For example, the <include>, <exclude>, and <unconditionalExclude> rules are processed for each component in the .xml files. For each component, USMT creates an include list and an exclude list. Some of the rules in the component might be discarded due to specificity, but all of the remaining rules are processed. For each <include> rule, USMT iterates through the elements to see if any of the locations need to be excluded. USMT enumerates all of the objects and creates a list of objects it is going to collect for each user. Once the list is complete, each of the objects is stored or migrated to the destination computer. - -- **Rules that affect the behavior of only the LoadState tool**. For example, the <locationModify>, <contentModify>, and <destinationCleanup> rules do not affect ScanState. They are processed only with LoadState. First, the LoadState tool determines the content and location of each component based on the <locationModify>and <contentModify> rules. Then, LoadState processes all of the <destinationCleanup> rules and deletes data from the destination computer. Lastly, LoadState applies the components to the computer. - -### How does USMT combine all of the .xml files that I specify on the command line? - -USMT does not distinguish the .xml files based on their name or content. It processes each component within the files separately. USMT supports multiple .xml files only to make it easier to maintain and organize the components within them. Because USMT uses a urlid to distinguish each component from the others, be sure that each .xml file that you specify on the command line has a unique migration urlid. - -## The <include> and <exclude> rules - - -### What happens when there are conflicting <include> and <exclude> rules? - -If there are conflicting rules within a component, the most specific rule is applied, except with the <unconditionalExclude> rule, which takes precedence over all other rules. If the rules are equally specific, then the data will be not be migrated. For example if you exclude a file, and include the same file, the file will not be migrated. If there are conflicting rules within different components, the rules do not affect each other because each component is processed independently. - -In the following example, mp3 files will not be excluded from the migration. This is because directory names take precedence over the file extensions. - -``` syntax - - - C:\Data\* [*] - - - - - C:\* [*.mp3] - - -``` - -### <include> and <exclude> rules precedence examples - -These examples explain how USMT deals with <include> and <exclude> rules. When the rules are in different components, the resulting behavior will be the same regardless of whether the components are in the same or in different migration .xml files. - -- [Including and excluding files](#filesex) - -- [Including and excluding registry objects](#regex) - -### Including and excluding files - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      If you have the following code in the same componentResulting behaviorExplanation
        -

      • Include rule: <pattern type="File">C:\Dir1* []</pattern>

        • -

      • Exclude rule: <pattern type="File">C:* [.txt]</pattern>

        • -

      Migrates all files and subfolders in Dir1 (including all .txt files in C:).

      The <exclude> rule does not affect the migration because the <include> rule is more specific.

        -

      • Include rule: <pattern type="File">C:\Dir1* []</pattern>

        • -

      • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

        • -

      Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1\Dir2 and its subfolders.

      Both rules are processed as intended.

        -

      • Include rule: <pattern type="File">C:\Dir1* []</pattern>

        • -

      • Exclude rule: <pattern type="File">C:\Dir1\ * [.txt]</pattern>

        • -

      Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1 and its subfolders.

      Both rules are processed as intended.

        -

      • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

        • -

      • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

        • -

      Nothing will be migrated.

      The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule.

        -

      • Include rule: C:\Dir1* [.txt]

        • -

      • Exclude rule: C:\Dir1\Dir2* []

        • -

      Migrates the .txt files in Dir1 and the .txt files from subfolders other than Dir2.

      -

      No files are migrated from Dir2 or its subfolders.

      Both rules are processed as intended.

        -

      • Include rule: C:\Dir1\Dir2* []

        • -

      • Exclude rule: C:\Dir1* [.txt]

        • -

      Migrates all files and subfolders of Dir2, except the .txt files from Dir1 and any subfolders of Dir1 (including Dir2).

      Both rules are processed as intended.

      - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
      If you have the following code in different componentsResulting behaviorExplanation

      Component 1:

      -
        -

      • Include rule: <pattern type="File">C:\Dir1* []</pattern>

        • -

      • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

        • -
      -

      Component 2:

      -
        -

      • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

        • -

      • Exclude rule: <pattern type="File">C:\Dir1* []</pattern>

        • -

      Migrates all files and subfolders of C:\Dir1\ (including C:\Dir1\Dir2).

      Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, although some .txt files were excluded when Component 1 was processed, they were included when Component 2 was processed.

      Component 1:

      -
        -

      • Include rule: C:\Dir1\Dir2* []

        • -
      -

      Component 2:

      -
        -

      • Exclude rule: C:\Dir1* [.txt]

        • -

      Migrates all files and subfolders from Dir2 except the .txt files in C:\Dir1 and its subfolders.

      Both rules are processed as intended.

      Component 1:

      -
        -

      • Exclude rule: C:\Dir1\Dir2* []

        • -
      -

      Component 2:

      -
        -

      • Include rule: C:\Dir1* [.txt]

        • -

      Migrates all .txt files in Dir1 and any subfolders.

      Component 1 does not contain an <include> rule, so the <exclude> rule is not processed.

      - - - -### Including and excluding registry objects - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
      If you have the following code in the same componentResulting behaviorExplanation
        -

      • Include rule: HKLM\Software\Microsoft\Command Processor* []

        • -

      • Exclude Rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • -

      Migrates all keys in HKLM\Software\Microsoft\Command Processor except DefaultColor.

      Both rules are processed as intended.

        -

      • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • -

      • Exclude Rule: HKLM\Software\Microsoft\Command Processor* []

        • -

      Migrates only DefaultColor in HKLM\Software\Microsoft\Command Processor.

      DefaultColor is migrated because the <include> rule is more specific than the <exclude> rule.

        -

      • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • -

      • Exclude rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • -

      Does not migrate DefaultColor.

      The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule.

      - - - - ----- - - - - - - - - - - - - - - -
      If you have the following code in different componentsResulting behaviorExplanation

      Component 1:

      -
        -

      • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • -

      • Exclude rule: HKLM\Software\Microsoft\Command Processor* []

        • -
      -

      Component 2:

      -
        -

      • Include rule: HKLM\Software\Microsoft\Command Processor* []

        • -

      • Exclude rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • -

      Migrates all the keys/values under HKLM\Software\Microsoft\Command Processor.

      Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, the objects that were excluded when Component 1 was processed were included when Component 2 was processed.

      - - - -## File collisions - - -### What is the default behavior when there are file collisions? - -If there is not a <merge> rule, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally: for example, OriginalFileName(1).OriginalExtension, OriginalFileName(2).OriginalExtension, and so on. - -### How does the <merge> rule work when there are file collisions? - -When a collision is detected, USMT will select the most specific <merge> rule and apply it to resolve the conflict. For example, if you have a <merge> rule for C:\\\* \[\*\] set to **sourcePriority()** and another <merge> rule for C:\\subfolder\\\* \[\*\] set to **destinationPriority()** , then USMT uses the destinationPriority() rule because it is the most specific. - -### Example scenario - -The source computer contains the following files: - -- C:\\Data\\SampleA.txt - -- C:\\Data\\SampleB.txt - -- C:\\Data\\Folder\\SampleB.txt - -The destination computer contains the following files: - -- C:\\Data\\SampleB.txt - -- C:\\Data\\Folder\\SampleB.txt - -You have a custom .xml file that contains the following code: - -``` syntax - - - c:\data\* [*] - - -``` - -For this example, the following table describes the resulting behavior if you add the code in the first column to your custom .xml file. - - ---- - - - - - - - - - - - - - - - - - - - - -
      If you specify the following codeResulting behavior
      <merge script="MigXmlHelper.DestinationPriority()"> 
-   <objectSet> 
-      <pattern type="File">c:\data* []</pattern> 
-   </objectSet> 
-</merge>

      During ScanState, all the files will be added to the store.

      -

      During LoadState, only C:\Data\SampleA.txt will be restored.

      <merge script="MigXmlHelper.SourcePriority()"> 
-   <objectSet> 
-      <pattern type="File">c:\data* []</pattern> 
-   </objectSet> 
-</merge>

      During ScanState, all the files will be added to the store.

      -

      During LoadState, all the files will be restored, overwriting the existing files on the destination computer.

      <merge script="MigXmlHelper.SourcePriority()"> 
-   <objectSet> 
-      <pattern type="File">c:\data\ [*]</pattern> 
-   </objectSet> 
-</merge>

      During ScanState, all the files will be added to the store.

      -

      During LoadState, the following will occur:

      -
        -

      • C:\Data\SampleA.txt will be restored.

        • -

      • C:\Data\SampleB.txt will be restored, overwriting the existing file on the destination computer.

        • -

      • C:\Data\Folder\SampleB.txt will not be restored.

        • -
      - - - -## Related topics - - -[USMT XML Reference](usmt-xml-reference.md) - - - - - - - - - +--- +title: Conflicts and Precedence (Windows 10) +description: Conflicts and Precedence +ms.assetid: 0e2691a8-ff1e-4424-879b-4d5a2f8a113a +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Conflicts and Precedence + + +When you include, exclude, and reroute files and settings, it is important to know how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. When working with USMT, the following are the most important conflicts and precedence guidelines to keep in mind. + +- **If there are conflicting rules within a component, the most specific rule is applied.** However, the <unconditionalExclude> rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting include and exclude rules?](#bkmk1) and the first example in [Include and exclude precedence examples](#precexamples)****later in this topic. + +- **Only rules inside the same component can affect each other, depending on specificity.** Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. + +- **If the rules are equally specific, <exclude> takes precedence over <include>.** For example, if you use the <exclude> rule to exclude a file and use the <include> rule to include the same file, the file will be excluded. + +- **The ordering of components does not matter.** It does not matter which components are listed in which .xml file, because each component is processed independently of the other components across all of the .xml files. + +- **The ordering of the <include> and <exclude> rules within a component does not matter.** + +- **You can use the <unconditionalExclude> element to globally exclude data.** This element excludes objects, regardless of any other <include> rules that are in the .xml files. For example, you can use the <unconditionalExclude> element to exclude all MP3 files on the computer or to exclude all files from C:\\UserData. + +## In This Topic + + +**General** + +- [What is the relationship between rules that are located within different components?](#bkmk2) + +- [How does precedence work with the Config.xml file?](#bkmk3) + +- [How does USMT process each component in an .xml file with multiple components?](#bkmk4) + +- [How are rules processed?](#bkmk5) + +- [How does USMT combine all of the .xml files that I specify on the command line?](#bkmk6) + +**The <include> and <exclude> rules** + +- [What happens when there are conflicting include and exclude rules?](#bkmk1) + +- [<include> and <exclude> precedence examples](#precexamples) + +**File collisions** + +- [What is the default behavior when there are file collisions?](#collisions) + +- [How does the <merge> rule work when there are file collisions?](#bkmk11) + +## General + + +### What is the relationship between rules that are located within different components? + +Only rules inside the same component can affect each other, depending on specificity, except for the <unconditionalExclude> rule. Rules that are in different components do not affect each other. If there is an <include> rule in one component and an identical <exclude> rule in another component, the data will be migrated because the two rules are independent of each other. + +If you have an <include> rule in one component and a <locationModify> rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the <include> rule, and it will be migrated based on the <locationModify> rule. + +The following .xml file migrates all files from C:\\Userdocs, including .mp3 files, because the <exclude> rule is specified in a separate component. + +``` xml + + +User Documents + + + + + C:\Userdocs\* [*.mp3] + + + + + + + + User documents to include + + + + + C:\Userdocs\ [*] + + + + + + +``` + +### How does precedence work with the Config.xml file? + +Specifying `migrate="no"` in the Config.xml file is the same as deleting the corresponding component from the migration .xml file. However, if you set `migrate="no"` for My Documents, but you have a rule similar to the one shown below in a migration .xml file (which includes all of the .doc files from My Documents), then only the .doc files will be migrated, and all other files will be excluded. + +``` xml + + + %CSIDL_PERSONAL%\* [*.doc] + + +``` + +### How does USMT process each component in an .xml file with multiple components? + +The ordering of components does not matter. Each component is processed independently of other components. For example, if you have an <include> rule in one component and a <locationModify> rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the <include> rule, and it will be migrated based on the <locationModify> rule. + +### How are rules processed? + +There are two broad categories of rules. + +- **Rules that affect the behavior of both the ScanState and LoadState tools**. For example, the <include>, <exclude>, and <unconditionalExclude> rules are processed for each component in the .xml files. For each component, USMT creates an include list and an exclude list. Some of the rules in the component might be discarded due to specificity, but all of the remaining rules are processed. For each <include> rule, USMT iterates through the elements to see if any of the locations need to be excluded. USMT enumerates all of the objects and creates a list of objects it is going to collect for each user. Once the list is complete, each of the objects is stored or migrated to the destination computer. + +- **Rules that affect the behavior of only the LoadState tool**. For example, the <locationModify>, <contentModify>, and <destinationCleanup> rules do not affect ScanState. They are processed only with LoadState. First, the LoadState tool determines the content and location of each component based on the <locationModify>and <contentModify> rules. Then, LoadState processes all of the <destinationCleanup> rules and deletes data from the destination computer. Lastly, LoadState applies the components to the computer. + +### How does USMT combine all of the .xml files that I specify on the command line? + +USMT does not distinguish the .xml files based on their name or content. It processes each component within the files separately. USMT supports multiple .xml files only to make it easier to maintain and organize the components within them. Because USMT uses a urlid to distinguish each component from the others, be sure that each .xml file that you specify on the command line has a unique migration urlid. + +## The <include> and <exclude> rules + + +### What happens when there are conflicting <include> and <exclude> rules? + +If there are conflicting rules within a component, the most specific rule is applied, except with the <unconditionalExclude> rule, which takes precedence over all other rules. If the rules are equally specific, then the data will be not be migrated. For example if you exclude a file, and include the same file, the file will not be migrated. If there are conflicting rules within different components, the rules do not affect each other because each component is processed independently. + +In the following example, mp3 files will not be excluded from the migration. This is because directory names take precedence over the file extensions. + +``` xml + + + C:\Data\* [*] + + + + + C:\* [*.mp3] + + +``` + +### <include> and <exclude> rules precedence examples + +These examples explain how USMT deals with <include> and <exclude> rules. When the rules are in different components, the resulting behavior will be the same regardless of whether the components are in the same or in different migration .xml files. + +- [Including and excluding files](#filesex) + +- [Including and excluding registry objects](#regex) + +### Including and excluding files + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      If you have the following code in the same componentResulting behaviorExplanation
        +

      • Include rule: <pattern type="File">C:\Dir1* []</pattern>

        • +

      • Exclude rule: <pattern type="File">C:* [.txt]</pattern>

        • +

      Migrates all files and subfolders in Dir1 (including all .txt files in C:).

      The <exclude> rule does not affect the migration because the <include> rule is more specific.

        +

      • Include rule: <pattern type="File">C:\Dir1* []</pattern>

        • +

      • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

        • +

      Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1\Dir2 and its subfolders.

      Both rules are processed as intended.

        +

      • Include rule: <pattern type="File">C:\Dir1* []</pattern>

        • +

      • Exclude rule: <pattern type="File">C:\Dir1\ * [.txt]</pattern>

        • +

      Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1 and its subfolders.

      Both rules are processed as intended.

        +

      • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

        • +

      • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

        • +

      Nothing will be migrated.

      The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule.

        +

      • Include rule: C:\Dir1* [.txt]

        • +

      • Exclude rule: C:\Dir1\Dir2* []

        • +

      Migrates the .txt files in Dir1 and the .txt files from subfolders other than Dir2.

      +

      No files are migrated from Dir2 or its subfolders.

      Both rules are processed as intended.

        +

      • Include rule: C:\Dir1\Dir2* []

        • +

      • Exclude rule: C:\Dir1* [.txt]

        • +

      Migrates all files and subfolders of Dir2, except the .txt files from Dir1 and any subfolders of Dir1 (including Dir2).

      Both rules are processed as intended.

      + + + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      If you have the following code in different componentsResulting behaviorExplanation

      Component 1:

      +
        +

      • Include rule: <pattern type="File">C:\Dir1* []</pattern>

        • +

      • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

        • +
      +

      Component 2:

      +
        +

      • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

        • +

      • Exclude rule: <pattern type="File">C:\Dir1* []</pattern>

        • +

      Migrates all files and subfolders of C:\Dir1\ (including C:\Dir1\Dir2).

      Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, although some .txt files were excluded when Component 1 was processed, they were included when Component 2 was processed.

      Component 1:

      +
        +

      • Include rule: C:\Dir1\Dir2* []

        • +
      +

      Component 2:

      +
        +

      • Exclude rule: C:\Dir1* [.txt]

        • +

      Migrates all files and subfolders from Dir2 except the .txt files in C:\Dir1 and its subfolders.

      Both rules are processed as intended.

      Component 1:

      +
        +

      • Exclude rule: C:\Dir1\Dir2* []

        • +
      +

      Component 2:

      +
        +

      • Include rule: C:\Dir1* [.txt]

        • +

      Migrates all .txt files in Dir1 and any subfolders.

      Component 1 does not contain an <include> rule, so the <exclude> rule is not processed.

      + + + +### Including and excluding registry objects + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      If you have the following code in the same componentResulting behaviorExplanation
        +

      • Include rule: HKLM\Software\Microsoft\Command Processor* []

        • +

      • Exclude Rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • +

      Migrates all keys in HKLM\Software\Microsoft\Command Processor except DefaultColor.

      Both rules are processed as intended.

        +

      • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • +

      • Exclude Rule: HKLM\Software\Microsoft\Command Processor* []

        • +

      Migrates only DefaultColor in HKLM\Software\Microsoft\Command Processor.

      DefaultColor is migrated because the <include> rule is more specific than the <exclude> rule.

        +

      • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • +

      • Exclude rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • +

      Does not migrate DefaultColor.

      The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule.

      + + + + +++++ + + + + + + + + + + + + + + +
      If you have the following code in different componentsResulting behaviorExplanation

      Component 1:

      +
        +

      • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • +

      • Exclude rule: HKLM\Software\Microsoft\Command Processor* []

        • +
      +

      Component 2:

      +
        +

      • Include rule: HKLM\Software\Microsoft\Command Processor* []

        • +

      • Exclude rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

        • +

      Migrates all the keys/values under HKLM\Software\Microsoft\Command Processor.

      Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, the objects that were excluded when Component 1 was processed were included when Component 2 was processed.

      + + + +## File collisions + + +### What is the default behavior when there are file collisions? + +If there is not a <merge> rule, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally: for example, OriginalFileName(1).OriginalExtension, OriginalFileName(2).OriginalExtension, and so on. + +### How does the <merge> rule work when there are file collisions? + +When a collision is detected, USMT will select the most specific <merge> rule and apply it to resolve the conflict. For example, if you have a <merge> rule for C:\\\* \[\*\] set to **sourcePriority()** and another <merge> rule for C:\\subfolder\\\* \[\*\] set to **destinationPriority()** , then USMT uses the destinationPriority() rule because it is the most specific. + +### Example scenario + +The source computer contains the following files: + +- C:\\Data\\SampleA.txt + +- C:\\Data\\SampleB.txt + +- C:\\Data\\Folder\\SampleB.txt + +The destination computer contains the following files: + +- C:\\Data\\SampleB.txt + +- C:\\Data\\Folder\\SampleB.txt + +You have a custom .xml file that contains the following code: + +``` xml + + + c:\data\* [*] + + +``` + +For this example, the following table describes the resulting behavior if you add the code in the first column to your custom .xml file. + + ++++ + + + + + + + + + + + + + + + + + + + + +
      If you specify the following codeResulting behavior
      <merge script="MigXmlHelper.DestinationPriority()"> 
+   <objectSet> 
+      <pattern type="File">c:\data* []</pattern> 
+   </objectSet> 
+</merge>

      During ScanState, all the files will be added to the store.

      +

      During LoadState, only C:\Data\SampleA.txt will be restored.

      <merge script="MigXmlHelper.SourcePriority()"> 
+   <objectSet> 
+      <pattern type="File">c:\data* []</pattern> 
+   </objectSet> 
+</merge>

      During ScanState, all the files will be added to the store.

      +

      During LoadState, all the files will be restored, overwriting the existing files on the destination computer.

      <merge script="MigXmlHelper.SourcePriority()"> 
+   <objectSet> 
+      <pattern type="File">c:\data\ [*]</pattern> 
+   </objectSet> 
+</merge>

      During ScanState, all the files will be added to the store.

      +

      During LoadState, the following will occur:

      +
        +

      • C:\Data\SampleA.txt will be restored.

        • +

      • C:\Data\SampleB.txt will be restored, overwriting the existing file on the destination computer.

        • +

      • C:\Data\Folder\SampleB.txt will not be restored.

        • +
      + + + +## Related topics + + +[USMT XML Reference](usmt-xml-reference.md) + + + + + + + + + diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index af14caacd3..66f4f18511 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -1,317 +1,318 @@ ---- -title: Custom XML Examples (Windows 10) -description: Custom XML Examples -ms.assetid: 48f441d9-6c66-43ef-91e9-7c78cde6fcc0 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Custom XML Examples - - -**Note**   -Because the tables in this topic are wide, you may need to adjust the width of its window. - - - -## In This Topic: - - -- [Example 1: Migrating an Unsupported Application](#example) - -- [Example 2: Migrating the My Videos Folder](#example2) - -- [Example 3: Migrating Files and Registry Keys](#example3) - -- [Example 4: Migrating Specific Folders from Various Locations](#example4) - -## Example 1: Migrating an Unsupported Application - - -The following is a template for the sections that you need to migrate your application. The template is not functional on its own, but you can use it to write your own .xml file. - -``` syntax - - - - Some Application - - - - - - value - - - - - - - - - - - - MigXMLHelper.DoesObjectExist("Registry","HKLM\Software\MyApp [win32_version]") - - - - - MigXMLHelper.DoesFileVersionMatch("%MyAppExePath%","ProductVersion","8.*") - MigXMLHelper.DoesFileVersionMatch("%MyAppExePath%","ProductVersion","9.*") - - - - - - - - - HKCU\Software\MyApp\Toolbar\* [*] - HKCU\Software\MyApp\ListView\* [*] - HKCU\Software\MyApp [ShowTips] - - - - - - - HKCU\Software\MyApp\Toolbar\* [*] - HKCU\Software\MyApp\ListView\* [*] - HKCU\Software\MyApp [ShowTips] - - - - - - - HKCU\Software\MyApp [Display] - - - - - - -``` - -## Example 2: Migrating the My Videos Folder - - -The following is a custom .xml file named CustomFile.xml that migrates My Videos for all users, if the folder exists on the source computer. - - ---- - - - - - - - - - - - - - - - - - - - - -
      CodeBehavior
      <condition>MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%")</condition>

      Verifies that My Videos exists on the source computer.

      <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>

      Filters out the shortcuts in My Videos that do not resolve on the destination computer. This has no effect on files that are not shortcuts. For example, if there is a shortcut in My Videos on the source computer that points to C:\Folder1, that shortcut will be migrated only if C:\Folder1 exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering.

      <pattern type="File">%CSIDL_MYVIDEO%* [*]</pattern>

      Migrates My Videos for all users.

      - - - -```xml - - - - My Video - - - - MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%") - - - - - - %CSIDL_MYVIDEO%\* [*] - - - - - - -``` - -## Example 3: Migrating Files and Registry Keys - - -This table describes the behavior in the following example .xml file. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
      CodeBehavior
      <pattern type="File">%ProgramFiles%\USMTTestFolder* [USMTTestFile.txt]</pattern>

      Migrates all instances of the file Usmttestfile.txt from all sub-directories under %ProgramFiles%\USMTTestFolder.

      <pattern type="File">%ProgramFiles%\USMTDIRTestFolder* []</pattern>

      Migrates the whole directory under %ProgramFiles%\USMTDIRTestFolder.

      <pattern type="Registry">HKCU\Software\USMTTESTKEY* [MyKey]</pattern>

      Migrates all instances of MyKey under HKCU\Software\USMTTESTKEY.

      <pattern type="Registry">HKLM\Software\USMTTESTKEY* []</pattern>

      Migrates the entire registry hive under HKLM\Software\USMTTESTKEY.

      - - - -``` syntax - - - File Migration Test - - - - - %ProgramFiles%\USMTTestFolder\* [USMTTestFile.txt] - %ProgramFiles%\USMTDIRTestFolder\* [*] - - - - - - - Registry Migration Test - - - - - HKCU\Software\USMTTESTKEY\* [MyKey] - HKLM\Software\USMTTESTKEY\* [*] - - - - - - -``` - -## Example 4: Migrating Specific Folders from Various Locations - - -The behavior for this custom .xml file is described within the <`displayName`> tags in the code. - -``` syntax - - - - Component to migrate all Engineering Drafts subfolders without documents in this folder - - - - - C:\EngineeringDrafts\* [*] - - - - - C:\EngineeringDrafts\ [*] - - - - - - - - Component to migrate all user documents except Sample.doc - - - - - C:\UserDocuments\* [*] - - - - - C:\UserDocuments\ [Sample.doc] - - - - - - - - Component to migrate all Requests folders on any drive on the computer - - - - - - - - - - - - - - Component to migrate all Presentations folder from any location on the C: drive - - - - - C:\*\Presentations\* [*] - C:\Presentations\* [*] - - - - - - -``` - -## Related topics - - -[USMT XML Reference](usmt-xml-reference.md) - -[Customize USMT XML Files](usmt-customize-xml-files.md) - - - - - - - - - +--- +title: Custom XML Examples (Windows 10) +description: Custom XML Examples +ms.assetid: 48f441d9-6c66-43ef-91e9-7c78cde6fcc0 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Custom XML Examples + + +**Note**   +Because the tables in this topic are wide, you may need to adjust the width of its window. + + + +## In This Topic: + + +- [Example 1: Migrating an Unsupported Application](#example) + +- [Example 2: Migrating the My Videos Folder](#example2) + +- [Example 3: Migrating Files and Registry Keys](#example3) + +- [Example 4: Migrating Specific Folders from Various Locations](#example4) + +## Example 1: Migrating an Unsupported Application + + +The following is a template for the sections that you need to migrate your application. The template is not functional on its own, but you can use it to write your own .xml file. + +``` xml + + + + Some Application + + + + + + value + + + + + + + + + + + + MigXMLHelper.DoesObjectExist("Registry","HKLM\Software\MyApp [win32_version]") + + + + + MigXMLHelper.DoesFileVersionMatch("%MyAppExePath%","ProductVersion","8.*") + MigXMLHelper.DoesFileVersionMatch("%MyAppExePath%","ProductVersion","9.*") + + + + + + + + + HKCU\Software\MyApp\Toolbar\* [*] + HKCU\Software\MyApp\ListView\* [*] + HKCU\Software\MyApp [ShowTips] + + + + + + + HKCU\Software\MyApp\Toolbar\* [*] + HKCU\Software\MyApp\ListView\* [*] + HKCU\Software\MyApp [ShowTips] + + + + + + + HKCU\Software\MyApp [Display] + + + + + + +``` + +## Example 2: Migrating the My Videos Folder + + +The following is a custom .xml file named CustomFile.xml that migrates My Videos for all users, if the folder exists on the source computer. + + ++++ + + + + + + + + + + + + + + + + + + + + +
      CodeBehavior
      <condition>MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%")</condition>

      Verifies that My Videos exists on the source computer.

      <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>

      Filters out the shortcuts in My Videos that do not resolve on the destination computer. This has no effect on files that are not shortcuts. For example, if there is a shortcut in My Videos on the source computer that points to C:\Folder1, that shortcut will be migrated only if C:\Folder1 exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering.

      <pattern type="File">%CSIDL_MYVIDEO%* [*]</pattern>

      Migrates My Videos for all users.

      + + + +```xml + + + + My Video + + + + MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%") + + + + + + %CSIDL_MYVIDEO%\* [*] + + + + + + +``` + +## Example 3: Migrating Files and Registry Keys + + +This table describes the behavior in the following example .xml file. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      CodeBehavior
      <pattern type="File">%ProgramFiles%\USMTTestFolder* [USMTTestFile.txt]</pattern>

      Migrates all instances of the file Usmttestfile.txt from all sub-directories under %ProgramFiles%\USMTTestFolder.

      <pattern type="File">%ProgramFiles%\USMTDIRTestFolder* []</pattern>

      Migrates the whole directory under %ProgramFiles%\USMTDIRTestFolder.

      <pattern type="Registry">HKCU\Software\USMTTESTKEY* [MyKey]</pattern>

      Migrates all instances of MyKey under HKCU\Software\USMTTESTKEY.

      <pattern type="Registry">HKLM\Software\USMTTESTKEY* []</pattern>

      Migrates the entire registry hive under HKLM\Software\USMTTESTKEY.

      + + + +``` xml + + + File Migration Test + + + + + %ProgramFiles%\USMTTestFolder\* [USMTTestFile.txt] + %ProgramFiles%\USMTDIRTestFolder\* [*] + + + + + + + Registry Migration Test + + + + + HKCU\Software\USMTTESTKEY\* [MyKey] + HKLM\Software\USMTTESTKEY\* [*] + + + + + + +``` + +## Example 4: Migrating Specific Folders from Various Locations + + +The behavior for this custom .xml file is described within the <`displayName`> tags in the code. + +``` xml + + + + Component to migrate all Engineering Drafts subfolders without documents in this folder + + + + + C:\EngineeringDrafts\* [*] + + + + + C:\EngineeringDrafts\ [*] + + + + + + + + Component to migrate all user documents except Sample.doc + + + + + C:\UserDocuments\* [*] + + + + + C:\UserDocuments\ [Sample.doc] + + + + + + + + Component to migrate all Requests folders on any drive on the computer + + + + + + + + + + + + + + Component to migrate all Presentations folder from any location on the C: drive + + + + + C:\*\Presentations\* [*] + C:\Presentations\* [*] + + + + + + +``` + +## Related topics + + +[USMT XML Reference](usmt-xml-reference.md) + +[Customize USMT XML Files](usmt-customize-xml-files.md) + + + + + + + + + diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index a3d0fe1b02..4b2d8385c2 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -1,235 +1,236 @@ ---- -title: Hard-Link Migration Store (Windows 10) -description: Hard-Link Migration Store -ms.assetid: b0598418-4607-4952-bfa3-b6e4aaa2c574 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Hard-Link Migration Store - - -A *hard-link migration store* enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed; this is why it is best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs and enables entirely new migration scenarios. - -## In This Topic - - -[When to Use a Hard-Link Migration](#bkmk-when) - -[Understanding a Hard-Link Migration](#bkmk-understandhardlinkmig) - -[Scenario](#bkmk-scenario) - -[Hard-Link Migration Store Details](#bkmk-hardlinkstoredetails) - -[Hard Disk Space](#bkmk-harddiskspace) - -[Hard-Link Store Size Estimation](#bkmk-hardlinkstoresizeest) - -[Migration Store Path on Multiple Volumes](#bkmk-migstoremultvolumes) - -[Location Modifications](#bkmk-locationmodify) - -[Migrating Encrypting File System (EFS) Certificates and Files](#bkmk-efs) - -[Migrating Locked Files With the Hard-Link Migration Store](#bkmk-miglockedfiles) - -[XML Elements in the Config.xml File](#bkmk-xmlelementsinconfig) - -## When to Use a Hard-Link Migration - - -You can use a hard-link migration store when your planned migration meets both of the following criteria: - -- You are upgrading the operating system on existing hardware rather than migrating to new computers. - -- You are upgrading the operating system on the same volume of the computer. - -You cannot use a hard-link migration store if your planned migration includes any of the following: - -- You are migrating data from one computer to a second computer. - -- You are migrating data from one volume on a computer to another volume, for example from C: to D:. - -- You are formatting or repartitioning the disk outside of Windows Setup, or specifying a disk format or repartition during Windows Setup that will remove the migration store. - -## Understanding a Hard-Link Migration - - -The hard-link migration store is created using the command-line option, **/hardlink**, and is equivalent to other migration-store types. However, it differs in that hard links are utilized to keep files stored on the source computer during the migration. Keeping the files in place on the source computer eliminates the redundant work of duplicating files. It also enables the performance benefits and reduction in disk utilization that define this scenario. - -When you create a hard link, you give an existing file an additional path. For instance, you could create a hard link to c:\\file1.txt called c:\\hard link\\myFile.txt. These are two paths to the same file. If you open c:\\file1.txt, make changes, and save the file, you will see those changes when you open c:\\hard link\\myFile.txt. If you delete c:\\file1.txt, the file still exists on your computer as c:\\hardlink\\myFile.txt. You must delete both references to the file in order to delete the file. - -**Note**   -A hard link can only be created for a file on the same volume. If you copy a hard-link migration store to another drive or external device, the files, and not the links, are copied, as in a non-compressed migration-store scenario. - - - -For more information about hard links, please see [Hard Links and Junctions](https://go.microsoft.com/fwlink/p/?LinkId=132934) - -In most aspects, a hard-link migration store is identical to an uncompressed migration store. It is located where specified by the Scanstate command-line tool and you can view the contents of the store by using Windows® Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store; however, as with creating the store, the same hard-link functionality is used to keep files in-place. - -As a best practice, we recommend that you delete the hard-link migration store after you confirm that the Loadstate tool has successfully migrated the files. Since Loadstate has created new paths to the files on your new installation of a Windows operating system, deleting the hard links in the migration store will only delete one path to the files and will not delete the actual files or the paths to them from your new operating system. - -**Important**   -Using the **/c** option will force the Loadstate tool to continue applying files when non-fatal errors occur. If you use the **/c** option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss. - - - -Keeping the hard-link migration store can result in additional disk space being consumed or problems with some applications for the following reasons: - -- Applications reporting file-system statistics, for example, space used and free space, might incorrectly report these statistics while the hard-link migration store is present. The file may be reported twice because of the two paths that reference that file. - -- A hard link may lose its connection to the original file. Some applications save changes to a file by creating a temporary file and then renaming the original to a backup filename. The path that was not used to open the file in this application will continue to refer to the unmodified file. The unmodified file that is not in use is taking up additional disk space. You should create the hard-link migration store just before you perform the migration, and not use applications once the store is created, in order to make sure you are migrating the latest versions of all files. - -- Editing the file by using different paths simultaneously may result in data corruption. - -**Important**   -The read-only file attribute on migrated files is lost when the hard-link migration store is deleted. This is due to a limitation in NTFS file system hard links. - - - -## Hard-Link Migration Scenario - - -For example, a company has decided to deploy Windows 10 on all of their computers. Each employee will keep the same computer, but the operating system on each computer will be updated. - -1. An administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink** command-line option. The ScanState tool saves the user state to a hard-link migration store on each computer, improving performance by reducing file duplication, except in certain specific instances. - - **Note**   - As a best practice, we recommend that you do not create your hard-link migration store until just before you perform the migration in order to migrate the latest versions of your files. You should not use your software applications on the computer after creating the migration store until you have finished migrating your files with Loadstate. - - - -2. On each computer, an administrator installs the company's standard operating environment (SOE), which includes Windows 7 and other applications the company currently uses. - -3. An administrator runs the LoadState command-line tool on each computer. The LoadState tool restores user state back on each computer. - -## Hard-Link Migration Store Details - - -This section provides details about hard-link migration stores. - -### Hard Disk Space - -The **/hardlink** command-line option proceeds with creating the migration store only if there is 250 megabytes (MB) of free space on the hard disk. Provided that every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless on the size of the migration. - -### Hard-Link Store Size Estimation - -It is not necessary to estimate the size of a hard-link migration store. Estimating the size of a migration store is only useful in scenarios where the migration store is very large, and on NTFS volumes the hard-link migration store will require much less incremental space than other store options. The only case where the local store can be quite large is when non-NTFS file systems exist on the system and contain data being migrated. Since NTFS has been the default file system format for Windows XP and newer operating systems, this situation is unusual. - -### Migration Store Path on Multiple Volumes - -Separate hard-link migration stores are created on each NTFS volume that contain data being migrated. In this scenario, the primary migration-store location will be specified on the command line, and should be the operating-system volume. Migration stores with identical names and directory names will be created on every volume containing data being migrated. For example: - -`Scanstate /hardlink c:\USMTMIG […]` - -Running this command on a system that contains the operating system on the C: drive and the user data on the D: drive will generate migration stores in the following locations, assuming that both drives are NTFS: - -C:\\USMTMIG\\ - -D:\\USMTMIG\\ - -The drive you specify on the command line for the hard-link migration store is important, because it defines where the *master migration store* should be placed. The *master migration store* is the location where data migrating from non-NTFS volumes is stored. This volume must have enough space to contain all of the data that comes from non-NTFS volumes. As in other scenarios, if a migration store already exists at the specified path, the **/o** option must be used to overwrite the existing data in the store. - -### Location Modifications - -Location modifications that redirect migrated content from one volume to a different volume have an adverse impact on the performance of a hard-link migration. This is because the migrating data that must cross system volumes cannot remain in the hard-link migration store, and must be copied across the system volumes. - -### Migrating Encrypting File System (EFS) Certificates and Files - -To migrate Encrypting File System (EFS) files to a new installation of an operating system on the same volume of the computer, specify the **/efs:hardlink** option in the Scanstate command-line syntax. - -If the EFS files are being restored to a different partition, you should use the **/efs:copyraw** option instead of the **/efs:hardlink** option. Hard links can only be created for files on the same volume. Moving the files to another partition during the migration requires a copy of the files to be created on the new partition. The **/efs:copyraw** option will copy the files to the new partition in encrypted format. - -For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md) and the Encrypted File Options in [ScanState Syntax](usmt-scanstate-syntax.md). - -### Migrating Locked Files with the Hard-Link Migration Store - -Files that are locked by an application or the operating system are handled differently when using a hard-link migration store. - -Files that are locked by the operating system cannot remain in place and must be copied into the hard-link migration store. As a result, selecting many operating-system files for migration significantly reduces performance during a hard-link migration. As a best practice, we recommend that you do not migrate any files out of the \\Windows directory, which minimizes performance-related issues. - -Files that are locked by an application are treated the same in hard-link migrations as in other scenarios when the volume shadow-copy service is not being utilized. The volume shadow-copy service cannot be used in conjunction with hard-link migrations. However, by modifying the new **<HardLinkStoreControl>** section in the Config.xml file, it is possible to enable the migration of files locked by an application. - -**Important**   -There are some scenarios in which modifying the **<HardLinkStoreControl>** section in the Config.xml file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use USMTutils.exe to schedule the migration store for deletion on the next restart. - - - -## XML Elements in the Config.xml File - - -A new section in the Config.xml file allows optional configuration of some of the hard-link migration behavior introduced with the **/HardLink** option. - - ---- - - - - - - - - - - - - - - - - - - - - - - -

      <Policies>

      This element contains elements that describe the policies that USMT follows while creating a migration store.

      <HardLinkStoreControl>

      This element contains elements that describe how to handle files during the creation of a hard link migration store.

      <fileLocked>

      This element contains elements that describe how to handle files that are locked for editing.

      <createHardLink>

      This element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application.

      -

      Syntax: <createHardLink> [pattern] </createHardLink>

      <errorHardLink>

      This element defines a standard MigXML pattern that describes file paths where hard links should not be created, if the file is locked for editing by another application.

      -

      <errorHardLink> [pattern] </errorHardLink>

      - - - -**Important**   -You must use the **/nocompress** option with the **/HardLink** option. - - - -The following XML sample specifies that files locked by an application under the \\Users directory can remain in place during the migration. It also specifies that locked files that are not located in the \\Users directory should result in the **File in Use** error. It is important to exercise caution when specifying the paths using the **File in Use<createhardlink>** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete. - -``` syntax - - - - c:\Users\* [*] - C:\* [*] - - - -``` - -## Related topics - - -[Plan Your Migration](usmt-plan-your-migration.md) - - - - - - - - - +--- +title: Hard-Link Migration Store (Windows 10) +description: Hard-Link Migration Store +ms.assetid: b0598418-4607-4952-bfa3-b6e4aaa2c574 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Hard-Link Migration Store + + +A *hard-link migration store* enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed; this is why it is best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs and enables entirely new migration scenarios. + +## In This Topic + + +[When to Use a Hard-Link Migration](#bkmk-when) + +[Understanding a Hard-Link Migration](#bkmk-understandhardlinkmig) + +[Scenario](#bkmk-scenario) + +[Hard-Link Migration Store Details](#bkmk-hardlinkstoredetails) + +[Hard Disk Space](#bkmk-harddiskspace) + +[Hard-Link Store Size Estimation](#bkmk-hardlinkstoresizeest) + +[Migration Store Path on Multiple Volumes](#bkmk-migstoremultvolumes) + +[Location Modifications](#bkmk-locationmodify) + +[Migrating Encrypting File System (EFS) Certificates and Files](#bkmk-efs) + +[Migrating Locked Files With the Hard-Link Migration Store](#bkmk-miglockedfiles) + +[XML Elements in the Config.xml File](#bkmk-xmlelementsinconfig) + +## When to Use a Hard-Link Migration + + +You can use a hard-link migration store when your planned migration meets both of the following criteria: + +- You are upgrading the operating system on existing hardware rather than migrating to new computers. + +- You are upgrading the operating system on the same volume of the computer. + +You cannot use a hard-link migration store if your planned migration includes any of the following: + +- You are migrating data from one computer to a second computer. + +- You are migrating data from one volume on a computer to another volume, for example from C: to D:. + +- You are formatting or repartitioning the disk outside of Windows Setup, or specifying a disk format or repartition during Windows Setup that will remove the migration store. + +## Understanding a Hard-Link Migration + + +The hard-link migration store is created using the command-line option, **/hardlink**, and is equivalent to other migration-store types. However, it differs in that hard links are utilized to keep files stored on the source computer during the migration. Keeping the files in place on the source computer eliminates the redundant work of duplicating files. It also enables the performance benefits and reduction in disk utilization that define this scenario. + +When you create a hard link, you give an existing file an additional path. For instance, you could create a hard link to c:\\file1.txt called c:\\hard link\\myFile.txt. These are two paths to the same file. If you open c:\\file1.txt, make changes, and save the file, you will see those changes when you open c:\\hard link\\myFile.txt. If you delete c:\\file1.txt, the file still exists on your computer as c:\\hardlink\\myFile.txt. You must delete both references to the file in order to delete the file. + +**Note**   +A hard link can only be created for a file on the same volume. If you copy a hard-link migration store to another drive or external device, the files, and not the links, are copied, as in a non-compressed migration-store scenario. + + + +For more information about hard links, please see [Hard Links and Junctions](https://go.microsoft.com/fwlink/p/?LinkId=132934) + +In most aspects, a hard-link migration store is identical to an uncompressed migration store. It is located where specified by the Scanstate command-line tool and you can view the contents of the store by using Windows® Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store; however, as with creating the store, the same hard-link functionality is used to keep files in-place. + +As a best practice, we recommend that you delete the hard-link migration store after you confirm that the Loadstate tool has successfully migrated the files. Since Loadstate has created new paths to the files on your new installation of a Windows operating system, deleting the hard links in the migration store will only delete one path to the files and will not delete the actual files or the paths to them from your new operating system. + +**Important**   +Using the **/c** option will force the Loadstate tool to continue applying files when non-fatal errors occur. If you use the **/c** option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss. + + + +Keeping the hard-link migration store can result in additional disk space being consumed or problems with some applications for the following reasons: + +- Applications reporting file-system statistics, for example, space used and free space, might incorrectly report these statistics while the hard-link migration store is present. The file may be reported twice because of the two paths that reference that file. + +- A hard link may lose its connection to the original file. Some applications save changes to a file by creating a temporary file and then renaming the original to a backup filename. The path that was not used to open the file in this application will continue to refer to the unmodified file. The unmodified file that is not in use is taking up additional disk space. You should create the hard-link migration store just before you perform the migration, and not use applications once the store is created, in order to make sure you are migrating the latest versions of all files. + +- Editing the file by using different paths simultaneously may result in data corruption. + +**Important**   +The read-only file attribute on migrated files is lost when the hard-link migration store is deleted. This is due to a limitation in NTFS file system hard links. + + + +## Hard-Link Migration Scenario + + +For example, a company has decided to deploy Windows 10 on all of their computers. Each employee will keep the same computer, but the operating system on each computer will be updated. + +1. An administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink** command-line option. The ScanState tool saves the user state to a hard-link migration store on each computer, improving performance by reducing file duplication, except in certain specific instances. + + **Note**   + As a best practice, we recommend that you do not create your hard-link migration store until just before you perform the migration in order to migrate the latest versions of your files. You should not use your software applications on the computer after creating the migration store until you have finished migrating your files with Loadstate. + + + +2. On each computer, an administrator installs the company's standard operating environment (SOE), which includes Windows 7 and other applications the company currently uses. + +3. An administrator runs the LoadState command-line tool on each computer. The LoadState tool restores user state back on each computer. + +## Hard-Link Migration Store Details + + +This section provides details about hard-link migration stores. + +### Hard Disk Space + +The **/hardlink** command-line option proceeds with creating the migration store only if there is 250 megabytes (MB) of free space on the hard disk. Provided that every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless on the size of the migration. + +### Hard-Link Store Size Estimation + +It is not necessary to estimate the size of a hard-link migration store. Estimating the size of a migration store is only useful in scenarios where the migration store is very large, and on NTFS volumes the hard-link migration store will require much less incremental space than other store options. The only case where the local store can be quite large is when non-NTFS file systems exist on the system and contain data being migrated. Since NTFS has been the default file system format for Windows XP and newer operating systems, this situation is unusual. + +### Migration Store Path on Multiple Volumes + +Separate hard-link migration stores are created on each NTFS volume that contain data being migrated. In this scenario, the primary migration-store location will be specified on the command line, and should be the operating-system volume. Migration stores with identical names and directory names will be created on every volume containing data being migrated. For example: + +`Scanstate /hardlink c:\USMTMIG […]` + +Running this command on a system that contains the operating system on the C: drive and the user data on the D: drive will generate migration stores in the following locations, assuming that both drives are NTFS: + +C:\\USMTMIG\\ + +D:\\USMTMIG\\ + +The drive you specify on the command line for the hard-link migration store is important, because it defines where the *master migration store* should be placed. The *master migration store* is the location where data migrating from non-NTFS volumes is stored. This volume must have enough space to contain all of the data that comes from non-NTFS volumes. As in other scenarios, if a migration store already exists at the specified path, the **/o** option must be used to overwrite the existing data in the store. + +### Location Modifications + +Location modifications that redirect migrated content from one volume to a different volume have an adverse impact on the performance of a hard-link migration. This is because the migrating data that must cross system volumes cannot remain in the hard-link migration store, and must be copied across the system volumes. + +### Migrating Encrypting File System (EFS) Certificates and Files + +To migrate Encrypting File System (EFS) files to a new installation of an operating system on the same volume of the computer, specify the **/efs:hardlink** option in the Scanstate command-line syntax. + +If the EFS files are being restored to a different partition, you should use the **/efs:copyraw** option instead of the **/efs:hardlink** option. Hard links can only be created for files on the same volume. Moving the files to another partition during the migration requires a copy of the files to be created on the new partition. The **/efs:copyraw** option will copy the files to the new partition in encrypted format. + +For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md) and the Encrypted File Options in [ScanState Syntax](usmt-scanstate-syntax.md). + +### Migrating Locked Files with the Hard-Link Migration Store + +Files that are locked by an application or the operating system are handled differently when using a hard-link migration store. + +Files that are locked by the operating system cannot remain in place and must be copied into the hard-link migration store. As a result, selecting many operating-system files for migration significantly reduces performance during a hard-link migration. As a best practice, we recommend that you do not migrate any files out of the \\Windows directory, which minimizes performance-related issues. + +Files that are locked by an application are treated the same in hard-link migrations as in other scenarios when the volume shadow-copy service is not being utilized. The volume shadow-copy service cannot be used in conjunction with hard-link migrations. However, by modifying the new **<HardLinkStoreControl>** section in the Config.xml file, it is possible to enable the migration of files locked by an application. + +**Important**   +There are some scenarios in which modifying the **<HardLinkStoreControl>** section in the Config.xml file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use USMTutils.exe to schedule the migration store for deletion on the next restart. + + + +## XML Elements in the Config.xml File + + +A new section in the Config.xml file allows optional configuration of some of the hard-link migration behavior introduced with the **/HardLink** option. + + ++++ + + + + + + + + + + + + + + + + + + + + + + +

      <Policies>

      This element contains elements that describe the policies that USMT follows while creating a migration store.

      <HardLinkStoreControl>

      This element contains elements that describe how to handle files during the creation of a hard link migration store.

      <fileLocked>

      This element contains elements that describe how to handle files that are locked for editing.

      <createHardLink>

      This element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application.

      +

      Syntax: <createHardLink> [pattern] </createHardLink>

      <errorHardLink>

      This element defines a standard MigXML pattern that describes file paths where hard links should not be created, if the file is locked for editing by another application.

      +

      <errorHardLink> [pattern] </errorHardLink>

      + + + +**Important**   +You must use the **/nocompress** option with the **/HardLink** option. + + + +The following XML sample specifies that files locked by an application under the \\Users directory can remain in place during the migration. It also specifies that locked files that are not located in the \\Users directory should result in the **File in Use** error. It is important to exercise caution when specifying the paths using the **File in Use<createhardlink>** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete. + +``` xml + + + + c:\Users\* [*] + C:\* [*] + + + +``` + +## Related topics + + +[Plan Your Migration](usmt-plan-your-migration.md) + + + + + + + + + diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md index 10f0cf2676..c594b6ea7d 100644 --- a/windows/deployment/usmt/usmt-include-files-and-settings.md +++ b/windows/deployment/usmt/usmt-include-files-and-settings.md @@ -1,226 +1,227 @@ ---- -title: Include Files and Settings (Windows 10) -description: Include Files and Settings -ms.assetid: 9009c6a5-0612-4478-8742-abe5eb6cbac8 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Include Files and Settings - - -When you specify the migration .xml files, User State Migration Tool (USMT) 10.0 migrates the settings and components specified in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) To include additional files and settings, we recommend that you create a custom .xml file and then include this file when using both the ScanState and LoadState commands. By creating a custom .xml file, you can keep your changes separate from the default .xml files, which makes it easier to track your modifications. - -In this topic: - -[Migrate a Single Registry Key](#bkmk-migsingleregkey) - -[Migrate a Specific Folder](#bkmk-migspecificfolder) - -[Migrate a Folder from a Specific Drive](#bkmk-migfoldspecdrive) - -[Migrate a Folder from Any Location](#bkmk-migfolderanyloc) - -[Migrate a File Type Into a Specific Folder](#bkmk-migfiletypetospecificfolder) - -[Migrate a Specific File](#bkmk-migspecificfile) - -## Migrate a Single Registry Key - - -The following .xml file migrates a single registry key. - -``` syntax - - - Component to migrate only registry value string - - - - - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache [Persistent] - - - - - - -``` - -## Migrate a Specific Folder - - -The following examples show how to migrate a folder from a specific drive, and from any location on the computer. - -### Migrate a Folder from a Specific Drive - -- **Including subfolders.** The following .xml file migrates all files and subfolders from C:\\EngineeringDrafts to the destination computer. - - ``` syntax - - - Component to migrate all Engineering Drafts Documents including subfolders - -    -       - - C:\EngineeringDrafts\* [*] - - -     -    - - - ``` - -- **Excluding subfolders.** The following .xml file migrates all files from C:\\EngineeringDrafts, but it does not migrate any subfolders within C:\\EngineeringDrafts. - - ``` syntax - - - Component to migrate all Engineering Drafts Documents without subfolders - -    -       - - C:\EngineeringDrafts\ [*] - - -     -    - - - ``` - -### Migrate a Folder from Any Location - -The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any drive on the computer. If multiple folders exist with the same name, then all files with this name are migrated. - -``` syntax - - - Component to migrate all Engineering Drafts Documents folder on any drive on the computer - - - - - - - - - - - - -``` - -The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any location on the C:\\ drive. If multiple folders exist with the same name, they are all migrated. - -``` syntax - - - Component to migrate all Engineering Drafts Documents EngineeringDrafts folder from where ever it exists on the C: drive - - - - - C:\*\EngineeringDrafts\* [*] - C:\EngineeringDrafts\* [*] - - - - - - -``` - -## Migrate a File Type Into a Specific Folder - - -The following .xml file migrates .mp3 files located in the specified drives on the source computer into the C:\\Music folder on the destination computer. - -``` syntax - - - All .mp3 files to My Documents - - - - - - - - - - - - - - - - - -``` - -## Migrate a Specific File - - -The following examples show how to migrate a file from a specific folder, and how to migrate a file from any location. - -- **To migrate a file from a folder.** The following .xml file migrates only the Sample.doc file from C:\\EngineeringDrafts on the source computer to the destination computer. - - ``` syntax - - - Component to migrate all Engineering Drafts Documents - -    -       - - C:\EngineeringDrafts\ [Sample.doc] - - -     -    - - - ``` - -- **To migrate a file from any location.** To migrate the Sample.doc file from any location on the C:\\ drive, use the <pattern> element, as the following example shows. If multiple files exist with the same name on the C:\\ drive, all of files with this name are migrated. - - ``` syntax - C:\* [Sample.doc] - ``` - - To migrate the Sample.doc file from any drive on the computer, use <script> as the following example shows. If multiple files exist with the same name, all files with this name are migrated. - - ``` syntax - - ``` - -## Related topics - - -[Customize USMT XML Files](usmt-customize-xml-files.md) - -[Custom XML Examples](usmt-custom-xml-examples.md) - -[Conflicts and Precedence](usmt-conflicts-and-precedence.md) - -[USMT XML Reference](usmt-xml-reference.md) - -  - -  - - - - - +--- +title: Include Files and Settings (Windows 10) +description: Include Files and Settings +ms.assetid: 9009c6a5-0612-4478-8742-abe5eb6cbac8 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Include Files and Settings + + +When you specify the migration .xml files, User State Migration Tool (USMT) 10.0 migrates the settings and components specified in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) To include additional files and settings, we recommend that you create a custom .xml file and then include this file when using both the ScanState and LoadState commands. By creating a custom .xml file, you can keep your changes separate from the default .xml files, which makes it easier to track your modifications. + +In this topic: + +[Migrate a Single Registry Key](#bkmk-migsingleregkey) + +[Migrate a Specific Folder](#bkmk-migspecificfolder) + +[Migrate a Folder from a Specific Drive](#bkmk-migfoldspecdrive) + +[Migrate a Folder from Any Location](#bkmk-migfolderanyloc) + +[Migrate a File Type Into a Specific Folder](#bkmk-migfiletypetospecificfolder) + +[Migrate a Specific File](#bkmk-migspecificfile) + +## Migrate a Single Registry Key + + +The following .xml file migrates a single registry key. + +``` xml + + + Component to migrate only registry value string + + + + + HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache [Persistent] + + + + + + +``` + +## Migrate a Specific Folder + + +The following examples show how to migrate a folder from a specific drive, and from any location on the computer. + +### Migrate a Folder from a Specific Drive + +- **Including subfolders.** The following .xml file migrates all files and subfolders from C:\\EngineeringDrafts to the destination computer. + + ``` xml + + + Component to migrate all Engineering Drafts Documents including subfolders + +    +       + + C:\EngineeringDrafts\* [*] + + +     +    + + + ``` + +- **Excluding subfolders.** The following .xml file migrates all files from C:\\EngineeringDrafts, but it does not migrate any subfolders within C:\\EngineeringDrafts. + + ``` xml + + + Component to migrate all Engineering Drafts Documents without subfolders + +    +       + + C:\EngineeringDrafts\ [*] + + +     +    + + + ``` + +### Migrate a Folder from Any Location + +The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any drive on the computer. If multiple folders exist with the same name, then all files with this name are migrated. + +``` xml + + + Component to migrate all Engineering Drafts Documents folder on any drive on the computer + + + + + + + + + + + + +``` + +The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any location on the C:\\ drive. If multiple folders exist with the same name, they are all migrated. + +``` xml + + + Component to migrate all Engineering Drafts Documents EngineeringDrafts folder from where ever it exists on the C: drive + + + + + C:\*\EngineeringDrafts\* [*] + C:\EngineeringDrafts\* [*] + + + + + + +``` + +## Migrate a File Type Into a Specific Folder + + +The following .xml file migrates .mp3 files located in the specified drives on the source computer into the C:\\Music folder on the destination computer. + +``` xml + + + All .mp3 files to My Documents + + + + + + + + + + + + + + + + + +``` + +## Migrate a Specific File + + +The following examples show how to migrate a file from a specific folder, and how to migrate a file from any location. + +- **To migrate a file from a folder.** The following .xml file migrates only the Sample.doc file from C:\\EngineeringDrafts on the source computer to the destination computer. + + ``` xml + + + Component to migrate all Engineering Drafts Documents + +    +       + + C:\EngineeringDrafts\ [Sample.doc] + + +     +    + + + ``` + +- **To migrate a file from any location.** To migrate the Sample.doc file from any location on the C:\\ drive, use the <pattern> element, as the following example shows. If multiple files exist with the same name on the C:\\ drive, all of files with this name are migrated. + + ``` xml + C:\* [Sample.doc] + ``` + + To migrate the Sample.doc file from any drive on the computer, use <script> as the following example shows. If multiple files exist with the same name, all files with this name are migrated. + + ``` xml + + ``` + +## Related topics + + +[Customize USMT XML Files](usmt-customize-xml-files.md) + +[Custom XML Examples](usmt-custom-xml-examples.md) + +[Conflicts and Precedence](usmt-conflicts-and-precedence.md) + +[USMT XML Reference](usmt-xml-reference.md) + +  + +  + + + + + diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 6e7a2e5a39..d9917d3495 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -1,493 +1,494 @@ ---- -title: Log Files (Windows 10) -description: Log Files -ms.assetid: 28185ebd-630a-4bbd-94f4-8c48aad05649 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Log Files - - -You can use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. This topic describes the available command-line options to enable USMT logs, and new XML elements that configure which types of errors are fatal and should halt the migration, which types are non-fatal and should be skipped so that the migration can continue. - -[Log Command-Line Options](#bkmk-commandlineoptions) - -[ScanState and LoadState Logs](#bkmk-scanloadstatelogs) - -[Progress Log](#bkmk-progresslog) - -[List Files Log](#bkmk-listfileslog) - -[Diagnostic Log](#bkmk-diagnosticlog) - -## Log Command-Line Options - - -The following table describes each command-line option related to logs, and it provides the log name and a description of what type of information each log contains. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      Command line OptionFile NameDescription

      /l[Path]FileName

      Scanstate.log or LoadState.log

      Specifies the path and file name of the ScanState.log or LoadState log.

      /progress[Path]FileName

      Specifies the path and file name of the Progress log.

      Provides information about the status of the migration, by percentage complete.

      /v[VerbosityLevel]

      Not applicable

      See the "Monitoring Options" section in ScanState Syntax.

      /listfiles[Path]FileName

      Specifies the path and file name of the Listfiles log.

      Provides a list of the files that were migrated.

      Set the environment variable MIG_ENABLE_DIAG to a path to an XML file.

      USMTDiag.xml

      The diagnostic log contains detailed system environment information, user environment information, and information about the migration units (migunits) being gathered and their contents.

      - - - -**Note**   -You cannot store any of the log files in *StorePath*. If you do, the log will be overwritten when USMT is run. - - - -## ScanState and LoadState Logs - - -ScanState and LoadState logs are text files that are create when you run the ScanState and LoadState tools. You can use these logs to help monitor your migration. The content of the log depends on the command-line options that you use and the verbosity level that you specify. For more information about verbosity levels, see Monitoring Options in [ScanState Syntax](usmt-scanstate-syntax.md). - -## Progress Log - - -You can create a progress log using the **/progress** option. External tools, such as Microsoft System Center Operations Manager 2007, can parse the progress log to update your monitoring systems. The first three fields in each line are fixed as follows: - -- **Date:** Date, in the format of *day* *shortNameOfTheMonth* *year*. For example: 08 Jun 2006. - -- **Local time:** Time, in the format of *hrs*:*minutes*:*seconds* (using a 24-hour clock). For example: 13:49:13. - -- **Migration time:** Duration of time that USMT was run, in the format of *hrs:minutes:seconds*. For example: 00:00:10. - -The remaining fields are key/value pairs as indicated in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      KeyValue

      program

      ScanState.exe or LoadState.exe.

      productVersion

      The full product version number of USMT.

      computerName

      The name of the source or destination computer on which USMT was run.

      commandLine

      The full command used to run USMT.

      PHASE

      Reports that a new phase in the migration is starting. This can be one of the following:

      -
        -

      • Initializing

        • -

      • Scanning

        • -

      • Collecting

        • -

      • Saving

        • -

      • Estimating

        • -

      • Applying

        • -

      detectedUser

        -

      • For the ScanState tool, these are the users USMT detected on the source computer that can be migrated.

        • -

      • For the LoadState tool, these are the users USMT detected in the store that can be migrated.

        • -

      includedInMigration

      Defines whether the user profile/component is included for migration. Valid values are Yes or No.

      forUser

      Specifies either of the following:

      -
        -

      • The user state being migrated.

        • -

      • This Computer, meaning files and settings that are not associated with a user.

        • -

      detectedComponent

      Specifies a component detected by USMT.

      -
        -

      • For ScanState, this is a component or application that is installed on the source computer.

        • -

      • For LoadState, this is a component or application that was detected in the store.

        • -

      totalSizeInMBToTransfer

      Total size of the files and settings to migrate in megabytes (MB).

      totalPercentageCompleted

      Total percentage of the migration that has been completed by either ScanState or LoadState.

      collectingUser

      Specifies which user ScanState is collecting files and settings for.

      totalMinutesRemaining

      Time estimate, in minutes, for the migration to complete.

      error

      Type of non-fatal error that occurred. This can be one of the following:

      -
        -

      • UnableToCopy: Unable to copy to store because the disk on which the store is located is full.

        • -

      • UnableToOpen: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.

        • -

      • UnableToCopyCatalog: Unable to copy because the store is corrupted.

        • -

      • UnableToAccessDevice: Unable to access the device.

        • -

      • UnableToApply: Unable to apply the setting to the destination computer.

        • -

      objectName

      The name of the file or setting that caused the non-fatal error.

      action

      Action taken by USMT for the non-fatal error. The values are:

      -
        -

      • Ignore: Non-fatal error ignored and the migration continued because the /c option was specified on the command line.

        • -

      • Abort: Stopped the migration because the /c option was not specified.

        • -

      errorCode

      The errorCode or return value.

      numberOfIgnoredErrors

      The total number of non-fatal errors that USMT ignored.

      message

      The message corresponding to the errorCode.

      - - - -## List Files Log - - -The List files log (Listfiles.txt) provides a list of the files that were migrated. This list can be used to troubleshoot XML issues or can be retained as a record of the files that were gathered into the migration store. The List Files log is only available for ScanState.exe. - -## Diagnostic Log - - -You can obtain the diagnostic log by setting the environment variable MIG\_ENABLE\_DIAG to a path to an XML file. - -The diagnostic log contains: - -- Detailed system environment information - -- Detailed user environment information - -- Information about the migration units (migunits) being gathered and their contents - -## Using the Diagnostic Log - - -The diagnostic log is essentially a report of all the migration units (migunits) included in the migration. A migunit is a collection of data that is identified by the component it is associated with in the XML files. The migration store is made up of all the migunits in the migration. The diagnostic log can be used to verify which migunits were included in the migration and can be used for troubleshooting while authoring migration XML files. - -The following examples describe common scenarios in which you can use the diagnostic log. - -**Why is this file not migrating when I authored an "include" rule for it?** - -Let’s imagine that we have the following directory structure and that we want the “data” directory to be included in the migration along with the “New Text Document.txt” file in the “New Folder.” The directory of **C:\\data** contains: - -``` syntax -01/21/2009 10:08 PM . -01/21/2009 10:08 PM .. -01/21/2009 10:08 PM New Folder -01/21/2009 09:19 PM 13 test (1).txt -01/21/2009 09:19 PM 13 test.txt - 2 File(s) 26 bytes -``` - -The directory of **C:\\data\\New Folder** contains: - -``` syntax -01/21/2009 10:08 PM . -01/21/2009 10:08 PM .. -01/21/2009 10:08 PM 0 New Text Document.txt - 1 File(s) 0 bytes -``` - -To migrate these files you author the following migration XML: - -```xml - - - - - DATA1 - - - - - c:\data\ [*] - - - - - - - -``` - -However, upon testing the migration you notice that the “New Text Document.txt” file isn’t included in the migration. To troubleshoot this failure, the migration can be repeated with the environment variable MIG\_ENABLE\_DIAG set such that the diagnostic log is generated. Upon searching the diagnostic log for the component “DATA1”, the following XML section is discovered: - -``` syntax - - - - - - - - - - - - - - -``` - -Analysis of this XML section reveals the migunit that was created when the migration rule was processed. The <Perform> section details the actual files that were scheduled for gathering and the result of the gathering operation. The “New Text Document.txt” file doesn’t appear in this section, which confirms that the migration rule was not correctly authored. - -An analysis of the XML elements reference topic reveals that the <pattern> tag needs to be modified as follows: - -``` syntax -c:\data\* [*] -``` - -When the migration is preformed again with the modified tag, the diagnostic log reveals the following: - -``` syntax - - - - - - - - - - - - - - - - -``` - -This diagnostic log confirms that the modified <pattern> value enables the migration of the file. - -**Why is this file migrating when I authored an exclude rule excluding it?** - -In this scenario, you have the following directory structure and you want all files in the “data” directory to migrate, except for text files. The **C:\\Data** folder contains: - -``` syntax -Directory of C:\Data - -01/21/2009 10:08 PM . -01/21/2009 10:08 PM .. -01/21/2009 10:08 PM New Folder -01/21/2009 09:19 PM 13 test (1).txt -01/21/2009 09:19 PM 13 test.txt - 2 File(s) 26 bytes -``` - -The **C:\\Data\\New Folder\\** contains: - -``` syntax -01/21/2009 10:08 PM . -01/21/2009 10:08 PM .. -01/21/2009 10:08 PM 0 New Text Document.txt - 1 File(s) 0 bytes -``` - -You author the following migration XML: - -```xml - - - - - DATA1 - - - - - c:\data\* [*] - - - - - - - c:\* [*.txt] - - - - - - -``` - -However, upon testing the migration you notice that all the text files are still included in the migration. In order to troubleshoot this issue, the migration can be performed with the environment variable MIG\_ENABLE\_DIAG set so that the diagnostic log is generated. Upon searching the diagnostic log for the component “DATA1”, the following XML section is discovered: - -``` syntax - - - - - - - - - - - - - - - - - - - - - -``` - -Upon reviewing the diagnostic log, you confirm that the files are still migrating, and that it is a problem with the authored migration XML rule. You author an update to the migration XML script as follows: - -```xml - - - - - DATA1 - - - - - c:\data\* [*] - - - - - - - c:\data\* [*.txt] - - - - - - - - - -``` - -Your revised migration XML script excludes the files from migrating, as confirmed in the diagnostic log: - -``` syntax - - - - - - - - - - - - - - - - - - -``` - -## Related topics - - -[XML Elements Library](usmt-xml-elements-library.md) - -[ScanState Syntax](usmt-scanstate-syntax.md) - -[LoadState Syntax](usmt-loadstate-syntax.md) - - - - - - - - - +--- +title: Log Files (Windows 10) +description: Log Files +ms.assetid: 28185ebd-630a-4bbd-94f4-8c48aad05649 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Log Files + + +You can use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. This topic describes the available command-line options to enable USMT logs, and new XML elements that configure which types of errors are fatal and should halt the migration, which types are non-fatal and should be skipped so that the migration can continue. + +[Log Command-Line Options](#bkmk-commandlineoptions) + +[ScanState and LoadState Logs](#bkmk-scanloadstatelogs) + +[Progress Log](#bkmk-progresslog) + +[List Files Log](#bkmk-listfileslog) + +[Diagnostic Log](#bkmk-diagnosticlog) + +## Log Command-Line Options + + +The following table describes each command-line option related to logs, and it provides the log name and a description of what type of information each log contains. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      Command line OptionFile NameDescription

      /l[Path]FileName

      Scanstate.log or LoadState.log

      Specifies the path and file name of the ScanState.log or LoadState log.

      /progress[Path]FileName

      Specifies the path and file name of the Progress log.

      Provides information about the status of the migration, by percentage complete.

      /v[VerbosityLevel]

      Not applicable

      See the "Monitoring Options" section in ScanState Syntax.

      /listfiles[Path]FileName

      Specifies the path and file name of the Listfiles log.

      Provides a list of the files that were migrated.

      Set the environment variable MIG_ENABLE_DIAG to a path to an XML file.

      USMTDiag.xml

      The diagnostic log contains detailed system environment information, user environment information, and information about the migration units (migunits) being gathered and their contents.

      + + + +**Note**   +You cannot store any of the log files in *StorePath*. If you do, the log will be overwritten when USMT is run. + + + +## ScanState and LoadState Logs + + +ScanState and LoadState logs are text files that are create when you run the ScanState and LoadState tools. You can use these logs to help monitor your migration. The content of the log depends on the command-line options that you use and the verbosity level that you specify. For more information about verbosity levels, see Monitoring Options in [ScanState Syntax](usmt-scanstate-syntax.md). + +## Progress Log + + +You can create a progress log using the **/progress** option. External tools, such as Microsoft System Center Operations Manager 2007, can parse the progress log to update your monitoring systems. The first three fields in each line are fixed as follows: + +- **Date:** Date, in the format of *day* *shortNameOfTheMonth* *year*. For example: 08 Jun 2006. + +- **Local time:** Time, in the format of *hrs*:*minutes*:*seconds* (using a 24-hour clock). For example: 13:49:13. + +- **Migration time:** Duration of time that USMT was run, in the format of *hrs:minutes:seconds*. For example: 00:00:10. + +The remaining fields are key/value pairs as indicated in the following table. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      KeyValue

      program

      ScanState.exe or LoadState.exe.

      productVersion

      The full product version number of USMT.

      computerName

      The name of the source or destination computer on which USMT was run.

      commandLine

      The full command used to run USMT.

      PHASE

      Reports that a new phase in the migration is starting. This can be one of the following:

      +
        +

      • Initializing

        • +

      • Scanning

        • +

      • Collecting

        • +

      • Saving

        • +

      • Estimating

        • +

      • Applying

        • +

      detectedUser

        +

      • For the ScanState tool, these are the users USMT detected on the source computer that can be migrated.

        • +

      • For the LoadState tool, these are the users USMT detected in the store that can be migrated.

        • +

      includedInMigration

      Defines whether the user profile/component is included for migration. Valid values are Yes or No.

      forUser

      Specifies either of the following:

      +
        +

      • The user state being migrated.

        • +

      • This Computer, meaning files and settings that are not associated with a user.

        • +

      detectedComponent

      Specifies a component detected by USMT.

      +
        +

      • For ScanState, this is a component or application that is installed on the source computer.

        • +

      • For LoadState, this is a component or application that was detected in the store.

        • +

      totalSizeInMBToTransfer

      Total size of the files and settings to migrate in megabytes (MB).

      totalPercentageCompleted

      Total percentage of the migration that has been completed by either ScanState or LoadState.

      collectingUser

      Specifies which user ScanState is collecting files and settings for.

      totalMinutesRemaining

      Time estimate, in minutes, for the migration to complete.

      error

      Type of non-fatal error that occurred. This can be one of the following:

      +
        +

      • UnableToCopy: Unable to copy to store because the disk on which the store is located is full.

        • +

      • UnableToOpen: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.

        • +

      • UnableToCopyCatalog: Unable to copy because the store is corrupted.

        • +

      • UnableToAccessDevice: Unable to access the device.

        • +

      • UnableToApply: Unable to apply the setting to the destination computer.

        • +

      objectName

      The name of the file or setting that caused the non-fatal error.

      action

      Action taken by USMT for the non-fatal error. The values are:

      +
        +

      • Ignore: Non-fatal error ignored and the migration continued because the /c option was specified on the command line.

        • +

      • Abort: Stopped the migration because the /c option was not specified.

        • +

      errorCode

      The errorCode or return value.

      numberOfIgnoredErrors

      The total number of non-fatal errors that USMT ignored.

      message

      The message corresponding to the errorCode.

      + + + +## List Files Log + + +The List files log (Listfiles.txt) provides a list of the files that were migrated. This list can be used to troubleshoot XML issues or can be retained as a record of the files that were gathered into the migration store. The List Files log is only available for ScanState.exe. + +## Diagnostic Log + + +You can obtain the diagnostic log by setting the environment variable MIG\_ENABLE\_DIAG to a path to an XML file. + +The diagnostic log contains: + +- Detailed system environment information + +- Detailed user environment information + +- Information about the migration units (migunits) being gathered and their contents + +## Using the Diagnostic Log + + +The diagnostic log is essentially a report of all the migration units (migunits) included in the migration. A migunit is a collection of data that is identified by the component it is associated with in the XML files. The migration store is made up of all the migunits in the migration. The diagnostic log can be used to verify which migunits were included in the migration and can be used for troubleshooting while authoring migration XML files. + +The following examples describe common scenarios in which you can use the diagnostic log. + +**Why is this file not migrating when I authored an "include" rule for it?** + +Let’s imagine that we have the following directory structure and that we want the “data” directory to be included in the migration along with the “New Text Document.txt” file in the “New Folder.” The directory of **C:\\data** contains: + +``` +01/21/2009 10:08 PM . +01/21/2009 10:08 PM .. +01/21/2009 10:08 PM New Folder +01/21/2009 09:19 PM 13 test (1).txt +01/21/2009 09:19 PM 13 test.txt + 2 File(s) 26 bytes +``` + +The directory of **C:\\data\\New Folder** contains: + +``` +01/21/2009 10:08 PM . +01/21/2009 10:08 PM .. +01/21/2009 10:08 PM 0 New Text Document.txt + 1 File(s) 0 bytes +``` + +To migrate these files you author the following migration XML: + +```xml + + + + + DATA1 + + + + + c:\data\ [*] + + + + + + + +``` + +However, upon testing the migration you notice that the “New Text Document.txt” file isn’t included in the migration. To troubleshoot this failure, the migration can be repeated with the environment variable MIG\_ENABLE\_DIAG set such that the diagnostic log is generated. Upon searching the diagnostic log for the component “DATA1”, the following XML section is discovered: + +``` xml + + + + + + + + + + + + + + +``` + +Analysis of this XML section reveals the migunit that was created when the migration rule was processed. The <Perform> section details the actual files that were scheduled for gathering and the result of the gathering operation. The “New Text Document.txt” file doesn’t appear in this section, which confirms that the migration rule was not correctly authored. + +An analysis of the XML elements reference topic reveals that the <pattern> tag needs to be modified as follows: + +``` xml +c:\data\* [*] +``` + +When the migration is preformed again with the modified tag, the diagnostic log reveals the following: + +``` xml + + + + + + + + + + + + + + + + +``` + +This diagnostic log confirms that the modified <pattern> value enables the migration of the file. + +**Why is this file migrating when I authored an exclude rule excluding it?** + +In this scenario, you have the following directory structure and you want all files in the “data” directory to migrate, except for text files. The **C:\\Data** folder contains: + +``` +Directory of C:\Data + +01/21/2009 10:08 PM . +01/21/2009 10:08 PM .. +01/21/2009 10:08 PM New Folder +01/21/2009 09:19 PM 13 test (1).txt +01/21/2009 09:19 PM 13 test.txt + 2 File(s) 26 bytes +``` + +The **C:\\Data\\New Folder\\** contains: + +``` +01/21/2009 10:08 PM . +01/21/2009 10:08 PM .. +01/21/2009 10:08 PM 0 New Text Document.txt + 1 File(s) 0 bytes +``` + +You author the following migration XML: + +```xml + + + + + DATA1 + + + + + c:\data\* [*] + + + + + + + c:\* [*.txt] + + + + + + +``` + +However, upon testing the migration you notice that all the text files are still included in the migration. In order to troubleshoot this issue, the migration can be performed with the environment variable MIG\_ENABLE\_DIAG set so that the diagnostic log is generated. Upon searching the diagnostic log for the component “DATA1”, the following XML section is discovered: + +``` xml + + + + + + + + + + + + + + + + + + + + + +``` + +Upon reviewing the diagnostic log, you confirm that the files are still migrating, and that it is a problem with the authored migration XML rule. You author an update to the migration XML script as follows: + +```xml + + + + + DATA1 + + + + + c:\data\* [*] + + + + + + + c:\data\* [*.txt] + + + + + + + + + +``` + +Your revised migration XML script excludes the files from migrating, as confirmed in the diagnostic log: + +``` xml + + + + + + + + + + + + + + + + + + +``` + +## Related topics + + +[XML Elements Library](usmt-xml-elements-library.md) + +[ScanState Syntax](usmt-scanstate-syntax.md) + +[LoadState Syntax](usmt-loadstate-syntax.md) + + + + + + + + + diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md index 59ce16d8ed..22f64e513e 100644 --- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md +++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md @@ -1,129 +1,130 @@ ---- -title: Reroute Files and Settings (Windows 10) -description: Reroute Files and Settings -ms.assetid: 905e6a24-922c-4549-9732-60fa11862a6c -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Reroute Files and Settings - - -To reroute files and settings, create a custom .xml file and specify this file name on both the ScanState and LoadState commandlines. This enables you to keep your changes separate from the default .xml files, so that it is easier to track your modifications. - -In this topic: - -- [Reroute a Folder](#bkmk-reroutefolder) - -- [Reroute a Specific File Type](#bkmk-reroutespecfiletype) - -- [Reroute a Specific File](#bkmk-reroutespecificfile) - -## Reroute a Folder - - -The following custom .xml file migrates the directories and files from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS. - -``` syntax - - - Engineering Drafts Documents to Personal Folder - -   - - - - C:\EngineeringDrafts\* [*] - -     - - - - C:\EngineeringDrafts\* [*] - -     -   - - - -``` - -## Reroute a Specific File Type - - -The following custom .xml file reroutes .mp3 files located in the fixed drives on the source computer into the C:\\Music folder on the destination computer. - -``` syntax - - - All .mp3 files to My Documents - - - - - - - - - - - - - - - - - -``` - -## Reroute a Specific File - - -The following custom .xml file migrates the Sample.doc file from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS. - -``` syntax - - -Sample.doc into My Documents - - - - - C:\EngineeringDrafts\ [Sample.doc] - - - - - C:\EngineeringDrafts\ [Sample.doc] - - - - - - -``` - -## Related topics - - -[Customize USMT XML Files](usmt-customize-xml-files.md) - -[Conflicts and Precedence](usmt-conflicts-and-precedence.md) - -[USMT XML Reference](usmt-xml-reference.md) - -  - -  - - - - - +--- +title: Reroute Files and Settings (Windows 10) +description: Reroute Files and Settings +ms.assetid: 905e6a24-922c-4549-9732-60fa11862a6c +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Reroute Files and Settings + + +To reroute files and settings, create a custom .xml file and specify this file name on both the ScanState and LoadState commandlines. This enables you to keep your changes separate from the default .xml files, so that it is easier to track your modifications. + +In this topic: + +- [Reroute a Folder](#bkmk-reroutefolder) + +- [Reroute a Specific File Type](#bkmk-reroutespecfiletype) + +- [Reroute a Specific File](#bkmk-reroutespecificfile) + +## Reroute a Folder + + +The following custom .xml file migrates the directories and files from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS. + +``` xml + + + Engineering Drafts Documents to Personal Folder + +   + + + + C:\EngineeringDrafts\* [*] + +     + + + + C:\EngineeringDrafts\* [*] + +     +   + + + +``` + +## Reroute a Specific File Type + + +The following custom .xml file reroutes .mp3 files located in the fixed drives on the source computer into the C:\\Music folder on the destination computer. + +``` xml + + + All .mp3 files to My Documents + + + + + + + + + + + + + + + + + +``` + +## Reroute a Specific File + + +The following custom .xml file migrates the Sample.doc file from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS. + +``` xml + + +Sample.doc into My Documents + + + + + C:\EngineeringDrafts\ [Sample.doc] + + + + + C:\EngineeringDrafts\ [Sample.doc] + + + + + + +``` + +## Related topics + + +[Customize USMT XML Files](usmt-customize-xml-files.md) + +[Conflicts and Precedence](usmt-conflicts-and-precedence.md) + +[USMT XML Reference](usmt-xml-reference.md) + +  + +  + + + + + diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index 54f36c31ff..bfbd4e2c61 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -1,4263 +1,4264 @@ ---- -title: XML Elements Library (Windows 10) -description: XML Elements Library -ms.assetid: f5af0f6d-c3bf-4a4c-a0ca-9db7985f954f -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# XML Elements Library - - -## Overview - - -This topic describes the XML elements and helper functions that you can employ to author migration .xml files to use with User State Migration Tool (USMT). It is assumed that you understand the basics of XML. . - -## In This Topic - - -In addition to XML elements and helper functions, this topic describes how to specify encoded locations and locations patterns, functions that are for internal USMT use only, and the version tags that you can use with helper functions. - -- [Elements and helper functions](#elements) - -- [Appendix](#appendix) - - - [Specifying locations](#locations) - - - [Internal USMT functions](#internalusmtfunctions) - - - [Valid version tags](#allowed) - -## Elements and Helper Functions - - -The following table describes the XML elements and helper functions you can use with USMT. - - ----- - - - - - - - - - - - - - - -
      Elements A-KElements L-ZHelper functions

      <addObjects>

      -

      <attributes>

      -

      <bytes>

      -

      <commandLine>

      -

      <component>

      -

      <condition>

      -

      <conditions>

      -

      <content>

      -

      <contentModify>

      -

      <description>

      -

      <destinationCleanup>

      -

      <detect>

      -

      <detects>

      -

      <detection>

      -

      <displayName>

      -

      <environment>

      -

      <exclude>

      -

      <excludeAttributes>

      -

      <extensions>

      -

      <extension>

      -

      <externalProcess>

      -

      <icon>

      -

      <include>

      -

      <includeAttribute>

      <library>

      -

      <location>

      -

      <locationModify>

      -

      <_locDefinition>

      -

      <manufacturer>

      -

      <merge>

      -

      <migration>

      -

      <namedElements>

      -

      <object>

      -

      <objectSet>

      -

      <path>

      -

      <paths>

      -

      <pattern>

      -

      <processing>

      -

      <plugin>

      -

      <role>

      -

      <rules>

      -

      <script>

      -

      <text>

      -

      <unconditionalExclude>

      -

      <variable>

      -

      <version>

      -

      <windowsObjects>

      <condition> functions

      -

      <content> functions

      -

      <contentModify> functions

      -

      <include> and <exclude> filter functions

      -

      <locationModify> functions

      -

      <merge> functions

      -

      <script> functions

      -

      Internal USMT functions

      - - - -## <addObjects> - - -The <addObjects> element emulates the existence of one or more objects on the source computer. The child <object> elements provide the details of the emulated objects. If the content is a <script> element, the result of the invocation will be an array of objects. - -- **Number of occurrences:** unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Required child elements:** [<object>](#object) In addition, you must specify [<location>](#location) and [<attribute>](#attribute) as child elements of this <object> element. - -- **Optional child elements:**[<conditions>](#conditions), <condition>, [<script>](#script) - -Syntax: - -<addObjects> - -</addObjects> - -The following example is from the MigApp.xml file: - -``` syntax - - - %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion] - DWORD - 0B000000 - - - %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] - DWORD - 00000000 - - -``` - -## <attributes> - - -The <attributes> element defines the attributes for a registry key or file. - -- **Number of occurrences:** once for each <object> - -- **Parent elements:**[<object>](#object) - -- **Child elements:** none - -Syntax: - -<attributes>*Content*</attributes> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      Content

      Yes

      The content depends on the type of object specified.

      -
        -

      • For files, the content can be a string containing any of the following attributes separated by commas:

        -
          -

        • Archive

          • -

        • Read-only

          • -

        • System

          • -

        • Hidden

          • -
        • -

      • For registry keys, the content can be one of the following types:

        -
          -

        • None

          • -

        • String

          • -

        • ExpandString

          • -

        • Binary

          • -

        • Dword

          • -

        • REG_SZ

          • -
        • -
      - - - -The following example is from the MigApp.xml file: - -``` syntax - - %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] - DWORD - 00000000 - -``` - -## <bytes> - - -You must specify the <bytes> element only for files because, if <location> corresponds to a registry key or a directory, then <bytes> will be ignored. - -- **Number of occurrences:** zero or one - -- **Parent elements:**[<object>](#object) - -- **Child elements:** none - -Syntax: - -<bytes string="Yes|No" expand="Yes|No">*Content*</bytes> - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      string

      No, default is No

      Determines whether Content should be interpreted as a string or as bytes.

      expand

      No (default = Yes

      When the expand parameter is Yes, the content of the <bytes> element is first expanded in the context of the source computer and then interpreted.

      Content

      Yes

      Depends on the value of the string.

      -
        -

      • When the string is Yes: the content of the <bytes> element is interpreted as a string.

        • -

      • When the string is No: the content of the <bytes> element is interpreted as bytes. Each two characters represent the hexadecimal value of a byte. For example, "616263" is the representation for the "abc" ANSI string. A complete representation of the UNICODE string "abc" including the string terminator would be: "6100620063000000".

        • -
      - - - -The following example is from the MigApp.xml file: - -``` syntax - - %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] - DWORD - 00000000 - -``` - -## <commandLine> - - -You might want to use the <commandLine> element if you want to start or stop a service or application before or after you run the ScanState and LoadState tools. - -- **Number of occurrences:** unlimited - -- **Parent elements:**[<externalProcess>](#externalprocess) - -- **Child elements:** none**** - -Syntax: - -<commandLine>*CommandLineString*</commandLine> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      CommandLineString

      Yes

      A valid command line.

      - - - -## <component> - - -The <component> element is required in a custom .xml file. This element defines the most basic construct of a migration .xml file. For example, in the MigApp.xml file, "Microsoft® Office 2003" is a component that contains another component, "Microsoft Office Access® 2003". You can use the child elements to define the component. - -A component can be nested inside another component; that is, the <component> element can be a child of the <role> element within the <component> element in two cases: 1) when the parent <component> element is a container or 2) if the child <component> element has the same role as the parent <component> element. - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<migration>](#migration), [<role>](#role) - -- **Required child elements:**[<role>](#role), [<displayName>](#displayname) - -- **Optional child elements:**[<manufacturer>](#manufacturer), [<version>](#version), [<description>](#description), [<paths>](#paths), [<icon>](#icon), [<environment>](#bkmk-environment), [<extensions>](#extensions) - -Syntax: - -<component type="System|Application|Device|Documents" context="User|System|UserAndSystem" defaultSupported="TRUE|FALSE|YES|NO" - -hidden="Yes|No"> - -</component> - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      type

      Yes

      You can use the following to group settings, and define the type of the component.

      -
        -

      • System: Operating system settings. All Windows® components are defined by this type.

        -

        When type="System" and defaultSupported="FALSE" the settings will not migrate unless there is an equivalent component in the .xml files that is specified on the LoadState command line. For example, the default MigSys.xml file contains components with type="System" and defaultSupported="FALSE". If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name. Otherwise, the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers.

        • -

      • Application: Settings for an application.

        • -

      • Device: Settings for a device.

        • -

      • Documents: Specifies files.

        • -

      context

      No

      -

      Default = UserAndSystem

      Defines the scope of this parameter; that is, whether to process this component in the context of the specific user, across the entire operating system, or both.

      -

      The largest possible scope is set by the <component> element. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it has a context of User. If a <rules> element has a context of System, it would act as though the <rules> element is not there.

      -
        -

      • User. Evaluates the component for each user.

        • -

      • System. Evaluates the component only once for the system.

        • -

      • UserAndSystem. Evaluates the component for the entire operating system and each user.

        • -

      defaultSupported

      No

      -

      (default = TRUE)

      Can be any of TRUE, FALSE, YES or NO. If this parameter is FALSE (or NO), the component will not be migrated unless there is an equivalent component on the destination computer.

      -

      When type="System" and defaultSupported="FALSE" the settings will not migrate unless there is an equivalent component in the .xml files that are specified on the LoadState command line. For example, the default MigSys.xml file contains components with type="System" and defaultSupported="FALSE". If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name or the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers.

      hidden

      This parameter is for internal USMT use only.

      - - - -For an example, see any of the default migration .xml files. - -## <condition> - - -Although the <condition> element under the <detect>, <objectSet>, and <addObjects> elements is supported, we recommend that you do not use it. This element might be deprecated in future versions of USMT, requiring you to rewrite your scripts. We recommend that, if you need to use a condition within the <objectSet> and <addObjects> elements, you use the more powerful [<conditions>](#conditions) element, which allows you to formulate complex Boolean statements. - -The <condition> element has a Boolean result. You can use this element to specify the conditions in which the parent element will be evaluated. If any of the present conditions return FALSE, the parent element will not be evaluated. - -- **Number of occurrences:** unlimited. - -- **Parent elements:**[<conditions>](#conditions), <detect>, <objectSet>, <addObjects> - -- **Child elements:** none - -- **Helper functions:** You can use the following [<condition> functions](#conditionfunctions) with this element: DoesOSMatch, IsNative64Bit(), IsOSLaterThan, IsOSEarlierThan, DoesObjectExist, DoesFileVersionMatch, IsFileVersionAbove, IsFileVersionBelow, IsSystemContext, DoesStringContentEqual, DoesStringContentContain, IsSameObject, IsSameContent, and IsSameStringContent. - -Syntax: - -<condition negation="Yes|No">*ScriptName*</condition> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      negation

      No

      -

      Default = No

      "Yes" reverses the True/False value of the condition.

      ScriptName

      Yes

      A script that has been defined within this migration section.

      - - - -For example, - -In the code sample below, the <condition> elements, A and B, are joined together by the AND operator because they are in separate <conditions> sections. For example: - -``` syntax - - - A - - - B - - -``` - -However, in the code sample below, the <condition> elements, A and B, are joined together by the OR operator because they are in the same <conditions> section. - -``` syntax - - - A - B - - -``` - -### <condition> functions - -The <condition> functions return a Boolean value. You can use these elements in <addObjects> conditions. - -- [Operating system version functions](#operatingsystemfunctions) - -- [Object content functions](#objectcontentfunctions) - -### Operating system version functions - -- **DoesOSMatch** - - All matches are case insensitive. - - Syntax: DoesOSMatch("*OSType*","*OSVersion*") - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      OSType

      Yes

      The only valid value for this setting is NT. Note, however, that you must set this setting for the <condition> functions to work correctly.

      OSVersion

      Yes

      The major version, minor version, build number and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version with a pattern. For example, 5.0.*.

      - - - -~~~ -For example: - -<condition>MigXmlHelper.DoesOSMatch("NT","\*")</condition> -~~~ - -- **IsNative64Bit** - - The IsNative64Bit function returns TRUE if the migration process is running as a native 64-bit process; that is, a process running on a 64-bit system without Windows on Windows (WOW). Otherwise, it returns FALSE. - -- **IsOSLaterThan** - - All comparisons are case insensitive. - - Syntax: IsOSLaterThan("*OSType*","*OSVersion*") - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      OSType

      Yes

      Can be 9x or NT. If OSType does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and OSType is “9x”, the result will be FALSE.

      OSVersion

      Yes

      The major version, minor version, build number, and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version but no pattern is allowed. For example, 5.0.

      -

      The IsOSLaterThan function returns TRUE if the current operating system is later than or equal to OSVersion.

      - - - -~~~ -For example: - -<condition negation="Yes">MigXmlHelper.IsOSLaterThan("NT","6.0")</condition> -~~~ - -- **IsOSEarlierThan** - - All comparisons are case insensitive. - - Syntax: IsOSEarlierThan("*OSType*","*OSVersion*") - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      OSType

      Yes

      Can be 9x or NT. If OSType does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and OSType is “9x” the result will be FALSE.

      OSVersion

      Yes

      The major version, minor version, build number, and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version but no pattern is allowed. For example, 5.0.

      -

      The IsOSEarlierThan function returns TRUE if the current operating system is earlier than OSVersion.

      - - - -### Object content functions - -- **DoesObjectExist** - - The DoesObjectExist function returns TRUE if any object exists that matches the location pattern. Otherwise, it returns FALSE. The location pattern is expanded before attempting the enumeration. - - Syntax: DoesObjectExist("*ObjectType*","*EncodedLocationPattern*") - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      ObjectType

      Yes

      Defines the object type. Can be File or Registry.

      EncodedLocationPattern

      Yes

      The location pattern. Environment variables are allowed.

      - - - -~~~ -For an example of this element, see the MigApp.xml file. -~~~ - -- **DoesFileVersionMatch** - - The pattern check is case insensitive. - - Syntax: DoesFileVersionMatch("*EncodedFileLocation*","*VersionTag*","*VersionValue*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      EncodedFileLocation

      Yes

      The location pattern for the file that will be checked. Environment variables are allowed.

      VersionTag

      Yes

      The version tag value that will be checked.

      VersionValue

      Yes

      A string pattern. For example, "Microsoft*".

      - - - -~~~ -For example: - -<condition>MigXmlHelper.DoesFileVersionMatch("%MSNMessengerInstPath%\\msnmsgr.exe","ProductVersion","6.\*")</condition> - -<condition>MigXmlHelper.DoesFileVersionMatch("%MSNMessengerInstPath%\\msnmsgr.exe","ProductVersion","7.\*")</condition> -~~~ - -- **IsFileVersionAbove** - - The IsFileVersionAbove function returns TRUE if the version of the file is higher than *VersionValue*. - - Syntax: IsFileVersionAbove("*EncodedFileLocation*","*VersionTag*","*VersionValue*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      EncodedFileLocation

      Yes

      The location pattern for the file that will be checked. Environment variables are allowed.

      VersionTag

      Yes

      The version tag value that will be checked.

      VersionValue

      Yes

      The value to compare to. You cannot specify a pattern.

      - - - -- **IsFileVersionBelow** - - Syntax: IsFileVersionBelow("*EncodedFileLocation*","*VersionTag*","*VersionValue*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      EncodedFileLocation

      Yes

      The location pattern for the file that will be checked. Environment variables are allowed.

      VersionTag

      Yes

      The version tag value that will be checked.

      VersionValue

      Yes

      The value to compare to. You cannot specify a pattern.

      - - - -- **IsSystemContext** - - The IsSystemContext function returns TRUE if the current context is "System". Otherwise, it returns FALSE. - - Syntax: IsSystemContext() - -- **DoesStringContentEqual** - - The DoesStringContentEqual function returns TRUE if the string representation of the given object is identical to `StringContent`. - - Syntax: DoesStringContentEqual("*ObjectType*","*EncodedLocation*","*StringContent*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      ObjectType

      Yes

      Defines the type of object. Can be File or Registry.

      EncodedLocationPattern

      Yes

      The encoded location for the object that will be examined. You can specify environment variables.

      StringContent

      Yes

      The string that will be checked against.

      - - - -~~~ -For example: - -``` syntax -MigXmlHelper.DoesStringContentEqual("File","%USERNAME%","") -``` -~~~ - -- **DoesStringContentContain** - - The DoesStringContentContain function returns TRUE if there is at least one occurrence of *StrToFind* in the string representation of the object. - - Syntax: DoesStringContentContain("*ObjectType*","*EncodedLocation*","*StrToFind*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      ObjectType

      Yes

      Defines the type of object. Can be File or Registry.

      EncodedLocationPattern

      Yes

      The encoded location for the object that will be examined. You can specify environment variables.

      StrToFind

      Yes

      A string that will be searched inside the content of the given object.

      - - - -- **IsSameObject** - - The IsSameObject function returns TRUE if the given encoded locations resolve to the same physical object. Otherwise, it returns FALSE. - - Syntax: IsSameObject("*ObjectType*","*EncodedLocation1*","*EncodedLocation2*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      ObjectType

      Yes

      Defines the type of object. Can be File or Registry.

      EncodedLocation1

      Yes

      The encoded location for the first object. You can specify environment variables.

      EncodedLocation2

      Yes

      The encoded location for the second object. You can specify environment variables.

      - - - -~~~ -For example: - -``` syntax - - MigXmlHelper.IsSameObject("File","%CSIDL_FAVORITES%","%CSIDL_COMMON_FAVORITES%") - %CSIDL_FAVORITES%\* [*] - -``` -~~~ - -- **IsSameContent** - - The IsSameContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be compared byte by byte. - - Syntax: IsSameContent("*ObjectType1*","*EncodedLocation1*","*ObjectType2*","*EncodedLocation2*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      ObjectType1

      Yes

      Defines the type of the first object. Can be File or Registry.

      EncodedLocation1

      Yes

      The encoded location for the first object. You can specify environment variables.

      ObjectType2

      Yes

      Defines the type of the second object. Can be File or Registry.

      EncodedLocation2

      Yes

      The encoded location for the second object. You can specify environment variables.

      - - - -- **IsSameStringContent** - - The IsSameStringContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be interpreted as a string. - - Syntax: IsSameStringContent("*ObjectType1*","*EncodedLocation1*","*ObjectType2*","*EncodedLocation2*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      ObjectType1

      Yes

      Defines the type of the first object. Can be File or Registry.

      EncodedLocation1

      Yes

      The encoded location for the first object. You can specify environment variables.

      ObjectType2

      Yes

      Defines the type of the second object. Can be File or Registry.

      EncodedLocation2

      Yes

      The encoded location for the second object. You can specify environment variables.

      - - - -## <conditions> - - -The <conditions> element returns a Boolean result that is used to specify the conditions in which the parent element is evaluated. USMT evaluates the child elements, and then joins their results using the operators AND or OR according to the **operation** parameter. - -- **Number of occurrences:** Unlimited inside another <conditions> element. Limited to one occurrence in [<detection>](#detection), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) - -- **Parent elements:**[<conditions>](#conditions), [<detection>](#detection), [<environment>](#bkmk-environment), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) - -- **Child elements:**[<conditions>](#conditions), [<condition>](#condition) - -Syntax: - -<conditions operation="AND|OR"> - -</conditions> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      operation

      No, default = AND

      Defines the Boolean operation that is performed on the results that are obtained from the child elements.

      - - - -The following example is from the MigApp.xml file: - -``` syntax - - - MigXmlHelper.IsNative64Bit() - - - HKLM\Software - - -``` - -## <content> - - -You can use the <content> element to specify a list of object patterns to obtain an object set from the source computer. Each <objectSet> within a <content> element is evaluated. For each resulting object pattern list, the objects that match it are enumerated and their content is filtered by the filter parameter. The resulting string array is the output for the <content> element. The filter script returns an array of locations. The parent <objectSet> element can contain multiple child <content> elements. - -- **Number of occurrences:** unlimited - -- **Parent elements:**[<objectSet>](#objectset) - -- **Child elements:**[<objectSet>](#objectset) - -- **Helper functions:** You can use the following [<content> functions](#contentfunctions) with this element: ExtractSingleFile, ExtractMultipleFiles, and ExtractDirectory. - -Syntax: - -<content filter="*ScriptInvocation*"> - -</content> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      filter

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      -

      The script is called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      - - - -### <content> functions - -The following functions generate patterns out of the content of an object. These functions are called for every object that the parent <ObjectSet> element is enumerating. - -- **ExtractSingleFile** - - If the registry value is a MULTI-SZ, only the first segment is processed. The returned pattern is the encoded location for a file that must exist on the system. If the specification is correct in the registry value, but the file does not exist, this function returns NULL. - - Syntax: ExtractSingleFile(*Separators*,*PathHints*) - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      Separators

      Yes

      A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. You can specify NULL.

      PathHints

      Yes

      A list of extra paths, separated by colons (;), where the function will look for a file matching the current content. For example, if the content is "Notepad.exe" and the path is the %Path% environment variable, the function will find Notepad.exe in %windir% and returns "c:\Windows [Notepad.exe]". You can specify NULL.

      - - - -~~~ -For example: - -``` syntax - -``` - -and - -``` syntax - -``` -~~~ - -- **ExtractMultipleFiles** - - The ExtractMultipleFiles function returns multiple patterns, one for each file that is found in the content of the given registry value. If the registry value is a MULTI-SZ, the MULTI-SZ separator is considered a separator by default. therefore, for MULTI-SZ, the <Separators> argument must be NULL. - - The returned patterns are the encoded locations for files that must exist on the source computer. If the specification is correct in the registry value but the file does not exist, it will not be included in the resulting list. - - Syntax: ExtractMultipleFiles(*Separators*,*PathHints*) - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      Separators

      Yes

      A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. This parameter must be NULL when processing MULTI-SZ registry values.

      PathHints

      Yes

      A list of extra paths, separated by colons (;), where the function will look for a file matching the current content. For example, if the content is "Notepad.exe" and the path is the %Path% environment variable, the function will find Notepad.exe in %windir% and returns "c:\Windows [Notepad.exe]". You can specify NULL.

      - - - -- **ExtractDirectory** - - The ExtractDirectory function returns a pattern that is the encoded location for a directory that must exist on the source computer. If the specification is correct in the registry value, but the directory does not exist, this function returns NULL. If it is processing a registry value that is a MULTI-SZ, only the first segment will be processed. - - Syntax: ExtractDirectory(*Separators*,*LevelsToTrim*,*PatternSuffix*) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      Separators

      No

      A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. You must specify NULL when processing MULTI-SZ registry values.

      LevelsToTrim

      Yes

      The number of levels to delete from the end of the directory specification. Use this function to extract a root directory when you have a registry value that points inside that root directory in a known location.

      PatternSuffix

      Yes

      The pattern to add to the directory specification. For example, * [*].

      - - - -~~~ -For example: - -``` syntax - - - - %HklmWowSoftware%\Classes\Software\RealNetworks\Preferences\DT_Common [] - - - -``` -~~~ - -## <contentModify> - - -The <contentModify> element modifies the content of an object before it is written to the destination computer. For each <contentModify> element there can be multiple <objectSet> elements. This element returns the new content of the object that is being processed. - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Required child elements:**[<objectSet>](#objectset) - -- **Helper functions**: You can use the following [<contentModify> functions](#contentmodifyfunctions) with this element: ConvertToDWORD, ConvertToString, ConvertToBinary, KeepExisting, OffsetValue, SetValueByTable, MergeMultiSzContent, and MergeDelimitedContent. - -Syntax: - -<contentModify script="*ScriptInvocation*"> - -</contentModify> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      script

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      -

      The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      - - - -### <contentModify> functions - -The following functions change the content of objects as they are migrated. These functions are called for every object that the parent <ObjectSet> element is enumerating. - -- **ConvertToDWORD** - - The ConvertToDWORD function converts the content of registry values that are enumerated by the parent <ObjectSet> element to a DWORD. For example, ConvertToDWORD will convert the string "1" to the DWORD 0x00000001. If the conversion fails, then the value of DefaultValueOnError will be applied. - - Syntax: ConvertToDWORD(*DefaultValueOnError*) - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      DefaultValueOnError

      No

      The value that will be written into the value name if the conversion fails. You can specify NULL, and 0 will be written if the conversion fails.

      - - - -- **ConvertToString** - - The ConvertToString function converts the content of registry values that match the parent <ObjectSet> element to a string. For example, it will convert the DWORD 0x00000001 to the string "1". If the conversion fails, then the value of DefaultValueOnError will be applied. - - Syntax: ConvertToString(*DefaultValueOnError*) - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      DefaultValueOnError

      No

      The value that will be written into the value name if the conversion fails. You can specify NULL, and 0 will be written if the conversion fails.

      - - - -~~~ -For example: - -``` syntax - - - HKCU\Control Panel\Desktop [ScreenSaveUsePassword] - - -``` -~~~ - -- **ConvertToBinary** - - The ConvertToBinary function converts the content of registry values that match the parent <ObjectSet> element to a binary type. - - Syntax: ConvertToBinary () - -- **OffsetValue** - - The OffsetValue function adds or subtracts *Value* from the value of the migrated object, and then writes the result back into the registry value on the destination computer. For example, if the migrated object is a DWORD with a value of 14, and the *Value* is "-2", the registry value will be 12 on the destination computer. - - Syntax: OffsetValue(*Value*) - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      Value

      Yes

      The string representation of a numeric value. It can be positive or negative. For example, OffsetValue(2).

      - - - -- **SetValueByTable** - - The SetValueByTable function matches the value from the source computer to the source table. If the value is there, the equivalent value in the destination table will be applied. If the value is not there, or if the destination table has no equivalent value, the *DefaultValueOnError* will be applied. - - Syntax: SetValueByTable(*SourceTable*,*DestinationTable*,*DefaultValueOnError*) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      SourceTable

      Yes

      A list of values separated by commas that are possible for the source registry values.

      DestinationTable

      No

      A list of translated values separated by commas.

      DefaultValueOnError

      No

      The value that will be applied to the destination computer if either 1) the value for the source computer does not match SourceTable, or 2) DestinationTable has no equivalent value.

      -

      If DefaultValueOnError is NULL, the value will not be changed on the destination computer.

      - - - -- **KeepExisting** - - You can use the KeepExisting function when there are conflicts on the destination computer. This function will keep (not overwrite) the specified attributes for the object that is on the destination computer. - - Syntax: KeepExisting("*OptionString*","*OptionString*","*OptionString*",…) - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      OptionString

      Yes

      OptionString can be Security, TimeFields, or FileAttrib:Letter. You can specify one of each type of OptionStrings. Do not specify multiple OptionStrings with the same value. If you do, the right-most option of that type will be kept. For example, do not specify ("FileAttrib:H", "FileAttrib:R") because only Read-only will be evaluated. Instead specify ("FileAttrib:HR") and both Hidden and Read-only attributes will be kept on the destination computer.

      -
        -

      • Security. Keeps the destination object's security descriptor if it exists.

        • -

      • TimeFields. Keeps the destination object's time stamps. This parameter is for files only.

        • -

      • FileAttrib:Letter. Keeps the destination object's attribute value, either On or OFF, for the specified set of file attributes. This parameter is for files only. The following are case-insensitive, but USMT will ignore any values that are invalid, repeated, or if there is a space after "FileAttrib:". You can specify any combination of the following attributes:

        -
          -

        • A = Archive

          • -

        • C = Compressed

          • -

        • E = Encrypted

          • -

        • H = Hidden

          • -

        • I = Not Content Indexed

          • -

        • O = Offline

          • -

        • R = Read-Only

          • -

        • S = System

          • -

        • T = Temporary

          • -
        • -
      - - - -- **MergeMultiSzContent** - - The MergeMultiSzContent function merges the MULTI-SZ content of the registry values that are enumerated by the parent <ObjectSet> element with the content of the equivalent registry values that already exist on the destination computer. `Instruction` and `String` either remove or add content to the resulting MULTI-SZ. Duplicate elements will be removed. - - Syntax: MergeMultiSzContent (*Instruction*,*String*,*Instruction*,*String*,…) - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      Instruction

      Yes

      Can be one of the following:

      -
        -

      • Add. Adds the corresponding String to the resulting MULTI-SZ if it is not already there.

        • -

      • Remove. Removes the corresponding String from the resulting MULTI-SZ.

        • -

      String

      Yes

      The string to be added or removed.

      - - - -- **MergeDelimitedContent** - - The MergeDelimitedContent function merges the content of the registry values that are enumerated by the parent <ObjectSet> element with the content of the equivalent registry values that already exist on the destination computer. The content is considered a list of elements separated by one of the characters in the Delimiters parameter. Duplicate elements will be removed. - - Syntax: MergeDelimitedContent(*Delimiters*,*Instruction*,*String*,…) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      Delimiters

      Yes

      A single character that will be used to separate the content of the object that is being processed. The content will be considered as a list of elements that is separated by the Delimiters.

      -

      For example, "." will separate the string based on a period.

      Instruction

      Yes

      Can one of the following:

      -
        -

      • Add. Adds String to the resulting MULTI-SZ if it is not already there.

        • -

      • Remove. Removes String from the resulting MULTI-SZ.

        • -

      String

      Yes

      The string to be added or removed.

      - - - -## <description> - - -The <description> element defines a description for the component but does not affect the migration. - -- **Number of occurrences:** zero or one - -- **Parent elements:**[<component>](#component) - -- **Child elements:** none - -Syntax: - -<description>*ComponentDescription*</description> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      ComponentDescription

      Yes

      The description of the component.

      - - - -The following code sample shows how the <description> element defines the "My custom component" description.: - -``` syntax -My custom component -``` - -## <destinationCleanup> - - -The <destinationCleanup> element deletes objects, such as files and registry keys, from the destination computer before applying the objects from the source computer. This element is evaluated only when the LoadState tool is run on the destination computer. That is, this element is ignored by the ScanState tool. - -**Important** -Use this option with extreme caution because it will delete objects from the destination computer. - - - -For each <destinationCleanup> element there can be multiple <objectSet> elements. A common use for this element is if there is a missing registry key on the source computer and you want to ensure that a component is migrated. In this case, you can delete all of the component's registry keys before migrating the source registry keys. This will ensure that if there is a missing key on the source computer, it will also be missing on the destination computer. - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Child elements:**[<objectSet>](#objectset) (Note that the destination computer will delete all child elements.) - -Syntax: - -<destinationCleanup filter=*ScriptInvocation*> - -</destinationCleanup> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      filter

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      -

      The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      - - - -For example: - -``` syntax - - - HKCU\Software\Lotus\123\99.0\DDE Preferences\* [*] - HKCU\Software\Lotus\123\99.0\Find Preferences\* [*] - - -``` - -## <detect> - - -Although the <detect> element is still supported, we do not recommend using it because it may be deprecated in future versions of USMT. In that case, you would have to rewrite your scripts. Instead, we recommend that you use the [<detection>](#detection)**element.** - -You use the <detect> element to determine if the component is present on a system. If all child <detect> elements within a <detect> element resolve to TRUE, then the <detect> element resolves to TRUE. If any child <detect> elements resolve to FALSE, then their parent <detect> element resolves to FALSE. If there is no <detect> element section, then USMT will assume that the component is present. - -For each <detect> element there can be multiple child <condition> or <objectSet> elements, which will be logically joined by an OR operator. If at least one <condition> or <objectSet> element evaluates to TRUE, then the <detect> element evaluates to TRUE. - -- **Number of occurrences:** unlimited - -- **Parent elements:** <detects>, [<namedElements>](#namedelements) - -- **Required child elements:**[<condition>](#condition) - -- **Optional child elements:**[<objectSet>](#objectset) - -Syntax: - -<detect name="*ID*" context="User|System|UserAndSystem"> - -</detect> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      name

      Yes, when <detect> is a child to <namedElements>

      -

      No, when <detect> is a child to <detects>

      When ID is specified, any child elements are not processed. Instead, any other <detect> elements with the same name that are declared within the <namedElements> element are processed.

      context

      No

      -

      (default = UserAndSystem)

      Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.

      -

      The largest possible scope is set by the component element. For example, if a <component> element has a context of User, and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it had a context of User. If the <rules> element had a context of System, it would act as though the <rules> element were not there.

      -
        -

      • User. Evaluates the variables for each user.

        • -

      • System. Evaluates the variables only once for the system.

        • -

      • UserAndSystem. Evaluates the variables for the entire operating system and each user.

        • -
      - - - -For examples, see the examples for [<detection>](#detection). - -## <detects> - - -Although the <detects> element is still supported, we recommend that you do not use it because it may be deprecated in future versions of USMT, which would require you to rewrite your scripts. Instead, we recommend that you use the [<detection>](#detection) element if the parent element is <role> or <namedElements>, and we recommend that you use the <conditions> element if the parent element is <rules>. Using <detection> allows you to more clearly formulate complex Boolean statements. - -The <detects> element is a container for one or more <detect> elements. If all of the child <detect> elements within a <detects> element resolve to TRUE, then <detects> resolves to TRUE. If any of the child <detect> elements resolve to FALSE, then <detects> resolves to FALSE. If you do not want to write the <detects> elements within a component, then you can create the <detects> element under the <namedElements> element, and then refer to it. If there is no <detects> element section, then USMT will assume that the component is present. The results from each <detects> element are joined together by the OR operator to form the rule used to detect the parent element. - -Syntax: - -<detects name="*ID*" context="User|System|UserAndSystem"> - -</detects> - -- **Number of occurrences:** Unlimited. - -- **Parent elements:**[<role>](#role), [<rules>](#rules), [<namedElements>](#namedelements) - -- **Required child elements:** <detect> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      name

      Yes, when <detects> is a child to <namedElements>

      -

      No, when <detects> is a child to <role> or <rules>

      When ID is specified, no child <detect> elements are processed. Instead, any other <detects> elements with the same name that are declared within the <namedElements> element are processed.

      context

      No

      -

      (default = UserAndSystem)

      Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.

      -

      The largest possible scope is set by the <component element>. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it had a context of User. If the <rules> element had a context of System, it would act as though the <rules> element were not there.

      -
        -

      • User. Evaluates the variables for each user.

        • -

      • System. Evaluates the variables only once for the system.

        • -

      • UserAndSystem. Evaluates the variables for the entire operating system and each user.

        • -
      -

      The context parameter is ignored for <detects> elements that are inside <rules> elements.

      - - - -The following example is from the MigApp.xml file. - -``` syntax - - - MigXmlHelper.DoesFileVersionMatch("%Lotus123InstPath%\123w.exe","ProductVersion","9.*") - - - MigXmlHelper.DoesFileVersionMatch("%SmartSuiteInstPath%\smartctr.exe","ProductVersion","99.*") - - -``` - -## <detection> - - -The <detection> element is a container for one <conditions> element. The result of the child <condition> elements, located underneath the <conditions> element, determines the result of this element. For example, if all of the child <conditions> elements within the <detection> element resolve to TRUE, then the <detection> element resolves to TRUE. If any of the child <conditions> elements resolve to FALSE, then the <detection> element resolves to FALSE. - -In addition, the results from each <detection> section within the <role> element are joined together by the OR operator to form the detection rule of the parent element. That is, if one of the <detection> sections resolves to TRUE, then the <role> element will be processed. Otherwise, the <role> element will not be processed. - -Use the <detection> element under the <namedElements> element if you do not want to write it within a component. Then include a matching <detection> section under the <role> element to control whether the component is migrated. If there is not a <detection> section for a component, then USMT will assume that the component is present. - -- **Number of occurrences:** Unlimited. - -- **Parent elements:**[<role>](#role), [<namedElements>](#namedelements) - -- **Child elements:**[<conditions>](#conditions) - -Syntax: - -<detection name="*ID*" context="User|System|UserAndSystem"> - -</detection> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      name

        -

      • Yes, when <detection> is declared under <namedElements>

        • -

      • Optional, when declared under <role>

        • -

      If declared, the content of the <detection> element is ignored and the content of the <detection> element with the same name that is declared in the <namedElements> element will be evaluated.

      context

      No, default = UserAndSystem

      Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.

      -
        -

      • User. Evaluates the component for each user.

        • -

      • System. Evaluates the component only once for the system.

        • -

      • UserAndSystem. Evaluates the component for the entire operating system and each user.

        • -
      - - - -For example: - -``` syntax - - - MigXmlHelper.DoesObjectExist("Registry","HKCU\Software\Adobe\Photoshop\8.0") - MigXmlHelper.DoesFileVersionMatch("%PhotoshopSuite8Path%\Photoshop.exe","FileVersion","8.*") - - -``` - -and - -``` syntax - - - - MigXmlHelper.DoesFileVersionMatch("%QuickTime5Exe%","ProductVersion","QuickTime 5.*") - MigXmlHelper.DoesFileVersionMatch("%QuickTime5Exe%","ProductVersion","QuickTime 6.*") - - -``` - -## <displayName> - - -The <displayName> element is a required field within each <component> element. - -- **Number of occurrences:** once for each component - -- **Parent elements:**[<component>](#component) - -- **Child elements:** none - -Syntax: - -<displayName \_locID="*ID*">*ComponentName*</displayName> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      locID

      No

      This parameter is for internal USMT use. Do not use this parameter.

      ComponentName

      Yes

      The name for the component.

      - - - -For example: - -``` syntax -Command Prompt settings -``` - -## <environment> - - -The <environment> element is a container for <variable> elements in which you can define variables to use in your .xml file. All environment variables defined this way will be private. That is, they will be available only for their child components and the component in which they were defined. For two example scenarios, see [Examples](#envex). - -- **Number of occurrences:** unlimited - -- **Parent elements:**[<role>](#role), [<component>](#component), [<namedElements>](#namedelements) - -- **Required child elements:**[<variable>](#variable) - -- **Optional child elements:**[conditions](#conditions) - -Syntax: - -<environment name="ID" context="User|System|UserAndSystem"> - -</environment> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      name

      Yes, when <environment> is a child of <namedElements>

      -

      No, when <environment> is a child of <role> or <component>

      When declared as a child of the <role> or <component> elements, if ID is declared, USMT ignores the content of the <environment> element and the content of the <environment> element with the same name declared in the <namedElements> element is processed.

      context

      No

      -

      (default = UserAndSystem)

      Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.

      -

      The largest possible scope is set by the <component> element. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it had a context of User. If the <rules> element had a context of System, it would act as though <rules> were not there.

      -
        -

      • User. Evaluates the variables for each user.

        • -

      • System. Evaluates the variables only once for the system.

        • -

      • UserAndSystem. Evaluates the variables for the entire operating system and each user.

        • -
      - - - -## - - -### Example scenario 1 - -In this scenario, you want to generate the location of objects at run time depending on the configuration of the destination computer. For example, you must do this if an application writes data in the directory where it is installed, and users can install the application anywhere on the computer. If the application writes a registry value hklm\\software\\companyname\\install \[path\] and then updates this value with the location where the application is installed, then the only way for you to migrate the required data correctly is to define an environment variable. For example: - -``` syntax - - - - - -``` - -Then you can use an include rule as follows. You can use any of the [<script> functions](#scriptfunctions) to perform similar tasks. - -``` syntax - - - %INSTALLPATH%\ [*.xyz] - - -``` - -Second, you can also filter registry values that contain data that you need. The following example extracts the first string (before the separator ",") in the value of the registry Hklm\\software\\companyname\\application\\ \[Path\]. - -``` syntax - - - - - - Hklm\software\companyname\application\ [Path] - - - - - -``` - -### Example scenario 2: - -In this scenario, you want to migrate five files named File1.txt, File2.txt, and so on, from %SYSTEMDRIVE%\\data\\userdata\\dir1\\dir2\\. To do this you must have the following <include> rule in an .xml file: - -``` syntax - - - %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File1.txt] - %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File2.txt] - %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File3.txt] - %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File4.txt] - %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File5.txt] - - -``` - -Instead of typing the path five times, you can create a variable for the location as follows: - -``` syntax - - - %SYSTEMDRIVE%\data\userdata\dir1\dir2 - - -``` - -Then, you can specify the variable in an <include> rule as follows: - -``` syntax - - - %DATAPATH% [File1.txt] - %DATAPATH% [File2.txt] - %DATAPATH% [File3.txt] - %DATAPATH% [File4.txt] - %DATAPATH% [File5.txt] - - -``` - -## <exclude> - - -The <exclude> element determines what objects will not be migrated, unless there is a more specific <include> element that migrates an object. If there is an <include> and <exclude> element for the same object, the object will be included. For each <exclude> element there can be multiple child <objectSet> elements. - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Child elements:**[<objectSet>](#objectset) - -- **Helper functions:** You can use the following [<exclude> filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, NeverRestore, and SameRegContent. - -Syntax: - -<exclude filter="*ScriptInvocation*"> - -</exclude> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      filter

      No

      -

      (default = No)

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      -

      The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      - - - -For example, from the MigUser.xml file: - -``` syntax - - - %CSIDL_MYMUSIC%\* [*] - %CSIDL_MYPICTURES%\* [*] - %CSIDL_MYVIDEO%\* [*] - - -``` - -## <excludeAttributes> - - -You can use the <excludeAttributes> element to determine which parameters associated with an object will not be migrated. If there are conflicts between the <includeAttributes> and <excludeAttributes> elements, the most specific pattern determines the patterns that will not be migrated. If an object does not have an <includeAttributes> or <excludeAttributes> element, then all of its parameters will be migrated. - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Child elements:**[<objectSet>](#objectset) - -Syntax: - -<excludeAttributes attributes="Security|TimeFields|Security,TimeFields"> - -</excludeAttributes> - - ----- - - - - - - - - - - - - - - -
      ParameterRequired?Value

      attributes

      Yes

      Specifies the attributes to be excluded. You can specify one of the following, or both separated by quotes; for example, "Security","TimeFields":

      -
        -

      • Security can be one of Owner, Group, DACL, or SACL.

        • -

      • TimeFields can be one of CreationTime, LastAccessTime and LastWrittenTime

        • -
      - - - -Example: - -``` syntax - - - - System Data - - - - - - %SYSTEMDRIVE%\ [*.txt] - - - - - - %SYSTEMDRIVE%\ [a*.txt] - - - - - - %SYSTEMDRIVE%\ [aa.txt] - - - - - - logoff - - - - - - - DOC - PPT - VXD - PST - CPP - - - -``` - -## <extensions> - - -The <extensions> element is a container for one or more <extension> elements. - -- **Number of occurrences:** zero or one - -- **Parent elements:**[<component>](#component) - -- **Required child elements:**[<extension>](#extension) - -Syntax: - -<extensions> - -</extensions> - -## <extension> - - -You can use the <extension> element to specify documents of a specific extension. - -- **Number of occurrences:** unlimited - -- **Parent elements:**[<extensions>](#extensions) - -- **Child elements:** none - -Syntax: - -<extension>*FilenameExtension*</extension> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      FilenameExtension

      Yes

      A file name extension.

      - - - -For example, if you want to migrate all \*.doc files from the source computer, specifying the following code under the <component> element: - -``` syntax - - doc - -``` - -is the same as specifying the following code below the <rules> element: - -``` syntax - - - - - -``` - -For another example of how to use the <extension> element, see the example for [<excludeAttributes>](#excludeattributes). - -## <externalProcess> - - -You can use the <externalProcess> element to run a command line during the migration process. For example, you may want to run a command after the LoadState process completes. - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Required child elements:**[<commandLine>](#commandline) - -Syntax: - -<externalProcess when="pre-scan|scan-success|post-scan|pre-apply|apply-success|post-apply"> - -</externalProcess> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      when

      Yes

      Indicates when the command line should be run. This value can be one of the following:

      -
        -

      • pre-scan before the scanning process begins.

        • -

      • scan-success after the scanning process has finished successfully.

        • -

      • post-scan after the scanning process has finished, whether it was successful or not.

        • -

      • pre-apply before the apply process begins.

        • -

      • apply-success after the apply process has finished successfully.

        • -

      • post-apply after the apply process has finished, whether it was successful or not.

        • -
      - - - -For an example of how to use the <externalProcess> element, see the example for [<excludeAttributes>](#excludeattributes). - -## <icon> - - -This is an internal USMT element. Do not use this element. - -## <include> - - -The <include> element determines what to migrate, unless there is a more specific [<exclude>](#exclude) rule. You can specify a script to be more specific to extend the definition of what you want to collect. For each <include> element there can be multiple <objectSet> elements. - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Required child element:**[<objectSet>](#objectset) - -- **Helper functions:** You can use the following [<include> filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, and NeverRestore. - -Syntax: - -<include filter="*ScriptInvocation*"> - -</include> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      filter

      No.

      -

      If this parameter is not specified, then all patterns that are inside the child <ObjectSet> element will be processed.

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      -

      The script will be called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      - - - -The following example is from the MigUser.xml file: - -``` syntax - - My Video - - %CSIDL_MYVIDEO% - - - - - MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%") - - - - - - %CSIDL_MYVIDEO%\* [*] - - - - - %CSIDL_MYVIDEO% [desktop.ini] - - - - - -``` - -### <include> and <exclude> filter functions - -The following functions return a Boolean value. You can use them to migrate certain objects based on when certain conditions are met. - -- **AnswerNo** - - This filter always returns FALSE. - - Syntax: AnswerNo () - -- **CompareStringContent** - - Syntax: CompareStringContent("*StringContent*","*CompareType*") - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      StringContent

      Yes

      The string to check against.

      CompareType

      Yes

      A string. Use one of the following values:

      -
        -

      • Equal (case insensitive). The function returns TRUE if the string representation of the current object that is processed by the migration engine is identical to StringContent.

        • -

      • NULL or any other value. The function returns TRUE if the string representation of the current object that is processed by the migration engine does not match StringContent.

        • -
      - - - -- **IgnoreIrrelevantLinks** - - This filter screens out the .lnk files that point to an object that is not valid on the destination computer. Note that the screening takes place on the destination computer, so all .lnk files will be saved to the store during ScanState. Then they will be screened out when you run the LoadState tool. - - Syntax: IgnoreIrrelevantLinks () - - For example: - - ``` syntax - - - %CSIDL_COMMON_VIDEO%\* [*] - - - ``` - -- **NeverRestore** - - You can use this function to collect the specified objects from the source computer but then not migrate the objects to the destination computer. When run with the ScanState tool, this function evaluates to TRUE. When run with the LoadState tool, this function evaluates to FALSE. You may want to use this function when you want to check an object's value on the destination computer but do not intend to migrate the object to the destination. - - Syntax: NeverRestore() - - In the following example, HKCU\\Control Panel\\International \[Locale\] will be included in the store, but it will not be migrated to the destination computer: - - ``` syntax - - - HKCU\Control Panel\International [Locale] - - - ``` - -## <includeAttributes> - - -You can use the <includeAttributes> element to determine whether certain parameters associated with an object will be migrated along with the object itself. If there are conflicts between the <includeAttributes> and <excludeAttributes> elements, the most specific pattern will determine which parameters will be migrated. If an object does not have an <includeAttributes> or <excludeAttributes> element, then all of its parameters will be migrated. - -- **Number of occurrences:** unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Child elements:**[<objectSet>](#objectset) - -Syntax: - -<includeAttributes attributes="Security|TimeFields|Security,TimeFields"> - -</includeAttributes> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      attributes

      Yes

      Specifies the attributes to be included with a migrated object. You can specify one of the following, or both separated by quotes; for example, "Security","TimeFields":

      -
        -

      • Security can be one of the following values:

        -
          -

        • Owner. The owner of the object (SID).

          • -

        • Group. The primary group for the object (SID).

          • -

        • DACL (discretionary access control list). An access control list that is controlled by the owner of an object and that specifies the access particular users or groups can have to the object.

          • -

        • SACL (system access control list). An ACL that controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object's SACL is controlled by a privilege typically held only by system administrators.

          • -
        • -

      • TimeFields can be one of the following:

        -
          -

        • CreationTime. Specifies when the file or directory was created.

          • -

        • LastAccessTime. Specifies when the file is last read from, written to, or, in the case of executable files, run.

          • -

        • LastWrittenTime. Specifies when the file is last written to, truncated, or overwritten.

          • -
        • -
      - - - -For an example of how to use the <includeAttributes> element, see the example for [<excludeAttributes>](#excludeattributes). - -## <library> - - -This is an internal USMT element. Do not use this element. - -## <location> - - -The <location> element defines the location of the <object> element. - -- **Number of occurrences:** once for each <object> - -- **Parent elements:**[<object>](#object) - -- **Child elements:**[<script>](#script) - -Syntax: - -<location type="*typeID*">*ObjectLocation*</location> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      type

      Yes

      typeID can be Registry or File.

      ObjectLocation

      Yes

      The location of the object.

      - - - -The following example is from the MigApp.xml file: - -``` syntax - - - %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion] - DWORD - 0B000000 - - - %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] - DWORD - 00000000 - - -``` - -## <locationModify> - - -You can use the <locationModify> element to change the location and name of an object before it is migrated to the destination computer. The <locationModify> element is processed only when the LoadState tool is run on the destination computer. In other words, this element is ignored by the ScanState tool. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. - -**Number of occurrences:** Unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Required child element:**[<objectSet>](#objectset) - -- **Helper functions:** You can use the following [<locationModify> functions](#locationmodifyfunctions) with this element: ExactMove, RelativeMove, and Move. - -Syntax: - -<locationModify script="*ScriptInvocation*"> - -</locationModify> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      script

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      -

      The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      - - - -The following example is from the MigApp.xml file: - -``` syntax - - - %CSIDL_APPDATA%\Microsoft\Office\ [Access10.pip] - - -``` - -### <locationModify> functions - -The following functions change the location of objects as they are migrated when using the <locationModify> element. These functions are called for every object that the parent <ObjectSet> element is enumerating. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. - -- **ExactMove** - - The ExactMove function moves all of the objects that are matched by the parent <ObjectSet> element into the given *ObjectEncodedLocation*. You can use this function when you want to move a single file to a different location on the destination computer. If the destination location is a node, all of the matching source objects will be written to the node without any subdirectories. If the destination location is a leaf, the migration engine will migrate all of the matching source objects to the same location. If a collision occurs, the normal collision algorithms will apply. - - Syntax: ExactMove(*ObjectEncodedLocation*) - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      ObjectEncodedLocation

      Yes

      The destination location for all of the source objects.

      - - - -~~~ -For example: - -``` syntax - - - HKCU\Keyboard Layout\Toggle [] - - -``` -~~~ - -- **Move** - - The Move function moves objects to a different location on the destination computer. In addition, this function creates subdirectories that were above the longest CSIDL in the source object name. - - Syntax: Move(*DestinationRoot*) - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      DestinationRoot

      Yes

      The location where the source objects will be moved. If needed, this function will create any subdirectories that were above the longest CSIDL in the source object name.

      - - - -- **RelativeMove** - - You can use the RelativeMove function to collect and move data. Note that you can use environment variables in source and destination roots, but they may be defined differently on the source and destination computers. - - Syntax: RelativeMove(*SourceRoot*,*DestinationRoot*) - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      SourceRoot

      Yes

      The location from where the objects will be moved. Any source objects that are enumerated by the parent <ObjectSet> element that are not in this location will not be moved.

      DestinationRoot

      Yes

      The location where the source objects will be moved to on the destination computer. If needed, this function will create any subdirectories that were above SourceRoot.

      - - - -~~~ -For example: - -``` syntax - - - %CSIDL_COMMON_FAVORITES%\* [*] - - - - - %CSIDL_COMMON_FAVORITES%\* [*] - - -``` -~~~ - -## <\_locDefinition> - - -This is an internal USMT element. Do not use this element. - -## <manufacturer> - - -The <manufacturer> element defines the manufacturer for the component, but does not affect the migration. - -- **Number of occurrences:** zero or one - -- **Parent elements:**[<component>](#component) - -- **Child elements:** none - -Syntax: - -<manufacturer>*Name*</manufacturer> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      Name

      Yes

      The name of the manufacturer for the component.

      - - - -## <merge> - - -The <merge> element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to "OriginalFileName(1).OriginalExtension". This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify <include> rules along with the <merge> element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a <merge> rule C:\\\* \[\*\] set to <sourcePriority> and a <merge> rule C:\\subfolder\\\* \[\*\] set to <destinationPriority>, then USMT would use the <destinationPriority> rule because it is the more specific. - -For an example of this element, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Required child element:**[<objectSet>](#objectset) - -- **Helper functions:** You can use the following [<merge> functions](#mergefunctions) with this element: SourcePriority, DestinationPriority, FindFilePlaceByPattern, LeafPattern, NewestVersion, HigherValue(), and LowerValue(). - -Syntax: - -<merge script="*ScriptInvocation*"> - -</merge> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      script

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      -

      The script will be called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      - - - -The following example is from the MigUser.xml file: - -``` syntax - - - - %CSIDL_MYVIDEO%\* [*] - - - - - %CSIDL_MYVIDEO% [desktop.ini] - - - -``` - -### <merge> functions - -These functions control how collisions are resolved. - -- **DestinationPriority** - - Specifies to keep the object that is on the destination computer and not migrate the object from the source computer. - - For example: - - ``` syntax - - - HKCU\Software\Microsoft\Office\9.0\PhotoDraw\ [MyPictures] - HKCU\Software\Microsoft\Office\9.0\PhotoDraw\Settings\ [PicturesPath] - HKCU\Software\Microsoft\Office\9.0\PhotoDraw\Settings\ [AdditionalPlugInPath] - - - ``` - -- **FindFilePlaceByPattern** - - The FindFilePlaceByPattern function saves files with an incrementing counter when a collision occurs. It is a string that contains one of each constructs: <F>, <E>, <N> in any order. - - Syntax: FindFilePlaceByPattern(*FilePattern*) - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      FilePattern

      Yes

        -

      • <F> will be replaced by the original file name.

        • -

      • <N> will be replaced by an incrementing counter until there is no collision with the objects on the destination computer.

        • -

      • <E> will be replaced by the original file name extension.

        • -
      -

      For example, <F> (<N>).<E> will change the source file MyDocument.doc into MyDocument (1).doc on the destination computer.

      - - - -- **NewestVersion** - - The NewestVersion function will resolve conflicts on the destination computer based on the version of the file. - - Syntax: NewestVersion(*VersionTag*) - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      VersionTag

      Yes

      The version field that will be checked. This can be "FileVersion" or "ProductVersion". The file with the highest VersionTag version determines which conflicts will be resolved based on the file's version. For example, if Myfile.txt contains FileVersion 1 and the same file on the destination computer contains FileVersion 2, the file on destination will remain.

      - - - -- **HigherValue()** - - You can use this function for merging registry values. The registry values will be evaluated as numeric values, and the one with the higher value will determine which registry values will be merged. - -- **LowerValue()** - - You can use this function for merging registry values. The registry values will be evaluated as numeric values and the one with the lower value will determine which registry values will be merged. - -- **SourcePriority** - - Specifies to migrate the object from the source computer, and to delete the object that is on the destination computer. - - For example: - - ``` syntax - - - %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Publisher [UpgradeVersion] - %HklmWowSoftware%\Microsoft\Office\11.0\Common\Migration\Publisher [UpgradeVersion] - %HklmWowSoftware%\Microsoft\Office\10.0\Common\Migration\Publisher [UpgradeVersion] - - - ``` - -## <migration> - - -The <migration> element is the single root element of a migration .xml file and is required. Each .xml file must have a unique migration urlid. The urlid of each file that you specify on the command line must be unique. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following at the beginning of each file: <CustomFileName> is the name of the file; for example, "CustomApp". - -- **Number of occurrences:** one - -- **Parent elements:** none - -- **Required child elements:**[<component>](#component) - -- **Optional child elements:**[<library>](#library), [<namedElements>](#namedelements) - -Syntax: - -<migration urlid="UrlID/Name"> - -</migration> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      urlid

      Yes

      UrlID is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see Use XML Namespaces.

      Name

      No

      Although not required, it is good practice to use the name of the .xml file.

      - - - -The following example is from the MigApp.xml file: - -``` syntax - - -``` - -## MigXMLHelper.FileProperties - - -This filter helper function can be used to filter the migration of files based on file size and date attributes. - - ---- - - - - - - - - - - - - - - - - - - - - -
      Helper FunctionMigXMLHelper.FileProperties (property, operator, valueToCompare)

      Property

      filesize, dateCreated, dateModified, dateAccessed

      Operator

      range, neq, lte, lt, eq, gte, gt

      valueToCompare

      The value we are comparing. For example:

      -

      Date: “2008/05/15-2005/05/17”, “2008/05/15”

      -

      Size: A numeral with B, KB, MB, or GB at the end. “5GB”, “1KB-1MB”

      - - - -``` syntax - -File_size - - - - - - %SYSTEMDRIVE%\DOCS\* [*] - - - - - -``` - -## <namedElements> - - -You can use the **<namedElements>** element to define named elements. You can use these elements in any component throughout your .xml file. For an example of how to use this element, see the MigApp.xml file. - -Syntax: - -<namedElements> - -</namedElements> - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<migration>](#migration) - -- **Child elements:**[<environment>](#bkmk-environment), [<rules>](#rules), [<conditions>](#conditions), [<detection>](#detection), <detects>, <detect> - -For an example of this element, see the MigApp.xml file. - -## <object> - - -The <object> element represents a file or registry key. - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<addObjects>](#addobjects) - -- **Required child elements:**[<location>](#location), [<attributes>](#attribute) - -- **Optional child elements:**[<bytes>](#bytes) - -Syntax: - -<object> - -</object> - -The following example is from the MigApp.xml file: - -``` syntax - - - %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion] - DWORD - 0B000000 - - - %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] - DWORD - 00000000 - - -``` - -## <objectSet> - - -The <objectSet> element contains a list of object patterns ; for example, file paths, registry locations, and so on. Any child <conditions> elements will be evaluated first. If all child <conditions> elements return FALSE, the <objectSet> element will evaluate to an empty set. For each parent element, there can be only multiple <objectSet> elements. - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<variable>](#variable), [<content>](#content), [<include>](#include), [<exclude>](#exclude), [<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [<unconditionalExclude>](#unconditionalexclude), <detect> - -- **Required child elements:** either [<script>](#script) or [<pattern>](#pattern) - -- **Optional child elements:**[<content>](#content), [conditions](#conditions), <condition> - -Syntax: - -<objectSet> - -</objectSet> - -The following example is from the MigUser.xml file: - -``` syntax - - My Music - - %CSIDL_MYMUSIC% - - - - - MigXmlHelper.DoesObjectExist("File","%CSIDL_MYMUSIC%") - - - - - - %CSIDL_MYMUSIC%\* [*] - - - - - %CSIDL_MYMUSIC%\ [desktop.ini] - - - - - -``` - -## <path> - - -This is an internal USMT element. Do not use this element. - -## <paths> - - -This is an internal USMT element. Do not use this element. - -## <pattern> - - -You can use this element to specify multiple objects. You can specify multiple <pattern> elements for each <objectSet> element and they will be combined. If you are specifying files, you may want to use GenerateDrivePatterns with <script> instead. GenerateDrivePatterns is basically the same as a <pattern> rule, without the drive letter specification. For example, the following two lines of code are similar: - -``` syntax -C:\Folder\* [Sample.doc] - -``` - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<objectSet>](#objectset) - -- **Child elements:** none but *Path* \[*object*\] must be valid. - -Syntax: - -<pattern type="*typeID*">*Path* \[*object*\]</pattern> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      type

      Yes

      typeID can be Registry, File, or Ini. If typeId is Ini, then you cannot have a space between Path and object. For example, the following is correct when type="Ini":

      -

      <pattern type="Ini">%WinAmp5InstPath%\Winamp.ini|WinAmp[keeponscreen]</pattern>

      Path [object]

      Yes

      A valid registry or file path pattern, followed by at least one space, followed by brackets [] that contain the object to be migrated.

      -
        -

      • Path can contain the asterisk () wildcard character or can be an Recognized Environment Variables. You cannot use the question mark as a wildcard character.You can use HKCU and HKLM to refer to HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE respectively.

        • -

      • Object can contain the asterisk () wildcard character. However, you cannot use the question mark as a wildcard character. For example:

        -

        C:\Folder\ [] enumerates all files in C:<em>Path but no subfolders of C:\Folder.

        -

        C:\Folder* [] enumerates all files and subfolders of C:\Folder.

        -

        C:\Folder\ [*.mp3] enumerates all .mp3 files in C:\Folder.

        -

        C:\Folder\ [Sample.doc] enumerates only the Sample.doc file located in C:\Folder.

        -
        -Note

        If you are migrating a file that has a square bracket character ([ or ]) in the file name, you must insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", you must specify <pattern type="File">c:\documents\mydocs [file^].txt]</pattern> instead of <pattern type="File">c:\documents\mydocs [file].txt]</pattern>.

        -
        -
        - -
        • -
      - - - -For example: - -- To migrate a single registry key: - - ``` syntax - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache [Persistent] - ``` - -- To migrate the EngineeringDrafts folder and any subfolders from the C: drive: - - ``` syntax - C:\EngineeringDrafts\* [*] - ``` - -- To migrate only the EngineeringDrafts folder, excluding any subfolders, from the C: drive: - - [Reroute Files and Settings](usmt-reroute-files-and-settings.md) - -- To migrate the Sample.doc file from C:\\EngineeringDrafts: - - ``` syntax - C:\EngineeringDrafts\ [Sample.doc] - ``` - -- To migrate the Sample.doc file from where ever it exists on the C: drive use pattern in the following way. If multiple files exist with the same name on the C: drive, then all of these files will be migrated. - - ``` syntax - C:\* [Sample.doc] - ``` - -- For more examples of how to use this element, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md), [Reroute Files and Settings](usmt-reroute-files-and-settings.md), [Include Files and Settings](usmt-include-files-and-settings.md), and [Custom XML Examples](usmt-custom-xml-examples.md). - -## <processing> - - -You can use this element to run a script during a specific point within the migration process. Return values are not expected from the scripts that you specify, and if there are return values, they will be ignored. - -- **Number of occurrences:** unlimited - -- **Parent elements:**[<rules>](#rules) - -- **Required child element:**[<script>](#script) - -Syntax: - -<processing when="pre-scan|scan-success|post-scan|pre-apply|apply-success|post-apply"> - -</processing> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      when

      Yes

      Indicates when the script should be run. This value can be one of the following:

      -
        -

      • pre-scan means before the scanning process begins.

        • -

      • scan-success means after the scanning process has finished successfully.

        • -

      • post-scan means after the scanning process has finished, whether it was successful or not.

        • -

      • pre-apply means before the apply process begins.

        • -

      • apply-success means after the apply process has finished successfully.

        • -

      • post-apply means after the apply process has finished, whether it was successful or not.

        • -
      - - - -## <plugin> - - -This is an internal USMT element. Do not use this element. - -## <role> - - -The <role> element is required in a custom .xml file. By specifying the <role> element, you can create a concrete component. The component will be defined by the parameters specified at the <component> level, and with the role that you specify here. - -- **Number of occurrences:** Each <component> can have one, two or three child <role> elements. - -- **Parent elements:**[<component>](#component), [<role>](#role) - -- **Required child elements:**[<rules>](#rules) - -- **Optional child elements:**[<environment>](#bkmk-environment), [<detection>](#detection), [<component>](#component), [<role>](#role), <detects>, <plugin>, - -Syntax: - -<role role="Container|Binaries|Settings|Data"> - -</role> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      role

      Yes

      Defines the role for the component. Role can be one of:

      -
        -

      • Container

        • -

      • Binaries

        • -

      • Settings

        • -

      • Data

        • -
      -

      You can either:

      -
        -

      1. Specify up to three <role> elements within a <component> — one “Binaries” role element, one “Settings” role element and one “Data” role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

        2. -

      2. Specify one “Container” <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

        3. -
      -
      <component context="UserAndSystem" type="Application">
-  <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
-  <environment name="GlobalEnv" /> 
-  <role role="Container">
-    <detection name="AnyOffice2003Version" /> 
-    <detection name="FrontPage2003" /> 
-    <!-- 
- Office 2003 Common Settings 
-  --> 
-    <component context="UserAndSystem" type="Application">
      - - - -The following example is from the MigUser.xml file. For more examples, see the MigApp.xml file: - -``` syntax - - Start Menu - - %CSIDL_STARTMENU% - - - - - MigXmlHelper.DoesObjectExist("File","%CSIDL_STARTMENU%") - - - - - - %CSIDL_STARTMENU%\* [*] - - - - - %CSIDL_STARTMENU% [desktop.ini] - %CSIDL_STARTMENU%\* [*] - - - - - -``` - -## <rules> - - -The <rules> element is required in a custom .xml file. This element contains rules that will run during the migration if the parent <component> element is selected, unless the child <conditions> element, if present, evaluates to FALSE. For each <rules> element there can be multiple child <rules> elements. - -- **Number of occurrences:** unlimited - -- **Parent elements:**[<role>](#role), [<rules>](#rules), [<namedElements>](#namedelements) - -- **Required child elements:**[<include>](#include) - -- **Optional child elements:**[<rules>](#rules), [<exclude>](#exclude), [<unconditionalExclude>](#unconditionalexclude),[<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<addObjects>](#addobjects), [<externalProcess>](#externalprocess), [<processing>](#processing), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [conditions](#conditions), <detects> - -Syntax: - -<rules name="*ID*" context="User|System|UserAndSystem"> - -</rules> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      name

      Yes, when <rules> is a child to <namedElements>

      -

      No, when <rules> is a child to any other element

      When ID is specified, any child elements are not processed. Instead, any other <rules> elements with the same name that are declared within <namedElements> are processed.

      context

      No

      -

      (default = UserAndSystem)

      Defines the scope of this parameter — whether to process this component in the context of the specific user, across the entire operating system, or both.

      -

      The largest possible scope is set by the component element. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it has a context of User. If <rules> had a context of System, it would act as though <rules> was not there.

      -
        -

      • User. Evaluates the variables for each user.

        • -

      • System. Evaluates the variables only once for the system.

        • -

      • UserAndSystem. Evaluates the variables for the entire operating system and each user.

        • -
      - - - -The following example is from the MigUser.xml file: - -``` syntax - - My Music - - %CSIDL_MYMUSIC% - - - - - MigXmlHelper.DoesObjectExist("File","%CSIDL_MYMUSIC%") - - - - - - %CSIDL_MYMUSIC%\* [*] - - - - - %CSIDL_MYMUSIC%\ [desktop.ini] - - - - - -``` - -## <script> - - -The return value that is required by <script> depends on the parent element. - -**Number of occurrences:** Once for [<variable>](#variable), unlimited for [<objectSet>](#objectset) and [<processing>](#processing) - -**Parent elements:**[<objectSet>](#objectset), [<variable>](#variable), [<processing>](#processing) - -**Child elements:** none - -**Syntax and helper functions:** - -- General Syntax: <script>*ScriptWithArguments*</script> - -- You can use [GetStringContent](#scriptfunctions) when <script> is within <variable>. - - Syntax: <script>MigXmlHelper.GetStringContent("*ObjectType*","*EncodedLocationPattern*", "*ExpandContent*")</script> - - Example: `` - -- You can use [GenerateUserPatterns](#scriptfunctions) when <script> is within <objectSet>. - - Syntax: <script>MigXmlHelper.GenerateUserPatterns("*ObjectType*","*EncodedLocationPattern*","*ProcessCurrentUser*")</script> - - Example: `` - -- You can use [GenerateDrivePatterns](#scriptfunctions) when <script> is within <objectSet>. - - Syntax: <script>MigXmlHelper.GenerateDrivePatterns("*PatternSegment*","*DriveType*")</script> - - Example: `` - -- You can use the [Simple executing scripts](#scriptfunctions) with <script> elements that are within <processing> elements: AskForLogoff, ConvertToShortFileName, KillExplorer, RemoveEmptyDirectories, RestartExplorer, RegisterFonts, StartService, StopService, SyncSCM. - - Syntax: <script>MigXmlHelper.*ExecutingScript*</script> - - Example: `` - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      ScriptWithArguments

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      -

      The script will be called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      -

      The return value that is required by <script> depends on the parent element.

      -
        -

      • When used within <variable>, the return value must be a string.

        • -

      • When used within <objectSet>, the return value must be a two-dimensional array of strings.

        • -

      • When used within <location>, the return value must be a valid location that aligns with the type attribute of <location>. For example, if <location type="File">, the child script element, if specified, must be a valid file location.

        -
        -Note

        If you are migrating a file that has a bracket character ([ or ]) in the file name, insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", specify <pattern type="File">c:\documents\mydocs [file^].txt]</pattern> instead of <pattern type="File">c:\documents\mydocs [file].txt]</pattern>.

        -
        -
        - -
        • -
      - - - -Examples: - -To migrate the Sample.doc file from any drive on the source computer, use <script> as follows. If multiple files exist with the same name, all such files will get migrated. - -``` syntax - -``` - -For more examples of how to use this element, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md), [Reroute Files and Settings](usmt-reroute-files-and-settings.md), and [Custom XML Examples](usmt-custom-xml-examples.md). - -### <script> functions - -You can use the following functions with the <script> element - -- [String and pattern generating functions](#stringgeneratingfunctions) - -- [Simple executing scripts](#simple) - -### String and pattern generating functions - -These functions return either a string or a pattern. - -- **GetStringContent** - - You can use GetStringContent with <script> elements that are within <variable> elements. If possible, this function returns the string representation of the given object. Otherwise, it returns NULL. For file objects this function always returns NULL. - - Syntax: GetStringContent("*ObjectType*","*EncodedLocationPattern*", "*ExpandContent*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      ObjectType

      Yes

      The type of object. Can be Registry or Ini (for an .ini file).

      EncodedLocationPattern

      Yes

        -

      • If type of object is Registry, EncodedLocationPattern must be a valid registry path. For example, HKLM\SOFTWARE\MyKey[].

        • -

      • If the type of object is Ini, then EncodedLocationPattern must be in the following format:

        -

        IniFilePath|SectionName[SettingName]

        • -

      ExpandContent

      No (default=TRUE)

      Can be TRUE or FALSE. If FALSE, then the given location will not be expanded before it is returned.

      - - - -~~~ -For example: - -``` syntax - - - -``` -~~~ - -- **GenerateDrivePatterns** - - The GenerateDrivePatterns function will iterate all of the available drives and select the ones that match the requested drive type. It will then concatenate the selected drives with the end part of *PatternSegment* to form a full encoded file pattern. For example, if *PatternSegment* is `Path [file.txt]` and DriveType is `Fixed`, then the function will generate `C:\Path [file.txt]`, and other patterns if there are fixed drives other than C:. You cannot specify environment variables with this function. You can use GenerateDrivePatterns with <script> elements that are within [<objectSet>](#objectset) that are within <include>/<exclude>. - - Syntax: GenerateDrivePatterns("*PatternSegment*","*DriveType*") - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      PatternSegment

      Yes

      The suffix of an encoded pattern. It will be concatenated with a drive specification, such as "c:&quot;, to form a complete encoded file pattern. For example, "* [*.doc]". PatternSegment cannot be an environment variable.

      DriveType

      Yes

      The drive type for which the patterns are to be generated. You can specify one of:

      -
        -

      • Fixed

        • -

      • CDROM

        • -

      • Removable

        • -

      • Remote

        • -
      - - - -~~~ -See the last component in the MigUser.xml file for an example of this element. -~~~ - -- **GenerateUserPatterns** - - The function will iterate through all users that are being migrated, excluding the currently processed user if <ProcessCurrentUser> is FALSE, and will expand the specified pattern in the context of each user. For example, if users A, B and C have profiles in C:\\Documents and Settings), by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns: - - - "C:\\Documents and Settings\\A\\\* \[\*.doc\]" - - - "C:\\Documents and Settings\\B\\\* \[\*.doc\]" - - - "C:\\Documents and Settings\\C\\\* \[\*.doc\]" - - Syntax:GenerateUserPatterns("*ObjectType*","*EncodedLocationPattern*","*ProcessCurrentUser*") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      ObjectType

      Yes

      Defines the object type. Can be File or Registry.

      EncodedLocationPattern

      Yes

      The location pattern. Environment variables are allowed.

      ProcessCurrentUser

      Yes

      Can be TRUE or FALSE. Indicates if the patterns should be generated for the current user.

      - - - -~~~ -**Example:** - -If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X’s profile. - -The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected. - -``` syntax - - - - - - - - - %ProfilesFolder%\* [*.doc] - - - - - - - %ProfilesFolder%\* [*.doc] - - - - - - - - -``` -~~~ - -### MigXmlHelper.GenerateDocPatterns - -This helper function invokes the document finder to scan the system for all files that can be migrated. It can be invoked in either System or User context to focus the scan. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      ScanProgramFiles

      No (default = FALSE)

      Can be TRUE or FALSE. The ScanProgramFiles parameter determines whether or not the document finder scans the Program Files directory to gather registered file extensions for known applications. For example, when set to TRUE it will discover and migrate .jpg files under the Photoshop directory, if .jpg is a file extension registered to Photoshop.

      IncludePatterns

      No (default = TRUE)

      Can be TRUE or FALSE. TRUE will generate include patterns and can be added under the <include> element. FALSE will generate exclude patterns and can be added under the <exclude> element.

      SystemDrive

      No (default = FALSE)

      Can be TRUE or FALSE. If TRUE, restricts all patterns to the system drive.

      - - - -``` syntax - - - MigDocUser - - - - - - - - - - - - - - - -``` - -### Simple executing scripts - -The following scripts have no return value. You can use the following errors with <script> elements that are within <processing> elements - -- **AskForLogoff()**. Prompts the user to log off at the end of the migration. For example: - - ``` syntax - - - - ``` - -- **ConvertToShortFileName(RegistryEncodedLocation)**. If *RegistryEncodedLocation* is the full path of an existing file, this function will convert the file to its short file name and then it will update the registry value. - -- **KillExplorer()**. Stops Explorer.exe for the current user context. This allows access to certain keys and files that are kept open when Explorer.exe is running. For example: - - ``` syntax - - - - ``` - -- **RegisterFonts(FileEncodedLocation)**. Registers the given font or all of the fonts in the given directory. For example: - - ``` syntax - - - - ``` - -- **RemoveEmptyDirectories (DirectoryEncodedPattern).** Deletes any empty directories that match *DirectoryEncodedPattern* on the destination computer. - -- **RestartExplorer().** Restarts Explorer.exe at the end of the migration. For example: - - ``` syntax - - - - ``` - -- **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=267898). - -- **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. - -- **SyncSCM(ServiceShortName).** Reads the Start type value from the registry (HKLM\\System\\CurrentControlSet\\Services\\ServiceShortName \[Start\]) after it is changed by the migration engine, and then synchronizes Service Control Manager (SCM) with the new value. - -## <text> - - -You can use the <text> element to set a value for any environment variables that are inside one of the migration .xml files. - -- **Number of occurrences:** Once in each [<variable>](#variable) element. - -- **Parent elements:**[<variable>](#variable) - -- **Child elements:** None. - -Syntax: - -<text>*NormalText*</text> - - ---- - - - - - - - - - - - - -
      SettingValue

      NormalText

      This is interpreted as normal text.

      - - - -For example: - -``` syntax - - %CSIDL_COMMON_APPDATA%\QuickTime - -``` - -## <unconditionalExclude> - - -The <unconditionalExclude> element excludes the specified files and registry values from the migration, regardless of the other include rules in any of the migration .xml files or in the Config.xml file. The objects declared here will not be migrated because this element takes precedence over all other rules. For example, even if there are explicit <include> rules to include .mp3 files, if you specify to exclude them with this option, then they will not be migrated. - -Use this element if you want to exclude all .mp3 files from the source computer. Or, if you are backing up C:\\UserData using another method, you can exclude the entire folder from the migration. Use this element with caution, however, because if an application needs a file that you exclude, the application may not function properly on the destination computer. - -- **Number of occurrences:** Unlimited. - -- **Parent elements:**[<rules>](#rules) - -- **Child elements:**[<objectSet>](#objectset) - -Syntax: - -<unconditionalExclude></unconditionalExclude> - -The following .xml file excludes all .mp3 files from migration. For additional examples of how to use this element, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md). - -``` syntax - - - Test - - - - - - - - - - - -``` - -## <variable> - - -The <variable> element is required in an <environment> element. For each <variable> element there must be one <objectSet>, <script>, or <text> element. The content of the <variable> element assigns a text value to the environment variable. This element has the following three options: - -1. If the <variable> element contains a <text> element, then the value of the variable element will be the value of the <text> element. - -2. If the <variable> element contains a <script> element and the invocation of the script produces a non-null string, then the value of the <variable> element will be the result of the script invocation. - -3. If the <variable> element contains an <objectSet> element and the evaluation of the <objectSet> element produces at least one object pattern, then the value of the first object to match the resulting object pattern will be the value of the variable element. - -- **Number of occurrences:** Unlimited - -- **Parent elements:**[<environment>](#bkmk-environment) - -- **Required child elements:** either [<text>](#text), or [<script>](#script), or [<objectSet>](#objectset) - -Syntax: - -<variable name="*ID*" remap=TRUE|FALSE> - -</variable> - - ----- - - - - - - - - - - - - - - - - - - - -
      SettingRequired?Value

      name

      Yes

      ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component’s name to avoid namespace collisions. For example, if your component’s name is MyComponent, and you want a variable that is your component’s install path, you could specify MyComponent.InstallPath.

      remap

      No, default = FALSE

      Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable’s value are automatically moved to where the environment variable points on the destination computer.

      - - - -The following example is from the MigApp.xml file: - -``` syntax - - - HKLM\Software - - - - - -``` - -## <version> - - -The <version> element defines the version for the component, but does not affect the migration. - -- **Number of occurrences:** zero or one - -- **Parent elements:**[<component>](#component) - -- **Child elements:** none - -Syntax: - -<version>*ComponentVersion*</version> - - ----- - - - - - - - - - - - - - - -
      SettingRequired?Value

      ComponentVersion

      Yes

      The version of the component, which can contain patterns.

      - - - -For example: - -``` syntax -4.* -``` - -## <windowsObjects> - - -The <windowsObjects> element is for USMT internal use only. Do not use this element. - -## Appendix - - -### Specifying locations - -- **Specifying encoded locations**. The encoded location used in all of the helper functions is an unambiguous string representation for the name of an object. It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves. - - For example, specify the file C:\\Windows\\Notepad.exe like this: `c:\Windows[Notepad.exe]`. Similarly, specify the directory C:\\Windows\\System32 like this: `c:\Windows\System32`. (Notice the absence of the \[\] construct.) - - Representing the registry is very similar. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key will be `HKLM\SOFTWARE\MyKey[]`. - -- **Specifying location patterns**. You specify a location pattern in a way that is similar to how you specify an actual location. The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf. - - For example, the pattern `c:\Windows\*` will match the Windows directory and all subdirectories. But it will not match any of the files in those directories. To match the files as well, you must specify `c:\Windows\*[*]`. - -### Internal USMT functions - -The following functions are for internal USMT use only. Do not use them in an .xml file. - -- AntiAlias - -- ConvertScreenSaver - -- ConvertShowIEOnDesktop - -- ConvertToOfficeLangID - -- MigrateActiveDesktop - -- MigrateAppearanceUPM - -- MigrateDisplayCS - -- MigrateDisplaySS - -- MigrateIEAutoSearch - -- MigrateMouseUPM - -- MigrateSoundSysTray - -- MigrateTaskBarSS - -- SetPstPathInMapiStruc - -### Valid version tags - -You can use the following version tags with various helper functions: - -- “CompanyName” - -- “FileDescription” - -- “FileVersion” - -- “InternalName” - -- “LegalCopyright” - -- “OriginalFilename” - -- “ProductName” - -- “ProductVersion” - -The following version tags contain values that can be compared: - -- “FileVersion” - -- “ProductVersion” - -## Related topics - - -[USMT XML Reference](usmt-xml-reference.md) - - - - - - - - - +--- +title: XML Elements Library (Windows 10) +description: XML Elements Library +ms.assetid: f5af0f6d-c3bf-4a4c-a0ca-9db7985f954f +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# XML Elements Library + + +## Overview + + +This topic describes the XML elements and helper functions that you can employ to author migration .xml files to use with User State Migration Tool (USMT). It is assumed that you understand the basics of XML. . + +## In This Topic + + +In addition to XML elements and helper functions, this topic describes how to specify encoded locations and locations patterns, functions that are for internal USMT use only, and the version tags that you can use with helper functions. + +- [Elements and helper functions](#elements) + +- [Appendix](#appendix) + + - [Specifying locations](#locations) + + - [Internal USMT functions](#internalusmtfunctions) + + - [Valid version tags](#allowed) + +## Elements and Helper Functions + + +The following table describes the XML elements and helper functions you can use with USMT. + + +++++ + + + + + + + + + + + + + + +
      Elements A-KElements L-ZHelper functions

      <addObjects>

      +

      <attributes>

      +

      <bytes>

      +

      <commandLine>

      +

      <component>

      +

      <condition>

      +

      <conditions>

      +

      <content>

      +

      <contentModify>

      +

      <description>

      +

      <destinationCleanup>

      +

      <detect>

      +

      <detects>

      +

      <detection>

      +

      <displayName>

      +

      <environment>

      +

      <exclude>

      +

      <excludeAttributes>

      +

      <extensions>

      +

      <extension>

      +

      <externalProcess>

      +

      <icon>

      +

      <include>

      +

      <includeAttribute>

      <library>

      +

      <location>

      +

      <locationModify>

      +

      <_locDefinition>

      +

      <manufacturer>

      +

      <merge>

      +

      <migration>

      +

      <namedElements>

      +

      <object>

      +

      <objectSet>

      +

      <path>

      +

      <paths>

      +

      <pattern>

      +

      <processing>

      +

      <plugin>

      +

      <role>

      +

      <rules>

      +

      <script>

      +

      <text>

      +

      <unconditionalExclude>

      +

      <variable>

      +

      <version>

      +

      <windowsObjects>

      <condition> functions

      +

      <content> functions

      +

      <contentModify> functions

      +

      <include> and <exclude> filter functions

      +

      <locationModify> functions

      +

      <merge> functions

      +

      <script> functions

      +

      Internal USMT functions

      + + + +## <addObjects> + + +The <addObjects> element emulates the existence of one or more objects on the source computer. The child <object> elements provide the details of the emulated objects. If the content is a <script> element, the result of the invocation will be an array of objects. + +- **Number of occurrences:** unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Required child elements:** [<object>](#object) In addition, you must specify [<location>](#location) and [<attribute>](#attribute) as child elements of this <object> element. + +- **Optional child elements:**[<conditions>](#conditions), <condition>, [<script>](#script) + +Syntax: + +<addObjects> + +</addObjects> + +The following example is from the MigApp.xml file: + +``` xml + + + %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion] + DWORD + 0B000000 + + + %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] + DWORD + 00000000 + + +``` + +## <attributes> + + +The <attributes> element defines the attributes for a registry key or file. + +- **Number of occurrences:** once for each <object> + +- **Parent elements:**[<object>](#object) + +- **Child elements:** none + +Syntax: + +<attributes>*Content*</attributes> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      Content

      Yes

      The content depends on the type of object specified.

      +
        +

      • For files, the content can be a string containing any of the following attributes separated by commas:

        +
          +

        • Archive

          • +

        • Read-only

          • +

        • System

          • +

        • Hidden

          • +
        • +

      • For registry keys, the content can be one of the following types:

        +
          +

        • None

          • +

        • String

          • +

        • ExpandString

          • +

        • Binary

          • +

        • Dword

          • +

        • REG_SZ

          • +
        • +
      + + + +The following example is from the MigApp.xml file: + +``` xml + + %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] + DWORD + 00000000 + +``` + +## <bytes> + + +You must specify the <bytes> element only for files because, if <location> corresponds to a registry key or a directory, then <bytes> will be ignored. + +- **Number of occurrences:** zero or one + +- **Parent elements:**[<object>](#object) + +- **Child elements:** none + +Syntax: + +<bytes string="Yes|No" expand="Yes|No">*Content*</bytes> + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      string

      No, default is No

      Determines whether Content should be interpreted as a string or as bytes.

      expand

      No (default = Yes

      When the expand parameter is Yes, the content of the <bytes> element is first expanded in the context of the source computer and then interpreted.

      Content

      Yes

      Depends on the value of the string.

      +
        +

      • When the string is Yes: the content of the <bytes> element is interpreted as a string.

        • +

      • When the string is No: the content of the <bytes> element is interpreted as bytes. Each two characters represent the hexadecimal value of a byte. For example, "616263" is the representation for the "abc" ANSI string. A complete representation of the UNICODE string "abc" including the string terminator would be: "6100620063000000".

        • +
      + + + +The following example is from the MigApp.xml file: + +``` xml + + %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] + DWORD + 00000000 + +``` + +## <commandLine> + + +You might want to use the <commandLine> element if you want to start or stop a service or application before or after you run the ScanState and LoadState tools. + +- **Number of occurrences:** unlimited + +- **Parent elements:**[<externalProcess>](#externalprocess) + +- **Child elements:** none**** + +Syntax: + +<commandLine>*CommandLineString*</commandLine> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      CommandLineString

      Yes

      A valid command line.

      + + + +## <component> + + +The <component> element is required in a custom .xml file. This element defines the most basic construct of a migration .xml file. For example, in the MigApp.xml file, "Microsoft® Office 2003" is a component that contains another component, "Microsoft Office Access® 2003". You can use the child elements to define the component. + +A component can be nested inside another component; that is, the <component> element can be a child of the <role> element within the <component> element in two cases: 1) when the parent <component> element is a container or 2) if the child <component> element has the same role as the parent <component> element. + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<migration>](#migration), [<role>](#role) + +- **Required child elements:**[<role>](#role), [<displayName>](#displayname) + +- **Optional child elements:**[<manufacturer>](#manufacturer), [<version>](#version), [<description>](#description), [<paths>](#paths), [<icon>](#icon), [<environment>](#bkmk-environment), [<extensions>](#extensions) + +Syntax: + +<component type="System|Application|Device|Documents" context="User|System|UserAndSystem" defaultSupported="TRUE|FALSE|YES|NO" + +hidden="Yes|No"> + +</component> + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      type

      Yes

      You can use the following to group settings, and define the type of the component.

      +
        +

      • System: Operating system settings. All Windows® components are defined by this type.

        +

        When type="System" and defaultSupported="FALSE" the settings will not migrate unless there is an equivalent component in the .xml files that is specified on the LoadState command line. For example, the default MigSys.xml file contains components with type="System" and defaultSupported="FALSE". If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name. Otherwise, the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers.

        • +

      • Application: Settings for an application.

        • +

      • Device: Settings for a device.

        • +

      • Documents: Specifies files.

        • +

      context

      No

      +

      Default = UserAndSystem

      Defines the scope of this parameter; that is, whether to process this component in the context of the specific user, across the entire operating system, or both.

      +

      The largest possible scope is set by the <component> element. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it has a context of User. If a <rules> element has a context of System, it would act as though the <rules> element is not there.

      +
        +

      • User. Evaluates the component for each user.

        • +

      • System. Evaluates the component only once for the system.

        • +

      • UserAndSystem. Evaluates the component for the entire operating system and each user.

        • +

      defaultSupported

      No

      +

      (default = TRUE)

      Can be any of TRUE, FALSE, YES or NO. If this parameter is FALSE (or NO), the component will not be migrated unless there is an equivalent component on the destination computer.

      +

      When type="System" and defaultSupported="FALSE" the settings will not migrate unless there is an equivalent component in the .xml files that are specified on the LoadState command line. For example, the default MigSys.xml file contains components with type="System" and defaultSupported="FALSE". If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name or the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers.

      hidden

      This parameter is for internal USMT use only.

      + + + +For an example, see any of the default migration .xml files. + +## <condition> + + +Although the <condition> element under the <detect>, <objectSet>, and <addObjects> elements is supported, we recommend that you do not use it. This element might be deprecated in future versions of USMT, requiring you to rewrite your scripts. We recommend that, if you need to use a condition within the <objectSet> and <addObjects> elements, you use the more powerful [<conditions>](#conditions) element, which allows you to formulate complex Boolean statements. + +The <condition> element has a Boolean result. You can use this element to specify the conditions in which the parent element will be evaluated. If any of the present conditions return FALSE, the parent element will not be evaluated. + +- **Number of occurrences:** unlimited. + +- **Parent elements:**[<conditions>](#conditions), <detect>, <objectSet>, <addObjects> + +- **Child elements:** none + +- **Helper functions:** You can use the following [<condition> functions](#conditionfunctions) with this element: DoesOSMatch, IsNative64Bit(), IsOSLaterThan, IsOSEarlierThan, DoesObjectExist, DoesFileVersionMatch, IsFileVersionAbove, IsFileVersionBelow, IsSystemContext, DoesStringContentEqual, DoesStringContentContain, IsSameObject, IsSameContent, and IsSameStringContent. + +Syntax: + +<condition negation="Yes|No">*ScriptName*</condition> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      negation

      No

      +

      Default = No

      "Yes" reverses the True/False value of the condition.

      ScriptName

      Yes

      A script that has been defined within this migration section.

      + + + +For example, + +In the code sample below, the <condition> elements, A and B, are joined together by the AND operator because they are in separate <conditions> sections. For example: + +``` xml + + + A + + + B + + +``` + +However, in the code sample below, the <condition> elements, A and B, are joined together by the OR operator because they are in the same <conditions> section. + +``` xml + + + A + B + + +``` + +### <condition> functions + +The <condition> functions return a Boolean value. You can use these elements in <addObjects> conditions. + +- [Operating system version functions](#operatingsystemfunctions) + +- [Object content functions](#objectcontentfunctions) + +### Operating system version functions + +- **DoesOSMatch** + + All matches are case insensitive. + + Syntax: DoesOSMatch("*OSType*","*OSVersion*") + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      OSType

      Yes

      The only valid value for this setting is NT. Note, however, that you must set this setting for the <condition> functions to work correctly.

      OSVersion

      Yes

      The major version, minor version, build number and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version with a pattern. For example, 5.0.*.

      + + + +~~~ +For example: + +<condition>MigXmlHelper.DoesOSMatch("NT","\*")</condition> +~~~ + +- **IsNative64Bit** + + The IsNative64Bit function returns TRUE if the migration process is running as a native 64-bit process; that is, a process running on a 64-bit system without Windows on Windows (WOW). Otherwise, it returns FALSE. + +- **IsOSLaterThan** + + All comparisons are case insensitive. + + Syntax: IsOSLaterThan("*OSType*","*OSVersion*") + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      OSType

      Yes

      Can be 9x or NT. If OSType does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and OSType is “9x”, the result will be FALSE.

      OSVersion

      Yes

      The major version, minor version, build number, and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version but no pattern is allowed. For example, 5.0.

      +

      The IsOSLaterThan function returns TRUE if the current operating system is later than or equal to OSVersion.

      + + + +~~~ +For example: + +<condition negation="Yes">MigXmlHelper.IsOSLaterThan("NT","6.0")</condition> +~~~ + +- **IsOSEarlierThan** + + All comparisons are case insensitive. + + Syntax: IsOSEarlierThan("*OSType*","*OSVersion*") + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      OSType

      Yes

      Can be 9x or NT. If OSType does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and OSType is “9x” the result will be FALSE.

      OSVersion

      Yes

      The major version, minor version, build number, and corrected service diskette version separated by periods. For example, 5.0.2600.Service Pack 1. You can also specify partial specification of the version but no pattern is allowed. For example, 5.0.

      +

      The IsOSEarlierThan function returns TRUE if the current operating system is earlier than OSVersion.

      + + + +### Object content functions + +- **DoesObjectExist** + + The DoesObjectExist function returns TRUE if any object exists that matches the location pattern. Otherwise, it returns FALSE. The location pattern is expanded before attempting the enumeration. + + Syntax: DoesObjectExist("*ObjectType*","*EncodedLocationPattern*") + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      ObjectType

      Yes

      Defines the object type. Can be File or Registry.

      EncodedLocationPattern

      Yes

      The location pattern. Environment variables are allowed.

      + + + +~~~ +For an example of this element, see the MigApp.xml file. +~~~ + +- **DoesFileVersionMatch** + + The pattern check is case insensitive. + + Syntax: DoesFileVersionMatch("*EncodedFileLocation*","*VersionTag*","*VersionValue*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      EncodedFileLocation

      Yes

      The location pattern for the file that will be checked. Environment variables are allowed.

      VersionTag

      Yes

      The version tag value that will be checked.

      VersionValue

      Yes

      A string pattern. For example, "Microsoft*".

      + + + +~~~ +For example: + +<condition>MigXmlHelper.DoesFileVersionMatch("%MSNMessengerInstPath%\\msnmsgr.exe","ProductVersion","6.\*")</condition> + +<condition>MigXmlHelper.DoesFileVersionMatch("%MSNMessengerInstPath%\\msnmsgr.exe","ProductVersion","7.\*")</condition> +~~~ + +- **IsFileVersionAbove** + + The IsFileVersionAbove function returns TRUE if the version of the file is higher than *VersionValue*. + + Syntax: IsFileVersionAbove("*EncodedFileLocation*","*VersionTag*","*VersionValue*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      EncodedFileLocation

      Yes

      The location pattern for the file that will be checked. Environment variables are allowed.

      VersionTag

      Yes

      The version tag value that will be checked.

      VersionValue

      Yes

      The value to compare to. You cannot specify a pattern.

      + + + +- **IsFileVersionBelow** + + Syntax: IsFileVersionBelow("*EncodedFileLocation*","*VersionTag*","*VersionValue*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      EncodedFileLocation

      Yes

      The location pattern for the file that will be checked. Environment variables are allowed.

      VersionTag

      Yes

      The version tag value that will be checked.

      VersionValue

      Yes

      The value to compare to. You cannot specify a pattern.

      + + + +- **IsSystemContext** + + The IsSystemContext function returns TRUE if the current context is "System". Otherwise, it returns FALSE. + + Syntax: IsSystemContext() + +- **DoesStringContentEqual** + + The DoesStringContentEqual function returns TRUE if the string representation of the given object is identical to `StringContent`. + + Syntax: DoesStringContentEqual("*ObjectType*","*EncodedLocation*","*StringContent*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      ObjectType

      Yes

      Defines the type of object. Can be File or Registry.

      EncodedLocationPattern

      Yes

      The encoded location for the object that will be examined. You can specify environment variables.

      StringContent

      Yes

      The string that will be checked against.

      + + + +~~~ +For example: + +``` xml +MigXmlHelper.DoesStringContentEqual("File","%USERNAME%","") +``` +~~~ + +- **DoesStringContentContain** + + The DoesStringContentContain function returns TRUE if there is at least one occurrence of *StrToFind* in the string representation of the object. + + Syntax: DoesStringContentContain("*ObjectType*","*EncodedLocation*","*StrToFind*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      ObjectType

      Yes

      Defines the type of object. Can be File or Registry.

      EncodedLocationPattern

      Yes

      The encoded location for the object that will be examined. You can specify environment variables.

      StrToFind

      Yes

      A string that will be searched inside the content of the given object.

      + + + +- **IsSameObject** + + The IsSameObject function returns TRUE if the given encoded locations resolve to the same physical object. Otherwise, it returns FALSE. + + Syntax: IsSameObject("*ObjectType*","*EncodedLocation1*","*EncodedLocation2*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      ObjectType

      Yes

      Defines the type of object. Can be File or Registry.

      EncodedLocation1

      Yes

      The encoded location for the first object. You can specify environment variables.

      EncodedLocation2

      Yes

      The encoded location for the second object. You can specify environment variables.

      + + + +~~~ +For example: + +``` xml + + MigXmlHelper.IsSameObject("File","%CSIDL_FAVORITES%","%CSIDL_COMMON_FAVORITES%") + %CSIDL_FAVORITES%\* [*] + +``` +~~~ + +- **IsSameContent** + + The IsSameContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be compared byte by byte. + + Syntax: IsSameContent("*ObjectType1*","*EncodedLocation1*","*ObjectType2*","*EncodedLocation2*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      ObjectType1

      Yes

      Defines the type of the first object. Can be File or Registry.

      EncodedLocation1

      Yes

      The encoded location for the first object. You can specify environment variables.

      ObjectType2

      Yes

      Defines the type of the second object. Can be File or Registry.

      EncodedLocation2

      Yes

      The encoded location for the second object. You can specify environment variables.

      + + + +- **IsSameStringContent** + + The IsSameStringContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be interpreted as a string. + + Syntax: IsSameStringContent("*ObjectType1*","*EncodedLocation1*","*ObjectType2*","*EncodedLocation2*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      ObjectType1

      Yes

      Defines the type of the first object. Can be File or Registry.

      EncodedLocation1

      Yes

      The encoded location for the first object. You can specify environment variables.

      ObjectType2

      Yes

      Defines the type of the second object. Can be File or Registry.

      EncodedLocation2

      Yes

      The encoded location for the second object. You can specify environment variables.

      + + + +## <conditions> + + +The <conditions> element returns a Boolean result that is used to specify the conditions in which the parent element is evaluated. USMT evaluates the child elements, and then joins their results using the operators AND or OR according to the **operation** parameter. + +- **Number of occurrences:** Unlimited inside another <conditions> element. Limited to one occurrence in [<detection>](#detection), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) + +- **Parent elements:**[<conditions>](#conditions), [<detection>](#detection), [<environment>](#bkmk-environment), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) + +- **Child elements:**[<conditions>](#conditions), [<condition>](#condition) + +Syntax: + +<conditions operation="AND|OR"> + +</conditions> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      operation

      No, default = AND

      Defines the Boolean operation that is performed on the results that are obtained from the child elements.

      + + + +The following example is from the MigApp.xml file: + +``` xml + + + MigXmlHelper.IsNative64Bit() + + + HKLM\Software + + +``` + +## <content> + + +You can use the <content> element to specify a list of object patterns to obtain an object set from the source computer. Each <objectSet> within a <content> element is evaluated. For each resulting object pattern list, the objects that match it are enumerated and their content is filtered by the filter parameter. The resulting string array is the output for the <content> element. The filter script returns an array of locations. The parent <objectSet> element can contain multiple child <content> elements. + +- **Number of occurrences:** unlimited + +- **Parent elements:**[<objectSet>](#objectset) + +- **Child elements:**[<objectSet>](#objectset) + +- **Helper functions:** You can use the following [<content> functions](#contentfunctions) with this element: ExtractSingleFile, ExtractMultipleFiles, and ExtractDirectory. + +Syntax: + +<content filter="*ScriptInvocation*"> + +</content> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      filter

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      +

      The script is called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      + + + +### <content> functions + +The following functions generate patterns out of the content of an object. These functions are called for every object that the parent <ObjectSet> element is enumerating. + +- **ExtractSingleFile** + + If the registry value is a MULTI-SZ, only the first segment is processed. The returned pattern is the encoded location for a file that must exist on the system. If the specification is correct in the registry value, but the file does not exist, this function returns NULL. + + Syntax: ExtractSingleFile(*Separators*,*PathHints*) + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      Separators

      Yes

      A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. You can specify NULL.

      PathHints

      Yes

      A list of extra paths, separated by colons (;), where the function will look for a file matching the current content. For example, if the content is "Notepad.exe" and the path is the %Path% environment variable, the function will find Notepad.exe in %windir% and returns "c:\Windows [Notepad.exe]". You can specify NULL.

      + + + +~~~ +For example: + +``` xml + +``` + +and + +``` xml + +``` +~~~ + +- **ExtractMultipleFiles** + + The ExtractMultipleFiles function returns multiple patterns, one for each file that is found in the content of the given registry value. If the registry value is a MULTI-SZ, the MULTI-SZ separator is considered a separator by default. therefore, for MULTI-SZ, the <Separators> argument must be NULL. + + The returned patterns are the encoded locations for files that must exist on the source computer. If the specification is correct in the registry value but the file does not exist, it will not be included in the resulting list. + + Syntax: ExtractMultipleFiles(*Separators*,*PathHints*) + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      Separators

      Yes

      A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. This parameter must be NULL when processing MULTI-SZ registry values.

      PathHints

      Yes

      A list of extra paths, separated by colons (;), where the function will look for a file matching the current content. For example, if the content is "Notepad.exe" and the path is the %Path% environment variable, the function will find Notepad.exe in %windir% and returns "c:\Windows [Notepad.exe]". You can specify NULL.

      + + + +- **ExtractDirectory** + + The ExtractDirectory function returns a pattern that is the encoded location for a directory that must exist on the source computer. If the specification is correct in the registry value, but the directory does not exist, this function returns NULL. If it is processing a registry value that is a MULTI-SZ, only the first segment will be processed. + + Syntax: ExtractDirectory(*Separators*,*LevelsToTrim*,*PatternSuffix*) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      Separators

      No

      A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. You must specify NULL when processing MULTI-SZ registry values.

      LevelsToTrim

      Yes

      The number of levels to delete from the end of the directory specification. Use this function to extract a root directory when you have a registry value that points inside that root directory in a known location.

      PatternSuffix

      Yes

      The pattern to add to the directory specification. For example, * [*].

      + + + +~~~ +For example: + +``` xml + + + + %HklmWowSoftware%\Classes\Software\RealNetworks\Preferences\DT_Common [] + + + +``` +~~~ + +## <contentModify> + + +The <contentModify> element modifies the content of an object before it is written to the destination computer. For each <contentModify> element there can be multiple <objectSet> elements. This element returns the new content of the object that is being processed. + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Required child elements:**[<objectSet>](#objectset) + +- **Helper functions**: You can use the following [<contentModify> functions](#contentmodifyfunctions) with this element: ConvertToDWORD, ConvertToString, ConvertToBinary, KeepExisting, OffsetValue, SetValueByTable, MergeMultiSzContent, and MergeDelimitedContent. + +Syntax: + +<contentModify script="*ScriptInvocation*"> + +</contentModify> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      script

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      +

      The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      + + + +### <contentModify> functions + +The following functions change the content of objects as they are migrated. These functions are called for every object that the parent <ObjectSet> element is enumerating. + +- **ConvertToDWORD** + + The ConvertToDWORD function converts the content of registry values that are enumerated by the parent <ObjectSet> element to a DWORD. For example, ConvertToDWORD will convert the string "1" to the DWORD 0x00000001. If the conversion fails, then the value of DefaultValueOnError will be applied. + + Syntax: ConvertToDWORD(*DefaultValueOnError*) + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      DefaultValueOnError

      No

      The value that will be written into the value name if the conversion fails. You can specify NULL, and 0 will be written if the conversion fails.

      + + + +- **ConvertToString** + + The ConvertToString function converts the content of registry values that match the parent <ObjectSet> element to a string. For example, it will convert the DWORD 0x00000001 to the string "1". If the conversion fails, then the value of DefaultValueOnError will be applied. + + Syntax: ConvertToString(*DefaultValueOnError*) + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      DefaultValueOnError

      No

      The value that will be written into the value name if the conversion fails. You can specify NULL, and 0 will be written if the conversion fails.

      + + + +~~~ +For example: + +``` xml + + + HKCU\Control Panel\Desktop [ScreenSaveUsePassword] + + +``` +~~~ + +- **ConvertToBinary** + + The ConvertToBinary function converts the content of registry values that match the parent <ObjectSet> element to a binary type. + + Syntax: ConvertToBinary () + +- **OffsetValue** + + The OffsetValue function adds or subtracts *Value* from the value of the migrated object, and then writes the result back into the registry value on the destination computer. For example, if the migrated object is a DWORD with a value of 14, and the *Value* is "-2", the registry value will be 12 on the destination computer. + + Syntax: OffsetValue(*Value*) + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      Value

      Yes

      The string representation of a numeric value. It can be positive or negative. For example, OffsetValue(2).

      + + + +- **SetValueByTable** + + The SetValueByTable function matches the value from the source computer to the source table. If the value is there, the equivalent value in the destination table will be applied. If the value is not there, or if the destination table has no equivalent value, the *DefaultValueOnError* will be applied. + + Syntax: SetValueByTable(*SourceTable*,*DestinationTable*,*DefaultValueOnError*) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      SourceTable

      Yes

      A list of values separated by commas that are possible for the source registry values.

      DestinationTable

      No

      A list of translated values separated by commas.

      DefaultValueOnError

      No

      The value that will be applied to the destination computer if either 1) the value for the source computer does not match SourceTable, or 2) DestinationTable has no equivalent value.

      +

      If DefaultValueOnError is NULL, the value will not be changed on the destination computer.

      + + + +- **KeepExisting** + + You can use the KeepExisting function when there are conflicts on the destination computer. This function will keep (not overwrite) the specified attributes for the object that is on the destination computer. + + Syntax: KeepExisting("*OptionString*","*OptionString*","*OptionString*",…) + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      OptionString

      Yes

      OptionString can be Security, TimeFields, or FileAttrib:Letter. You can specify one of each type of OptionStrings. Do not specify multiple OptionStrings with the same value. If you do, the right-most option of that type will be kept. For example, do not specify ("FileAttrib:H", "FileAttrib:R") because only Read-only will be evaluated. Instead specify ("FileAttrib:HR") and both Hidden and Read-only attributes will be kept on the destination computer.

      +
        +

      • Security. Keeps the destination object's security descriptor if it exists.

        • +

      • TimeFields. Keeps the destination object's time stamps. This parameter is for files only.

        • +

      • FileAttrib:Letter. Keeps the destination object's attribute value, either On or OFF, for the specified set of file attributes. This parameter is for files only. The following are case-insensitive, but USMT will ignore any values that are invalid, repeated, or if there is a space after "FileAttrib:". You can specify any combination of the following attributes:

        +
          +

        • A = Archive

          • +

        • C = Compressed

          • +

        • E = Encrypted

          • +

        • H = Hidden

          • +

        • I = Not Content Indexed

          • +

        • O = Offline

          • +

        • R = Read-Only

          • +

        • S = System

          • +

        • T = Temporary

          • +
        • +
      + + + +- **MergeMultiSzContent** + + The MergeMultiSzContent function merges the MULTI-SZ content of the registry values that are enumerated by the parent <ObjectSet> element with the content of the equivalent registry values that already exist on the destination computer. `Instruction` and `String` either remove or add content to the resulting MULTI-SZ. Duplicate elements will be removed. + + Syntax: MergeMultiSzContent (*Instruction*,*String*,*Instruction*,*String*,…) + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      Instruction

      Yes

      Can be one of the following:

      +
        +

      • Add. Adds the corresponding String to the resulting MULTI-SZ if it is not already there.

        • +

      • Remove. Removes the corresponding String from the resulting MULTI-SZ.

        • +

      String

      Yes

      The string to be added or removed.

      + + + +- **MergeDelimitedContent** + + The MergeDelimitedContent function merges the content of the registry values that are enumerated by the parent <ObjectSet> element with the content of the equivalent registry values that already exist on the destination computer. The content is considered a list of elements separated by one of the characters in the Delimiters parameter. Duplicate elements will be removed. + + Syntax: MergeDelimitedContent(*Delimiters*,*Instruction*,*String*,…) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      Delimiters

      Yes

      A single character that will be used to separate the content of the object that is being processed. The content will be considered as a list of elements that is separated by the Delimiters.

      +

      For example, "." will separate the string based on a period.

      Instruction

      Yes

      Can one of the following:

      +
        +

      • Add. Adds String to the resulting MULTI-SZ if it is not already there.

        • +

      • Remove. Removes String from the resulting MULTI-SZ.

        • +

      String

      Yes

      The string to be added or removed.

      + + + +## <description> + + +The <description> element defines a description for the component but does not affect the migration. + +- **Number of occurrences:** zero or one + +- **Parent elements:**[<component>](#component) + +- **Child elements:** none + +Syntax: + +<description>*ComponentDescription*</description> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      ComponentDescription

      Yes

      The description of the component.

      + + + +The following code sample shows how the <description> element defines the "My custom component" description.: + +``` xml +My custom component +``` + +## <destinationCleanup> + + +The <destinationCleanup> element deletes objects, such as files and registry keys, from the destination computer before applying the objects from the source computer. This element is evaluated only when the LoadState tool is run on the destination computer. That is, this element is ignored by the ScanState tool. + +**Important** +Use this option with extreme caution because it will delete objects from the destination computer. + + + +For each <destinationCleanup> element there can be multiple <objectSet> elements. A common use for this element is if there is a missing registry key on the source computer and you want to ensure that a component is migrated. In this case, you can delete all of the component's registry keys before migrating the source registry keys. This will ensure that if there is a missing key on the source computer, it will also be missing on the destination computer. + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Child elements:**[<objectSet>](#objectset) (Note that the destination computer will delete all child elements.) + +Syntax: + +<destinationCleanup filter=*ScriptInvocation*> + +</destinationCleanup> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      filter

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      +

      The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      + + + +For example: + +``` xml + + + HKCU\Software\Lotus\123\99.0\DDE Preferences\* [*] + HKCU\Software\Lotus\123\99.0\Find Preferences\* [*] + + +``` + +## <detect> + + +Although the <detect> element is still supported, we do not recommend using it because it may be deprecated in future versions of USMT. In that case, you would have to rewrite your scripts. Instead, we recommend that you use the [<detection>](#detection)**element.** + +You use the <detect> element to determine if the component is present on a system. If all child <detect> elements within a <detect> element resolve to TRUE, then the <detect> element resolves to TRUE. If any child <detect> elements resolve to FALSE, then their parent <detect> element resolves to FALSE. If there is no <detect> element section, then USMT will assume that the component is present. + +For each <detect> element there can be multiple child <condition> or <objectSet> elements, which will be logically joined by an OR operator. If at least one <condition> or <objectSet> element evaluates to TRUE, then the <detect> element evaluates to TRUE. + +- **Number of occurrences:** unlimited + +- **Parent elements:** <detects>, [<namedElements>](#namedelements) + +- **Required child elements:**[<condition>](#condition) + +- **Optional child elements:**[<objectSet>](#objectset) + +Syntax: + +<detect name="*ID*" context="User|System|UserAndSystem"> + +</detect> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      name

      Yes, when <detect> is a child to <namedElements>

      +

      No, when <detect> is a child to <detects>

      When ID is specified, any child elements are not processed. Instead, any other <detect> elements with the same name that are declared within the <namedElements> element are processed.

      context

      No

      +

      (default = UserAndSystem)

      Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.

      +

      The largest possible scope is set by the component element. For example, if a <component> element has a context of User, and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it had a context of User. If the <rules> element had a context of System, it would act as though the <rules> element were not there.

      +
        +

      • User. Evaluates the variables for each user.

        • +

      • System. Evaluates the variables only once for the system.

        • +

      • UserAndSystem. Evaluates the variables for the entire operating system and each user.

        • +
      + + + +For examples, see the examples for [<detection>](#detection). + +## <detects> + + +Although the <detects> element is still supported, we recommend that you do not use it because it may be deprecated in future versions of USMT, which would require you to rewrite your scripts. Instead, we recommend that you use the [<detection>](#detection) element if the parent element is <role> or <namedElements>, and we recommend that you use the <conditions> element if the parent element is <rules>. Using <detection> allows you to more clearly formulate complex Boolean statements. + +The <detects> element is a container for one or more <detect> elements. If all of the child <detect> elements within a <detects> element resolve to TRUE, then <detects> resolves to TRUE. If any of the child <detect> elements resolve to FALSE, then <detects> resolves to FALSE. If you do not want to write the <detects> elements within a component, then you can create the <detects> element under the <namedElements> element, and then refer to it. If there is no <detects> element section, then USMT will assume that the component is present. The results from each <detects> element are joined together by the OR operator to form the rule used to detect the parent element. + +Syntax: + +<detects name="*ID*" context="User|System|UserAndSystem"> + +</detects> + +- **Number of occurrences:** Unlimited. + +- **Parent elements:**[<role>](#role), [<rules>](#rules), [<namedElements>](#namedelements) + +- **Required child elements:** <detect> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      name

      Yes, when <detects> is a child to <namedElements>

      +

      No, when <detects> is a child to <role> or <rules>

      When ID is specified, no child <detect> elements are processed. Instead, any other <detects> elements with the same name that are declared within the <namedElements> element are processed.

      context

      No

      +

      (default = UserAndSystem)

      Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.

      +

      The largest possible scope is set by the <component element>. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it had a context of User. If the <rules> element had a context of System, it would act as though the <rules> element were not there.

      +
        +

      • User. Evaluates the variables for each user.

        • +

      • System. Evaluates the variables only once for the system.

        • +

      • UserAndSystem. Evaluates the variables for the entire operating system and each user.

        • +
      +

      The context parameter is ignored for <detects> elements that are inside <rules> elements.

      + + + +The following example is from the MigApp.xml file. + +``` xml + + + MigXmlHelper.DoesFileVersionMatch("%Lotus123InstPath%\123w.exe","ProductVersion","9.*") + + + MigXmlHelper.DoesFileVersionMatch("%SmartSuiteInstPath%\smartctr.exe","ProductVersion","99.*") + + +``` + +## <detection> + + +The <detection> element is a container for one <conditions> element. The result of the child <condition> elements, located underneath the <conditions> element, determines the result of this element. For example, if all of the child <conditions> elements within the <detection> element resolve to TRUE, then the <detection> element resolves to TRUE. If any of the child <conditions> elements resolve to FALSE, then the <detection> element resolves to FALSE. + +In addition, the results from each <detection> section within the <role> element are joined together by the OR operator to form the detection rule of the parent element. That is, if one of the <detection> sections resolves to TRUE, then the <role> element will be processed. Otherwise, the <role> element will not be processed. + +Use the <detection> element under the <namedElements> element if you do not want to write it within a component. Then include a matching <detection> section under the <role> element to control whether the component is migrated. If there is not a <detection> section for a component, then USMT will assume that the component is present. + +- **Number of occurrences:** Unlimited. + +- **Parent elements:**[<role>](#role), [<namedElements>](#namedelements) + +- **Child elements:**[<conditions>](#conditions) + +Syntax: + +<detection name="*ID*" context="User|System|UserAndSystem"> + +</detection> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      name

        +

      • Yes, when <detection> is declared under <namedElements>

        • +

      • Optional, when declared under <role>

        • +

      If declared, the content of the <detection> element is ignored and the content of the <detection> element with the same name that is declared in the <namedElements> element will be evaluated.

      context

      No, default = UserAndSystem

      Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.

      +
        +

      • User. Evaluates the component for each user.

        • +

      • System. Evaluates the component only once for the system.

        • +

      • UserAndSystem. Evaluates the component for the entire operating system and each user.

        • +
      + + + +For example: + +``` xml + + + MigXmlHelper.DoesObjectExist("Registry","HKCU\Software\Adobe\Photoshop\8.0") + MigXmlHelper.DoesFileVersionMatch("%PhotoshopSuite8Path%\Photoshop.exe","FileVersion","8.*") + + +``` + +and + +``` xml + + + + MigXmlHelper.DoesFileVersionMatch("%QuickTime5Exe%","ProductVersion","QuickTime 5.*") + MigXmlHelper.DoesFileVersionMatch("%QuickTime5Exe%","ProductVersion","QuickTime 6.*") + + +``` + +## <displayName> + + +The <displayName> element is a required field within each <component> element. + +- **Number of occurrences:** once for each component + +- **Parent elements:**[<component>](#component) + +- **Child elements:** none + +Syntax: + +<displayName \_locID="*ID*">*ComponentName*</displayName> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      locID

      No

      This parameter is for internal USMT use. Do not use this parameter.

      ComponentName

      Yes

      The name for the component.

      + + + +For example: + +``` xml +Command Prompt settings +``` + +## <environment> + + +The <environment> element is a container for <variable> elements in which you can define variables to use in your .xml file. All environment variables defined this way will be private. That is, they will be available only for their child components and the component in which they were defined. For two example scenarios, see [Examples](#envex). + +- **Number of occurrences:** unlimited + +- **Parent elements:**[<role>](#role), [<component>](#component), [<namedElements>](#namedelements) + +- **Required child elements:**[<variable>](#variable) + +- **Optional child elements:**[conditions](#conditions) + +Syntax: + +<environment name="ID" context="User|System|UserAndSystem"> + +</environment> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      name

      Yes, when <environment> is a child of <namedElements>

      +

      No, when <environment> is a child of <role> or <component>

      When declared as a child of the <role> or <component> elements, if ID is declared, USMT ignores the content of the <environment> element and the content of the <environment> element with the same name declared in the <namedElements> element is processed.

      context

      No

      +

      (default = UserAndSystem)

      Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.

      +

      The largest possible scope is set by the <component> element. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it had a context of User. If the <rules> element had a context of System, it would act as though <rules> were not there.

      +
        +

      • User. Evaluates the variables for each user.

        • +

      • System. Evaluates the variables only once for the system.

        • +

      • UserAndSystem. Evaluates the variables for the entire operating system and each user.

        • +
      + + + +## + + +### Example scenario 1 + +In this scenario, you want to generate the location of objects at run time depending on the configuration of the destination computer. For example, you must do this if an application writes data in the directory where it is installed, and users can install the application anywhere on the computer. If the application writes a registry value hklm\\software\\companyname\\install \[path\] and then updates this value with the location where the application is installed, then the only way for you to migrate the required data correctly is to define an environment variable. For example: + +``` xml + + + + + +``` + +Then you can use an include rule as follows. You can use any of the [<script> functions](#scriptfunctions) to perform similar tasks. + +``` xml + + + %INSTALLPATH%\ [*.xyz] + + +``` + +Second, you can also filter registry values that contain data that you need. The following example extracts the first string (before the separator ",") in the value of the registry Hklm\\software\\companyname\\application\\ \[Path\]. + +``` xml + + + + + + Hklm\software\companyname\application\ [Path] + + + + + +``` + +### Example scenario 2: + +In this scenario, you want to migrate five files named File1.txt, File2.txt, and so on, from %SYSTEMDRIVE%\\data\\userdata\\dir1\\dir2\\. To do this you must have the following <include> rule in an .xml file: + +``` xml + + + %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File1.txt] + %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File2.txt] + %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File3.txt] + %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File4.txt] + %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File5.txt] + + +``` + +Instead of typing the path five times, you can create a variable for the location as follows: + +``` xml + + + %SYSTEMDRIVE%\data\userdata\dir1\dir2 + + +``` + +Then, you can specify the variable in an <include> rule as follows: + +``` xml + + + %DATAPATH% [File1.txt] + %DATAPATH% [File2.txt] + %DATAPATH% [File3.txt] + %DATAPATH% [File4.txt] + %DATAPATH% [File5.txt] + + +``` + +## <exclude> + + +The <exclude> element determines what objects will not be migrated, unless there is a more specific <include> element that migrates an object. If there is an <include> and <exclude> element for the same object, the object will be included. For each <exclude> element there can be multiple child <objectSet> elements. + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Child elements:**[<objectSet>](#objectset) + +- **Helper functions:** You can use the following [<exclude> filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, NeverRestore, and SameRegContent. + +Syntax: + +<exclude filter="*ScriptInvocation*"> + +</exclude> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      filter

      No

      +

      (default = No)

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      +

      The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      + + + +For example, from the MigUser.xml file: + +``` xml + + + %CSIDL_MYMUSIC%\* [*] + %CSIDL_MYPICTURES%\* [*] + %CSIDL_MYVIDEO%\* [*] + + +``` + +## <excludeAttributes> + + +You can use the <excludeAttributes> element to determine which parameters associated with an object will not be migrated. If there are conflicts between the <includeAttributes> and <excludeAttributes> elements, the most specific pattern determines the patterns that will not be migrated. If an object does not have an <includeAttributes> or <excludeAttributes> element, then all of its parameters will be migrated. + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Child elements:**[<objectSet>](#objectset) + +Syntax: + +<excludeAttributes attributes="Security|TimeFields|Security,TimeFields"> + +</excludeAttributes> + + +++++ + + + + + + + + + + + + + + +
      ParameterRequired?Value

      attributes

      Yes

      Specifies the attributes to be excluded. You can specify one of the following, or both separated by quotes; for example, "Security","TimeFields":

      +
        +

      • Security can be one of Owner, Group, DACL, or SACL.

        • +

      • TimeFields can be one of CreationTime, LastAccessTime and LastWrittenTime

        • +
      + + + +Example: + +``` xml + + + + System Data + + + + + + %SYSTEMDRIVE%\ [*.txt] + + + + + + %SYSTEMDRIVE%\ [a*.txt] + + + + + + %SYSTEMDRIVE%\ [aa.txt] + + + + + + logoff + + + + + + + DOC + PPT + VXD + PST + CPP + + + +``` + +## <extensions> + + +The <extensions> element is a container for one or more <extension> elements. + +- **Number of occurrences:** zero or one + +- **Parent elements:**[<component>](#component) + +- **Required child elements:**[<extension>](#extension) + +Syntax: + +<extensions> + +</extensions> + +## <extension> + + +You can use the <extension> element to specify documents of a specific extension. + +- **Number of occurrences:** unlimited + +- **Parent elements:**[<extensions>](#extensions) + +- **Child elements:** none + +Syntax: + +<extension>*FilenameExtension*</extension> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      FilenameExtension

      Yes

      A file name extension.

      + + + +For example, if you want to migrate all \*.doc files from the source computer, specifying the following code under the <component> element: + +``` xml + + doc + +``` + +is the same as specifying the following code below the <rules> element: + +``` xml + + + + + +``` + +For another example of how to use the <extension> element, see the example for [<excludeAttributes>](#excludeattributes). + +## <externalProcess> + + +You can use the <externalProcess> element to run a command line during the migration process. For example, you may want to run a command after the LoadState process completes. + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Required child elements:**[<commandLine>](#commandline) + +Syntax: + +<externalProcess when="pre-scan|scan-success|post-scan|pre-apply|apply-success|post-apply"> + +</externalProcess> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      when

      Yes

      Indicates when the command line should be run. This value can be one of the following:

      +
        +

      • pre-scan before the scanning process begins.

        • +

      • scan-success after the scanning process has finished successfully.

        • +

      • post-scan after the scanning process has finished, whether it was successful or not.

        • +

      • pre-apply before the apply process begins.

        • +

      • apply-success after the apply process has finished successfully.

        • +

      • post-apply after the apply process has finished, whether it was successful or not.

        • +
      + + + +For an example of how to use the <externalProcess> element, see the example for [<excludeAttributes>](#excludeattributes). + +## <icon> + + +This is an internal USMT element. Do not use this element. + +## <include> + + +The <include> element determines what to migrate, unless there is a more specific [<exclude>](#exclude) rule. You can specify a script to be more specific to extend the definition of what you want to collect. For each <include> element there can be multiple <objectSet> elements. + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Required child element:**[<objectSet>](#objectset) + +- **Helper functions:** You can use the following [<include> filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, and NeverRestore. + +Syntax: + +<include filter="*ScriptInvocation*"> + +</include> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      filter

      No.

      +

      If this parameter is not specified, then all patterns that are inside the child <ObjectSet> element will be processed.

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      +

      The script will be called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      + + + +The following example is from the MigUser.xml file: + +``` xml + + My Video + + %CSIDL_MYVIDEO% + + + + + MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%") + + + + + + %CSIDL_MYVIDEO%\* [*] + + + + + %CSIDL_MYVIDEO% [desktop.ini] + + + + + +``` + +### <include> and <exclude> filter functions + +The following functions return a Boolean value. You can use them to migrate certain objects based on when certain conditions are met. + +- **AnswerNo** + + This filter always returns FALSE. + + Syntax: AnswerNo () + +- **CompareStringContent** + + Syntax: CompareStringContent("*StringContent*","*CompareType*") + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      StringContent

      Yes

      The string to check against.

      CompareType

      Yes

      A string. Use one of the following values:

      +
        +

      • Equal (case insensitive). The function returns TRUE if the string representation of the current object that is processed by the migration engine is identical to StringContent.

        • +

      • NULL or any other value. The function returns TRUE if the string representation of the current object that is processed by the migration engine does not match StringContent.

        • +
      + + + +- **IgnoreIrrelevantLinks** + + This filter screens out the .lnk files that point to an object that is not valid on the destination computer. Note that the screening takes place on the destination computer, so all .lnk files will be saved to the store during ScanState. Then they will be screened out when you run the LoadState tool. + + Syntax: IgnoreIrrelevantLinks () + + For example: + + ``` xml + + + %CSIDL_COMMON_VIDEO%\* [*] + + + ``` + +- **NeverRestore** + + You can use this function to collect the specified objects from the source computer but then not migrate the objects to the destination computer. When run with the ScanState tool, this function evaluates to TRUE. When run with the LoadState tool, this function evaluates to FALSE. You may want to use this function when you want to check an object's value on the destination computer but do not intend to migrate the object to the destination. + + Syntax: NeverRestore() + + In the following example, HKCU\\Control Panel\\International \[Locale\] will be included in the store, but it will not be migrated to the destination computer: + + ``` xml + + + HKCU\Control Panel\International [Locale] + + + ``` + +## <includeAttributes> + + +You can use the <includeAttributes> element to determine whether certain parameters associated with an object will be migrated along with the object itself. If there are conflicts between the <includeAttributes> and <excludeAttributes> elements, the most specific pattern will determine which parameters will be migrated. If an object does not have an <includeAttributes> or <excludeAttributes> element, then all of its parameters will be migrated. + +- **Number of occurrences:** unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Child elements:**[<objectSet>](#objectset) + +Syntax: + +<includeAttributes attributes="Security|TimeFields|Security,TimeFields"> + +</includeAttributes> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      attributes

      Yes

      Specifies the attributes to be included with a migrated object. You can specify one of the following, or both separated by quotes; for example, "Security","TimeFields":

      +
        +

      • Security can be one of the following values:

        +
          +

        • Owner. The owner of the object (SID).

          • +

        • Group. The primary group for the object (SID).

          • +

        • DACL (discretionary access control list). An access control list that is controlled by the owner of an object and that specifies the access particular users or groups can have to the object.

          • +

        • SACL (system access control list). An ACL that controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object's SACL is controlled by a privilege typically held only by system administrators.

          • +
        • +

      • TimeFields can be one of the following:

        +
          +

        • CreationTime. Specifies when the file or directory was created.

          • +

        • LastAccessTime. Specifies when the file is last read from, written to, or, in the case of executable files, run.

          • +

        • LastWrittenTime. Specifies when the file is last written to, truncated, or overwritten.

          • +
        • +
      + + + +For an example of how to use the <includeAttributes> element, see the example for [<excludeAttributes>](#excludeattributes). + +## <library> + + +This is an internal USMT element. Do not use this element. + +## <location> + + +The <location> element defines the location of the <object> element. + +- **Number of occurrences:** once for each <object> + +- **Parent elements:**[<object>](#object) + +- **Child elements:**[<script>](#script) + +Syntax: + +<location type="*typeID*">*ObjectLocation*</location> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      type

      Yes

      typeID can be Registry or File.

      ObjectLocation

      Yes

      The location of the object.

      + + + +The following example is from the MigApp.xml file: + +``` xml + + + %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion] + DWORD + 0B000000 + + + %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] + DWORD + 00000000 + + +``` + +## <locationModify> + + +You can use the <locationModify> element to change the location and name of an object before it is migrated to the destination computer. The <locationModify> element is processed only when the LoadState tool is run on the destination computer. In other words, this element is ignored by the ScanState tool. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. + +**Number of occurrences:** Unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Required child element:**[<objectSet>](#objectset) + +- **Helper functions:** You can use the following [<locationModify> functions](#locationmodifyfunctions) with this element: ExactMove, RelativeMove, and Move. + +Syntax: + +<locationModify script="*ScriptInvocation*"> + +</locationModify> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      script

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      +

      The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      + + + +The following example is from the MigApp.xml file: + +``` xml + + + %CSIDL_APPDATA%\Microsoft\Office\ [Access10.pip] + + +``` + +### <locationModify> functions + +The following functions change the location of objects as they are migrated when using the <locationModify> element. These functions are called for every object that the parent <ObjectSet> element is enumerating. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. + +- **ExactMove** + + The ExactMove function moves all of the objects that are matched by the parent <ObjectSet> element into the given *ObjectEncodedLocation*. You can use this function when you want to move a single file to a different location on the destination computer. If the destination location is a node, all of the matching source objects will be written to the node without any subdirectories. If the destination location is a leaf, the migration engine will migrate all of the matching source objects to the same location. If a collision occurs, the normal collision algorithms will apply. + + Syntax: ExactMove(*ObjectEncodedLocation*) + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      ObjectEncodedLocation

      Yes

      The destination location for all of the source objects.

      + + + +~~~ +For example: + +``` xml + + + HKCU\Keyboard Layout\Toggle [] + + +``` +~~~ + +- **Move** + + The Move function moves objects to a different location on the destination computer. In addition, this function creates subdirectories that were above the longest CSIDL in the source object name. + + Syntax: Move(*DestinationRoot*) + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      DestinationRoot

      Yes

      The location where the source objects will be moved. If needed, this function will create any subdirectories that were above the longest CSIDL in the source object name.

      + + + +- **RelativeMove** + + You can use the RelativeMove function to collect and move data. Note that you can use environment variables in source and destination roots, but they may be defined differently on the source and destination computers. + + Syntax: RelativeMove(*SourceRoot*,*DestinationRoot*) + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      SourceRoot

      Yes

      The location from where the objects will be moved. Any source objects that are enumerated by the parent <ObjectSet> element that are not in this location will not be moved.

      DestinationRoot

      Yes

      The location where the source objects will be moved to on the destination computer. If needed, this function will create any subdirectories that were above SourceRoot.

      + + + +~~~ +For example: + +``` xml + + + %CSIDL_COMMON_FAVORITES%\* [*] + + + + + %CSIDL_COMMON_FAVORITES%\* [*] + + +``` +~~~ + +## <\_locDefinition> + + +This is an internal USMT element. Do not use this element. + +## <manufacturer> + + +The <manufacturer> element defines the manufacturer for the component, but does not affect the migration. + +- **Number of occurrences:** zero or one + +- **Parent elements:**[<component>](#component) + +- **Child elements:** none + +Syntax: + +<manufacturer>*Name*</manufacturer> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      Name

      Yes

      The name of the manufacturer for the component.

      + + + +## <merge> + + +The <merge> element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to "OriginalFileName(1).OriginalExtension". This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify <include> rules along with the <merge> element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a <merge> rule C:\\\* \[\*\] set to <sourcePriority> and a <merge> rule C:\\subfolder\\\* \[\*\] set to <destinationPriority>, then USMT would use the <destinationPriority> rule because it is the more specific. + +For an example of this element, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Required child element:**[<objectSet>](#objectset) + +- **Helper functions:** You can use the following [<merge> functions](#mergefunctions) with this element: SourcePriority, DestinationPriority, FindFilePlaceByPattern, LeafPattern, NewestVersion, HigherValue(), and LowerValue(). + +Syntax: + +<merge script="*ScriptInvocation*"> + +</merge> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      script

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      +

      The script will be called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      + + + +The following example is from the MigUser.xml file: + +``` xml + + + + %CSIDL_MYVIDEO%\* [*] + + + + + %CSIDL_MYVIDEO% [desktop.ini] + + + +``` + +### <merge> functions + +These functions control how collisions are resolved. + +- **DestinationPriority** + + Specifies to keep the object that is on the destination computer and not migrate the object from the source computer. + + For example: + + ``` xml + + + HKCU\Software\Microsoft\Office\9.0\PhotoDraw\ [MyPictures] + HKCU\Software\Microsoft\Office\9.0\PhotoDraw\Settings\ [PicturesPath] + HKCU\Software\Microsoft\Office\9.0\PhotoDraw\Settings\ [AdditionalPlugInPath] + + + ``` + +- **FindFilePlaceByPattern** + + The FindFilePlaceByPattern function saves files with an incrementing counter when a collision occurs. It is a string that contains one of each constructs: <F>, <E>, <N> in any order. + + Syntax: FindFilePlaceByPattern(*FilePattern*) + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      FilePattern

      Yes

        +

      • <F> will be replaced by the original file name.

        • +

      • <N> will be replaced by an incrementing counter until there is no collision with the objects on the destination computer.

        • +

      • <E> will be replaced by the original file name extension.

        • +
      +

      For example, <F> (<N>).<E> will change the source file MyDocument.doc into MyDocument (1).doc on the destination computer.

      + + + +- **NewestVersion** + + The NewestVersion function will resolve conflicts on the destination computer based on the version of the file. + + Syntax: NewestVersion(*VersionTag*) + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      VersionTag

      Yes

      The version field that will be checked. This can be "FileVersion" or "ProductVersion". The file with the highest VersionTag version determines which conflicts will be resolved based on the file's version. For example, if Myfile.txt contains FileVersion 1 and the same file on the destination computer contains FileVersion 2, the file on destination will remain.

      + + + +- **HigherValue()** + + You can use this function for merging registry values. The registry values will be evaluated as numeric values, and the one with the higher value will determine which registry values will be merged. + +- **LowerValue()** + + You can use this function for merging registry values. The registry values will be evaluated as numeric values and the one with the lower value will determine which registry values will be merged. + +- **SourcePriority** + + Specifies to migrate the object from the source computer, and to delete the object that is on the destination computer. + + For example: + + ``` xml + + + %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Publisher [UpgradeVersion] + %HklmWowSoftware%\Microsoft\Office\11.0\Common\Migration\Publisher [UpgradeVersion] + %HklmWowSoftware%\Microsoft\Office\10.0\Common\Migration\Publisher [UpgradeVersion] + + + ``` + +## <migration> + + +The <migration> element is the single root element of a migration .xml file and is required. Each .xml file must have a unique migration urlid. The urlid of each file that you specify on the command line must be unique. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following at the beginning of each file: <CustomFileName> is the name of the file; for example, "CustomApp". + +- **Number of occurrences:** one + +- **Parent elements:** none + +- **Required child elements:**[<component>](#component) + +- **Optional child elements:**[<library>](#library), [<namedElements>](#namedelements) + +Syntax: + +<migration urlid="UrlID/Name"> + +</migration> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      urlid

      Yes

      UrlID is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see Use XML Namespaces.

      Name

      No

      Although not required, it is good practice to use the name of the .xml file.

      + + + +The following example is from the MigApp.xml file: + +``` xml + + +``` + +## MigXMLHelper.FileProperties + + +This filter helper function can be used to filter the migration of files based on file size and date attributes. + + ++++ + + + + + + + + + + + + + + + + + + + + +
      Helper FunctionMigXMLHelper.FileProperties (property, operator, valueToCompare)

      Property

      filesize, dateCreated, dateModified, dateAccessed

      Operator

      range, neq, lte, lt, eq, gte, gt

      valueToCompare

      The value we are comparing. For example:

      +

      Date: “2008/05/15-2005/05/17”, “2008/05/15”

      +

      Size: A numeral with B, KB, MB, or GB at the end. “5GB”, “1KB-1MB”

      + + + +``` xml + +File_size + + + + + + %SYSTEMDRIVE%\DOCS\* [*] + + + + + +``` + +## <namedElements> + + +You can use the **<namedElements>** element to define named elements. You can use these elements in any component throughout your .xml file. For an example of how to use this element, see the MigApp.xml file. + +Syntax: + +<namedElements> + +</namedElements> + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<migration>](#migration) + +- **Child elements:**[<environment>](#bkmk-environment), [<rules>](#rules), [<conditions>](#conditions), [<detection>](#detection), <detects>, <detect> + +For an example of this element, see the MigApp.xml file. + +## <object> + + +The <object> element represents a file or registry key. + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<addObjects>](#addobjects) + +- **Required child elements:**[<location>](#location), [<attributes>](#attribute) + +- **Optional child elements:**[<bytes>](#bytes) + +Syntax: + +<object> + +</object> + +The following example is from the MigApp.xml file: + +``` xml + + + %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion] + DWORD + 0B000000 + + + %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] + DWORD + 00000000 + + +``` + +## <objectSet> + + +The <objectSet> element contains a list of object patterns ; for example, file paths, registry locations, and so on. Any child <conditions> elements will be evaluated first. If all child <conditions> elements return FALSE, the <objectSet> element will evaluate to an empty set. For each parent element, there can be only multiple <objectSet> elements. + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<variable>](#variable), [<content>](#content), [<include>](#include), [<exclude>](#exclude), [<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [<unconditionalExclude>](#unconditionalexclude), <detect> + +- **Required child elements:** either [<script>](#script) or [<pattern>](#pattern) + +- **Optional child elements:**[<content>](#content), [conditions](#conditions), <condition> + +Syntax: + +<objectSet> + +</objectSet> + +The following example is from the MigUser.xml file: + +``` xml + + My Music + + %CSIDL_MYMUSIC% + + + + + MigXmlHelper.DoesObjectExist("File","%CSIDL_MYMUSIC%") + + + + + + %CSIDL_MYMUSIC%\* [*] + + + + + %CSIDL_MYMUSIC%\ [desktop.ini] + + + + + +``` + +## <path> + + +This is an internal USMT element. Do not use this element. + +## <paths> + + +This is an internal USMT element. Do not use this element. + +## <pattern> + + +You can use this element to specify multiple objects. You can specify multiple <pattern> elements for each <objectSet> element and they will be combined. If you are specifying files, you may want to use GenerateDrivePatterns with <script> instead. GenerateDrivePatterns is basically the same as a <pattern> rule, without the drive letter specification. For example, the following two lines of code are similar: + +``` xml +C:\Folder\* [Sample.doc] + +``` + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<objectSet>](#objectset) + +- **Child elements:** none but *Path* \[*object*\] must be valid. + +Syntax: + +<pattern type="*typeID*">*Path* \[*object*\]</pattern> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      type

      Yes

      typeID can be Registry, File, or Ini. If typeId is Ini, then you cannot have a space between Path and object. For example, the following is correct when type="Ini":

      +

      <pattern type="Ini">%WinAmp5InstPath%\Winamp.ini|WinAmp[keeponscreen]</pattern>

      Path [object]

      Yes

      A valid registry or file path pattern, followed by at least one space, followed by brackets [] that contain the object to be migrated.

      +
        +

      • Path can contain the asterisk () wildcard character or can be an Recognized Environment Variables. You cannot use the question mark as a wildcard character.You can use HKCU and HKLM to refer to HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE respectively.

        • +

      • Object can contain the asterisk () wildcard character. However, you cannot use the question mark as a wildcard character. For example:

        +

        C:\Folder\ [] enumerates all files in C:<em>Path but no subfolders of C:\Folder.

        +

        C:\Folder* [] enumerates all files and subfolders of C:\Folder.

        +

        C:\Folder\ [*.mp3] enumerates all .mp3 files in C:\Folder.

        +

        C:\Folder\ [Sample.doc] enumerates only the Sample.doc file located in C:\Folder.

        +
        +Note

        If you are migrating a file that has a square bracket character ([ or ]) in the file name, you must insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", you must specify <pattern type="File">c:\documents\mydocs [file^].txt]</pattern> instead of <pattern type="File">c:\documents\mydocs [file].txt]</pattern>.

        +
        +
        + +
        • +
      + + + +For example: + +- To migrate a single registry key: + + ``` xml + HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache [Persistent] + ``` + +- To migrate the EngineeringDrafts folder and any subfolders from the C: drive: + + ``` xml + C:\EngineeringDrafts\* [*] + ``` + +- To migrate only the EngineeringDrafts folder, excluding any subfolders, from the C: drive: + + [Reroute Files and Settings](usmt-reroute-files-and-settings.md) + +- To migrate the Sample.doc file from C:\\EngineeringDrafts: + + ``` xml + C:\EngineeringDrafts\ [Sample.doc] + ``` + +- To migrate the Sample.doc file from where ever it exists on the C: drive use pattern in the following way. If multiple files exist with the same name on the C: drive, then all of these files will be migrated. + + ``` xml + C:\* [Sample.doc] + ``` + +- For more examples of how to use this element, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md), [Reroute Files and Settings](usmt-reroute-files-and-settings.md), [Include Files and Settings](usmt-include-files-and-settings.md), and [Custom XML Examples](usmt-custom-xml-examples.md). + +## <processing> + + +You can use this element to run a script during a specific point within the migration process. Return values are not expected from the scripts that you specify, and if there are return values, they will be ignored. + +- **Number of occurrences:** unlimited + +- **Parent elements:**[<rules>](#rules) + +- **Required child element:**[<script>](#script) + +Syntax: + +<processing when="pre-scan|scan-success|post-scan|pre-apply|apply-success|post-apply"> + +</processing> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      when

      Yes

      Indicates when the script should be run. This value can be one of the following:

      +
        +

      • pre-scan means before the scanning process begins.

        • +

      • scan-success means after the scanning process has finished successfully.

        • +

      • post-scan means after the scanning process has finished, whether it was successful or not.

        • +

      • pre-apply means before the apply process begins.

        • +

      • apply-success means after the apply process has finished successfully.

        • +

      • post-apply means after the apply process has finished, whether it was successful or not.

        • +
      + + + +## <plugin> + + +This is an internal USMT element. Do not use this element. + +## <role> + + +The <role> element is required in a custom .xml file. By specifying the <role> element, you can create a concrete component. The component will be defined by the parameters specified at the <component> level, and with the role that you specify here. + +- **Number of occurrences:** Each <component> can have one, two or three child <role> elements. + +- **Parent elements:**[<component>](#component), [<role>](#role) + +- **Required child elements:**[<rules>](#rules) + +- **Optional child elements:**[<environment>](#bkmk-environment), [<detection>](#detection), [<component>](#component), [<role>](#role), <detects>, <plugin>, + +Syntax: + +<role role="Container|Binaries|Settings|Data"> + +</role> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      role

      Yes

      Defines the role for the component. Role can be one of:

      +
        +

      • Container

        • +

      • Binaries

        • +

      • Settings

        • +

      • Data

        • +
      +

      You can either:

      +
        +

      1. Specify up to three <role> elements within a <component> — one “Binaries” role element, one “Settings” role element and one “Data” role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

        2. +

      2. Specify one “Container” <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

        3. +
      +
      <component context="UserAndSystem" type="Application">
+  <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
+  <environment name="GlobalEnv" /> 
+  <role role="Container">
+    <detection name="AnyOffice2003Version" /> 
+    <detection name="FrontPage2003" /> 
+    <!-- 
+ Office 2003 Common Settings 
+  --> 
+    <component context="UserAndSystem" type="Application">
      + + + +The following example is from the MigUser.xml file. For more examples, see the MigApp.xml file: + +``` xml + + Start Menu + + %CSIDL_STARTMENU% + + + + + MigXmlHelper.DoesObjectExist("File","%CSIDL_STARTMENU%") + + + + + + %CSIDL_STARTMENU%\* [*] + + + + + %CSIDL_STARTMENU% [desktop.ini] + %CSIDL_STARTMENU%\* [*] + + + + + +``` + +## <rules> + + +The <rules> element is required in a custom .xml file. This element contains rules that will run during the migration if the parent <component> element is selected, unless the child <conditions> element, if present, evaluates to FALSE. For each <rules> element there can be multiple child <rules> elements. + +- **Number of occurrences:** unlimited + +- **Parent elements:**[<role>](#role), [<rules>](#rules), [<namedElements>](#namedelements) + +- **Required child elements:**[<include>](#include) + +- **Optional child elements:**[<rules>](#rules), [<exclude>](#exclude), [<unconditionalExclude>](#unconditionalexclude),[<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<addObjects>](#addobjects), [<externalProcess>](#externalprocess), [<processing>](#processing), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [conditions](#conditions), <detects> + +Syntax: + +<rules name="*ID*" context="User|System|UserAndSystem"> + +</rules> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      name

      Yes, when <rules> is a child to <namedElements>

      +

      No, when <rules> is a child to any other element

      When ID is specified, any child elements are not processed. Instead, any other <rules> elements with the same name that are declared within <namedElements> are processed.

      context

      No

      +

      (default = UserAndSystem)

      Defines the scope of this parameter — whether to process this component in the context of the specific user, across the entire operating system, or both.

      +

      The largest possible scope is set by the component element. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it has a context of User. If <rules> had a context of System, it would act as though <rules> was not there.

      +
        +

      • User. Evaluates the variables for each user.

        • +

      • System. Evaluates the variables only once for the system.

        • +

      • UserAndSystem. Evaluates the variables for the entire operating system and each user.

        • +
      + + + +The following example is from the MigUser.xml file: + +``` xml + + My Music + + %CSIDL_MYMUSIC% + + + + + MigXmlHelper.DoesObjectExist("File","%CSIDL_MYMUSIC%") + + + + + + %CSIDL_MYMUSIC%\* [*] + + + + + %CSIDL_MYMUSIC%\ [desktop.ini] + + + + + +``` + +## <script> + + +The return value that is required by <script> depends on the parent element. + +**Number of occurrences:** Once for [<variable>](#variable), unlimited for [<objectSet>](#objectset) and [<processing>](#processing) + +**Parent elements:**[<objectSet>](#objectset), [<variable>](#variable), [<processing>](#processing) + +**Child elements:** none + +**Syntax and helper functions:** + +- General Syntax: <script>*ScriptWithArguments*</script> + +- You can use [GetStringContent](#scriptfunctions) when <script> is within <variable>. + + Syntax: <script>MigXmlHelper.GetStringContent("*ObjectType*","*EncodedLocationPattern*", "*ExpandContent*")</script> + + Example: `` + +- You can use [GenerateUserPatterns](#scriptfunctions) when <script> is within <objectSet>. + + Syntax: <script>MigXmlHelper.GenerateUserPatterns("*ObjectType*","*EncodedLocationPattern*","*ProcessCurrentUser*")</script> + + Example: `` + +- You can use [GenerateDrivePatterns](#scriptfunctions) when <script> is within <objectSet>. + + Syntax: <script>MigXmlHelper.GenerateDrivePatterns("*PatternSegment*","*DriveType*")</script> + + Example: `` + +- You can use the [Simple executing scripts](#scriptfunctions) with <script> elements that are within <processing> elements: AskForLogoff, ConvertToShortFileName, KillExplorer, RemoveEmptyDirectories, RestartExplorer, RegisterFonts, StartService, StopService, SyncSCM. + + Syntax: <script>MigXmlHelper.*ExecutingScript*</script> + + Example: `` + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      ScriptWithArguments

      Yes

      A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, MyScripts.AScript ("Arg1","Arg2").

      +

      The script will be called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.

      +

      The return value that is required by <script> depends on the parent element.

      +
        +

      • When used within <variable>, the return value must be a string.

        • +

      • When used within <objectSet>, the return value must be a two-dimensional array of strings.

        • +

      • When used within <location>, the return value must be a valid location that aligns with the type attribute of <location>. For example, if <location type="File">, the child script element, if specified, must be a valid file location.

        +
        +Note

        If you are migrating a file that has a bracket character ([ or ]) in the file name, insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", specify <pattern type="File">c:\documents\mydocs [file^].txt]</pattern> instead of <pattern type="File">c:\documents\mydocs [file].txt]</pattern>.

        +
        +
        + +
        • +
      + + + +Examples: + +To migrate the Sample.doc file from any drive on the source computer, use <script> as follows. If multiple files exist with the same name, all such files will get migrated. + +``` xml + +``` + +For more examples of how to use this element, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md), [Reroute Files and Settings](usmt-reroute-files-and-settings.md), and [Custom XML Examples](usmt-custom-xml-examples.md). + +### <script> functions + +You can use the following functions with the <script> element + +- [String and pattern generating functions](#stringgeneratingfunctions) + +- [Simple executing scripts](#simple) + +### String and pattern generating functions + +These functions return either a string or a pattern. + +- **GetStringContent** + + You can use GetStringContent with <script> elements that are within <variable> elements. If possible, this function returns the string representation of the given object. Otherwise, it returns NULL. For file objects this function always returns NULL. + + Syntax: GetStringContent("*ObjectType*","*EncodedLocationPattern*", "*ExpandContent*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      ObjectType

      Yes

      The type of object. Can be Registry or Ini (for an .ini file).

      EncodedLocationPattern

      Yes

        +

      • If type of object is Registry, EncodedLocationPattern must be a valid registry path. For example, HKLM\SOFTWARE\MyKey[].

        • +

      • If the type of object is Ini, then EncodedLocationPattern must be in the following format:

        +

        IniFilePath|SectionName[SettingName]

        • +

      ExpandContent

      No (default=TRUE)

      Can be TRUE or FALSE. If FALSE, then the given location will not be expanded before it is returned.

      + + + +~~~ +For example: + +``` xml + + + +``` +~~~ + +- **GenerateDrivePatterns** + + The GenerateDrivePatterns function will iterate all of the available drives and select the ones that match the requested drive type. It will then concatenate the selected drives with the end part of *PatternSegment* to form a full encoded file pattern. For example, if *PatternSegment* is `Path [file.txt]` and DriveType is `Fixed`, then the function will generate `C:\Path [file.txt]`, and other patterns if there are fixed drives other than C:. You cannot specify environment variables with this function. You can use GenerateDrivePatterns with <script> elements that are within [<objectSet>](#objectset) that are within <include>/<exclude>. + + Syntax: GenerateDrivePatterns("*PatternSegment*","*DriveType*") + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      PatternSegment

      Yes

      The suffix of an encoded pattern. It will be concatenated with a drive specification, such as "c:&quot;, to form a complete encoded file pattern. For example, "* [*.doc]". PatternSegment cannot be an environment variable.

      DriveType

      Yes

      The drive type for which the patterns are to be generated. You can specify one of:

      +
        +

      • Fixed

        • +

      • CDROM

        • +

      • Removable

        • +

      • Remote

        • +
      + + + +~~~ +See the last component in the MigUser.xml file for an example of this element. +~~~ + +- **GenerateUserPatterns** + + The function will iterate through all users that are being migrated, excluding the currently processed user if <ProcessCurrentUser> is FALSE, and will expand the specified pattern in the context of each user. For example, if users A, B and C have profiles in C:\\Documents and Settings), by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns: + + - "C:\\Documents and Settings\\A\\\* \[\*.doc\]" + + - "C:\\Documents and Settings\\B\\\* \[\*.doc\]" + + - "C:\\Documents and Settings\\C\\\* \[\*.doc\]" + + Syntax:GenerateUserPatterns("*ObjectType*","*EncodedLocationPattern*","*ProcessCurrentUser*") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      ObjectType

      Yes

      Defines the object type. Can be File or Registry.

      EncodedLocationPattern

      Yes

      The location pattern. Environment variables are allowed.

      ProcessCurrentUser

      Yes

      Can be TRUE or FALSE. Indicates if the patterns should be generated for the current user.

      + + + +~~~ +**Example:** + +If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X’s profile. + +The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected. + +``` xml + + + + + + + + + %ProfilesFolder%\* [*.doc] + + + + + + + %ProfilesFolder%\* [*.doc] + + + + + + + + +``` +~~~ + +### MigXmlHelper.GenerateDocPatterns + +This helper function invokes the document finder to scan the system for all files that can be migrated. It can be invoked in either System or User context to focus the scan. + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      ScanProgramFiles

      No (default = FALSE)

      Can be TRUE or FALSE. The ScanProgramFiles parameter determines whether or not the document finder scans the Program Files directory to gather registered file extensions for known applications. For example, when set to TRUE it will discover and migrate .jpg files under the Photoshop directory, if .jpg is a file extension registered to Photoshop.

      IncludePatterns

      No (default = TRUE)

      Can be TRUE or FALSE. TRUE will generate include patterns and can be added under the <include> element. FALSE will generate exclude patterns and can be added under the <exclude> element.

      SystemDrive

      No (default = FALSE)

      Can be TRUE or FALSE. If TRUE, restricts all patterns to the system drive.

      + + + +``` xml + + + MigDocUser + + + + + + + + + + + + + + + +``` + +### Simple executing scripts + +The following scripts have no return value. You can use the following errors with <script> elements that are within <processing> elements + +- **AskForLogoff()**. Prompts the user to log off at the end of the migration. For example: + + ``` xml + + + + ``` + +- **ConvertToShortFileName(RegistryEncodedLocation)**. If *RegistryEncodedLocation* is the full path of an existing file, this function will convert the file to its short file name and then it will update the registry value. + +- **KillExplorer()**. Stops Explorer.exe for the current user context. This allows access to certain keys and files that are kept open when Explorer.exe is running. For example: + + ``` xml + + + + ``` + +- **RegisterFonts(FileEncodedLocation)**. Registers the given font or all of the fonts in the given directory. For example: + + ``` xml + + + + ``` + +- **RemoveEmptyDirectories (DirectoryEncodedPattern).** Deletes any empty directories that match *DirectoryEncodedPattern* on the destination computer. + +- **RestartExplorer().** Restarts Explorer.exe at the end of the migration. For example: + + ``` xml + + + + ``` + +- **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=267898). + +- **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. + +- **SyncSCM(ServiceShortName).** Reads the Start type value from the registry (HKLM\\System\\CurrentControlSet\\Services\\ServiceShortName \[Start\]) after it is changed by the migration engine, and then synchronizes Service Control Manager (SCM) with the new value. + +## <text> + + +You can use the <text> element to set a value for any environment variables that are inside one of the migration .xml files. + +- **Number of occurrences:** Once in each [<variable>](#variable) element. + +- **Parent elements:**[<variable>](#variable) + +- **Child elements:** None. + +Syntax: + +<text>*NormalText*</text> + + ++++ + + + + + + + + + + + + +
      SettingValue

      NormalText

      This is interpreted as normal text.

      + + + +For example: + +``` xml + + %CSIDL_COMMON_APPDATA%\QuickTime + +``` + +## <unconditionalExclude> + + +The <unconditionalExclude> element excludes the specified files and registry values from the migration, regardless of the other include rules in any of the migration .xml files or in the Config.xml file. The objects declared here will not be migrated because this element takes precedence over all other rules. For example, even if there are explicit <include> rules to include .mp3 files, if you specify to exclude them with this option, then they will not be migrated. + +Use this element if you want to exclude all .mp3 files from the source computer. Or, if you are backing up C:\\UserData using another method, you can exclude the entire folder from the migration. Use this element with caution, however, because if an application needs a file that you exclude, the application may not function properly on the destination computer. + +- **Number of occurrences:** Unlimited. + +- **Parent elements:**[<rules>](#rules) + +- **Child elements:**[<objectSet>](#objectset) + +Syntax: + +<unconditionalExclude></unconditionalExclude> + +The following .xml file excludes all .mp3 files from migration. For additional examples of how to use this element, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md). + +``` xml + + + Test + + + + + + + + + + + +``` + +## <variable> + + +The <variable> element is required in an <environment> element. For each <variable> element there must be one <objectSet>, <script>, or <text> element. The content of the <variable> element assigns a text value to the environment variable. This element has the following three options: + +1. If the <variable> element contains a <text> element, then the value of the variable element will be the value of the <text> element. + +2. If the <variable> element contains a <script> element and the invocation of the script produces a non-null string, then the value of the <variable> element will be the result of the script invocation. + +3. If the <variable> element contains an <objectSet> element and the evaluation of the <objectSet> element produces at least one object pattern, then the value of the first object to match the resulting object pattern will be the value of the variable element. + +- **Number of occurrences:** Unlimited + +- **Parent elements:**[<environment>](#bkmk-environment) + +- **Required child elements:** either [<text>](#text), or [<script>](#script), or [<objectSet>](#objectset) + +Syntax: + +<variable name="*ID*" remap=TRUE|FALSE> + +</variable> + + +++++ + + + + + + + + + + + + + + + + + + + +
      SettingRequired?Value

      name

      Yes

      ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component’s name to avoid namespace collisions. For example, if your component’s name is MyComponent, and you want a variable that is your component’s install path, you could specify MyComponent.InstallPath.

      remap

      No, default = FALSE

      Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable’s value are automatically moved to where the environment variable points on the destination computer.

      + + + +The following example is from the MigApp.xml file: + +``` xml + + + HKLM\Software + + + + + +``` + +## <version> + + +The <version> element defines the version for the component, but does not affect the migration. + +- **Number of occurrences:** zero or one + +- **Parent elements:**[<component>](#component) + +- **Child elements:** none + +Syntax: + +<version>*ComponentVersion*</version> + + +++++ + + + + + + + + + + + + + + +
      SettingRequired?Value

      ComponentVersion

      Yes

      The version of the component, which can contain patterns.

      + + + +For example: + +``` xml +4.* +``` + +## <windowsObjects> + + +The <windowsObjects> element is for USMT internal use only. Do not use this element. + +## Appendix + + +### Specifying locations + +- **Specifying encoded locations**. The encoded location used in all of the helper functions is an unambiguous string representation for the name of an object. It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves. + + For example, specify the file C:\\Windows\\Notepad.exe like this: `c:\Windows[Notepad.exe]`. Similarly, specify the directory C:\\Windows\\System32 like this: `c:\Windows\System32`. (Notice the absence of the \[\] construct.) + + Representing the registry is very similar. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key will be `HKLM\SOFTWARE\MyKey[]`. + +- **Specifying location patterns**. You specify a location pattern in a way that is similar to how you specify an actual location. The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf. + + For example, the pattern `c:\Windows\*` will match the Windows directory and all subdirectories. But it will not match any of the files in those directories. To match the files as well, you must specify `c:\Windows\*[*]`. + +### Internal USMT functions + +The following functions are for internal USMT use only. Do not use them in an .xml file. + +- AntiAlias + +- ConvertScreenSaver + +- ConvertShowIEOnDesktop + +- ConvertToOfficeLangID + +- MigrateActiveDesktop + +- MigrateAppearanceUPM + +- MigrateDisplayCS + +- MigrateDisplaySS + +- MigrateIEAutoSearch + +- MigrateMouseUPM + +- MigrateSoundSysTray + +- MigrateTaskBarSS + +- SetPstPathInMapiStruc + +### Valid version tags + +You can use the following version tags with various helper functions: + +- “CompanyName” + +- “FileDescription” + +- “FileVersion” + +- “InternalName” + +- “LegalCopyright” + +- “OriginalFilename” + +- “ProductName” + +- “ProductVersion” + +The following version tags contain values that can be compared: + +- “FileVersion” + +- “ProductVersion” + +## Related topics + + +[USMT XML Reference](usmt-xml-reference.md) + + + + + + + + + diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md index 5038bb98be..aeae8b54ae 100644 --- a/windows/deployment/usmt/xml-file-requirements.md +++ b/windows/deployment/usmt/xml-file-requirements.md @@ -1,49 +1,50 @@ ---- -title: XML File Requirements (Windows 10) -description: XML File Requirements -ms.assetid: 4b567b50-c50a-4a4f-8684-151fe3f8275f -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# XML File Requirements - - -When creating custom .xml files, note the following requirements: - -- **The file must be in Unicode Transformation Format-8 (UTF-8).** You must save the file in this format, and you must specify the following syntax at the beginning of each .xml file: - - ``` syntax - - ``` - -- **The file must have a unique migration urlid**. The urlid of each file that you specify on the command line must be different. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following syntax at the beginning of each file: - - ``` syntax - - - ``` - -- **Each component in the file must have a display name in order for it to appear in the Config.xml file.** This is because the Config.xml file defines the components by the display name and the migration urlid. For example, specify the following syntax: - - ``` syntax - My Application - ``` - -For examples of custom .xml files, see [Custom XML Examples](usmt-custom-xml-examples.md). - -  - -  - - - - - +--- +title: XML File Requirements (Windows 10) +description: XML File Requirements +ms.assetid: 4b567b50-c50a-4a4f-8684-151fe3f8275f +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# XML File Requirements + + +When creating custom .xml files, note the following requirements: + +- **The file must be in Unicode Transformation Format-8 (UTF-8).** You must save the file in this format, and you must specify the following syntax at the beginning of each .xml file: + + ``` xml + + ``` + +- **The file must have a unique migration urlid**. The urlid of each file that you specify on the command line must be different. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following syntax at the beginning of each file: + + ``` xml + + + ``` + +- **Each component in the file must have a display name in order for it to appear in the Config.xml file.** This is because the Config.xml file defines the components by the display name and the migration urlid. For example, specify the following syntax: + + ``` xml + My Application + ``` + +For examples of custom .xml files, see [Custom XML Examples](usmt-custom-xml-examples.md). + +  + +  + + + + + diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md index 14fc64361b..3c52c27790 100644 --- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md @@ -1,170 +1,171 @@ ---- -title: Scenario 2 Proxy Activation (Windows 10) -description: Scenario 2 Proxy Activation -ms.assetid: ed5a8a56-d9aa-4895-918f-dd1898cb2c1a -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: greg-lindsay -ms.date: 04/25/2017 -ms.topic: article ---- - -# Scenario 2: Proxy Activation - -In this scenario, the Volume Activation Management Tool (VAMT) is used to activate products that are installed on workgroup computers in an isolated lab environment. For workgroups which are isolated from the larger network, you can perform proxy activation of Multiple Activation Keys (MAKs), KMS Host keys (CSVLKs), Generic Volume License Keys (GVLKs) (or KMS client keys), or retail keys. Proxy activation is performed by installing a second instance of VAMT on a computer in the isolated workgroup. You can then use removable media to transfer VAMT Computer Information Lists (CILXs) between the instance of VAMT in the isolated workgroup and another VAMT host that has Internet access. The following diagram shows a Multiple Activation Key (MAK) proxy activation scenario: - -![VAMT MAK proxy activation scenario](images/dep-win8-l-vamt-makproxyactivationscenario.jpg) - -## Step 1: Install VAMT on a Workgroup Computer in the Isolated Lab - -1. Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012. -2. Click the VAMT icon in the **Start** menu to open VAMT. - -## Step 2: Configure the Windows Management Instrumentation Firewall Exception on Target Computers - -- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). - - **Note**   - To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). - -## Step 3: Connect to a VAMT Database - -1. If the host computer in the isolated lab workgroup is not already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup. -2. Click **Connect**. -3. If you are already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md) - -## Step 4: Discover Products - -1. In the left-side pane, in the **Products** node, click the product that you want to activate. -2. To open the **Discover Products** dialog box, click **Discover products** in the right-side pane. -3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that both IPv4 and IPv6addressing are supported. - - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. -4. Click **Search**. - - The **Finding Computers** window appears and displays the search progress as the computers are located. - -When the search is complete, the products that VAMT discovers appear in the list view in the center pane. - -## Step 5: Sort and Filter the List of Computers - -You can sort the list of products so that it is easier to find the computers that require product keys to be activated: - -1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. -2. To sort the list further, you can click one of the column headings to sort by that column. -3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. - -## Step 6: Collect Status Information from the Computers in the Isolated Lab - -To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods: -- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. -- To select computers which are not listed consecutively, hold down the **Ctrl** ley and select each computer for which you want to collect the status information. - **To collect status information from the selected computers** -- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**. -- VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. - - **Note** - If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. - -## Step 7: Add Product Keys - -1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. -2. In the **Add Product Keys** dialog box, you can select from one of the following methods to add product keys: - - To add a single product key, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add key(s)**. - - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. - - The keys that you have added appear in the **Product Keys** list view in the center pane. - -## Step 8: Install the Product Keys on the Isolated Lab Computers - -1. In the left-side pane, in the **Products** node click the product that you want to install keys onto. -2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and Filter the List of Computers](#step-5-sort-and-filter-the-list-of-computers). -3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time. -6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. - - The same status appears under the **Status of Last Action** column in the product list view in the center pane. - - **Note**   - Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](https://go.microsoft.com/fwlink/p/?linkid=238382) - - **Note**   - Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. - -## Step 9: Export VAMT Data to a .cilx File - -In this step, you export VAMT from the workgroup’s host computer and save it in a .cilx file. Then you copy the .cilx file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it is critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products. - -1. Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products. -2. In the right-side **Actions** pane, click **Export list** to open the **Export List** dialog box. -3. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file, or enter the name of the .cilx file to which you want to export the data. -4. Under **Export options**, select one of the following data-type options: - - Export products and product keys. - - Export products only. - - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is selected. This option should be used when an enterprise’s security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the .cilx file that is transferred to the Core Network VAMT host. -5. If you have selected products to export, and not the entire set of data from the database, select the **Export selected product rows only** check box. -6. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully. -7. If you exported the list to a file on the host computer’s hard drive, copy the file to removable media, such as a disk drive, CD/DVD, or USB storage device. - - **Important**   - Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the .cilx file. Therefore, the .cilx file must be re-imported into the SQL Server database on the isolated lab workgroup’s VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group. - -## Step 10: Acquire Confirmation IDs from Microsoft on the Internet-Connected Host Computer - -1. Insert the removable media into the VAMT host that has Internet access. -2. Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. -3. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. -4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the .cilx file that you exported from the isolated lab host computer, select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs. -5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Click **OK** to close the message. - -## Step 11: Import the .cilx File onto the VAMT Host within the Isolated Lab Workgroup - -1. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab. -2. Open VAMT and verify that you are connected to the database that contains the computer with the product keys that you are activating. -3. In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box. -4. In the **Import list** dialog box, browse to the location of the .cilx file that contains the CIDs, select the file, and then click **Open**. -5. Click **OK** to import the file and to overwrite any conflicting data in the database with data from the file. -6. VAMT displays a progress message while the data is being imported. Click **OK** when a message appears and confirms that the data has been successfully imported. - -## Step 12: Apply the CIDs and Activate the Isolated Lab Computers - -1. Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products. -2. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. - - VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Sataus** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. - The same status appears under the **Status of Last Action** column in the product list view in the center pane. - -## Step 13: (Optional) Reactivating Reimaged Computers in the Isolated Lab - -If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers has not changed, VAMT can reactivate those computers using the CIDs that are stored in the database. -1. Redeploy products to each computer, using the same computer names as before. -2. Open VAMT. -3. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. - - VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. - The same status appears under the **Status of Last Action** column in the product list view in the center pane. - - **Note**   - Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. - - RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. - - **Note**   - Reapplying the same CID conserves the remaining activations on the MAK. - -## Related topics -- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) - - +--- +title: Scenario 2 Proxy Activation (Windows 10) +description: Scenario 2 Proxy Activation +ms.assetid: ed5a8a56-d9aa-4895-918f-dd1898cb2c1a +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: activation +audience: itpro +author: greg-lindsay +ms.date: 04/25/2017 +ms.topic: article +--- + +# Scenario 2: Proxy Activation + +In this scenario, the Volume Activation Management Tool (VAMT) is used to activate products that are installed on workgroup computers in an isolated lab environment. For workgroups which are isolated from the larger network, you can perform proxy activation of Multiple Activation Keys (MAKs), KMS Host keys (CSVLKs), Generic Volume License Keys (GVLKs) (or KMS client keys), or retail keys. Proxy activation is performed by installing a second instance of VAMT on a computer in the isolated workgroup. You can then use removable media to transfer VAMT Computer Information Lists (CILXs) between the instance of VAMT in the isolated workgroup and another VAMT host that has Internet access. The following diagram shows a Multiple Activation Key (MAK) proxy activation scenario: + +![VAMT MAK proxy activation scenario](images/dep-win8-l-vamt-makproxyactivationscenario.jpg) + +## Step 1: Install VAMT on a Workgroup Computer in the Isolated Lab + +1. Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012. +2. Click the VAMT icon in the **Start** menu to open VAMT. + +## Step 2: Configure the Windows Management Instrumentation Firewall Exception on Target Computers + +- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). + + **Note**   + To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). + +## Step 3: Connect to a VAMT Database + +1. If the host computer in the isolated lab workgroup is not already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup. +2. Click **Connect**. +3. If you are already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md) + +## Step 4: Discover Products + +1. In the left-side pane, in the **Products** node, click the product that you want to activate. +2. To open the **Discover Products** dialog box, click **Discover products** in the right-side pane. +3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: + - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that both IPv4 and IPv6addressing are supported. + - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". + - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. +4. Click **Search**. + + The **Finding Computers** window appears and displays the search progress as the computers are located. + +When the search is complete, the products that VAMT discovers appear in the list view in the center pane. + +## Step 5: Sort and Filter the List of Computers + +You can sort the list of products so that it is easier to find the computers that require product keys to be activated: + +1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. +2. To sort the list further, you can click one of the column headings to sort by that column. +3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. + +## Step 6: Collect Status Information from the Computers in the Isolated Lab + +To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods: +- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. +- To select computers which are not listed consecutively, hold down the **Ctrl** ley and select each computer for which you want to collect the status information. + **To collect status information from the selected computers** +- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**. +- VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. + + **Note** + If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. + +## Step 7: Add Product Keys + +1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. +2. In the **Add Product Keys** dialog box, you can select from one of the following methods to add product keys: + - To add a single product key, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add key(s)**. + - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. + + The keys that you have added appear in the **Product Keys** list view in the center pane. + +## Step 8: Install the Product Keys on the Isolated Lab Computers + +1. In the left-side pane, in the **Products** node click the product that you want to install keys onto. +2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and Filter the List of Computers](#step-5-sort-and-filter-the-list-of-computers). +3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. +4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. +5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time. +6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. + + The same status appears under the **Status of Last Action** column in the product list view in the center pane. + + **Note**   + Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](https://go.microsoft.com/fwlink/p/?linkid=238382) + + **Note**   + Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. + +## Step 9: Export VAMT Data to a .cilx File + +In this step, you export VAMT from the workgroup’s host computer and save it in a .cilx file. Then you copy the .cilx file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it is critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products. + +1. Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products. +2. In the right-side **Actions** pane, click **Export list** to open the **Export List** dialog box. +3. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file, or enter the name of the .cilx file to which you want to export the data. +4. Under **Export options**, select one of the following data-type options: + - Export products and product keys. + - Export products only. + - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is selected. This option should be used when an enterprise’s security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the .cilx file that is transferred to the Core Network VAMT host. +5. If you have selected products to export, and not the entire set of data from the database, select the **Export selected product rows only** check box. +6. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully. +7. If you exported the list to a file on the host computer’s hard drive, copy the file to removable media, such as a disk drive, CD/DVD, or USB storage device. + + **Important**   + Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the .cilx file. Therefore, the .cilx file must be re-imported into the SQL Server database on the isolated lab workgroup’s VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group. + +## Step 10: Acquire Confirmation IDs from Microsoft on the Internet-Connected Host Computer + +1. Insert the removable media into the VAMT host that has Internet access. +2. Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. +3. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. +4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the .cilx file that you exported from the isolated lab host computer, select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs. +5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Click **OK** to close the message. + +## Step 11: Import the .cilx File onto the VAMT Host within the Isolated Lab Workgroup + +1. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab. +2. Open VAMT and verify that you are connected to the database that contains the computer with the product keys that you are activating. +3. In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box. +4. In the **Import list** dialog box, browse to the location of the .cilx file that contains the CIDs, select the file, and then click **Open**. +5. Click **OK** to import the file and to overwrite any conflicting data in the database with data from the file. +6. VAMT displays a progress message while the data is being imported. Click **OK** when a message appears and confirms that the data has been successfully imported. + +## Step 12: Apply the CIDs and Activate the Isolated Lab Computers + +1. Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products. +2. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. + + VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. + The same status appears under the **Status of Last Action** column in the product list view in the center pane. + +## Step 13: (Optional) Reactivating Reimaged Computers in the Isolated Lab + +If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers has not changed, VAMT can reactivate those computers using the CIDs that are stored in the database. +1. Redeploy products to each computer, using the same computer names as before. +2. Open VAMT. +3. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. + + VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. + The same status appears under the **Status of Last Action** column in the product list view in the center pane. + + **Note**   + Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. + + RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. + + **Note**   + Reapplying the same CID conserves the remaining activations on the MAK. + +## Related topics +- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) + + diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index f23e9037a3..e54f6338f1 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -1,75 +1,76 @@ ---- -title: Use VAMT in Windows PowerShell (Windows 10) -description: Use VAMT in Windows PowerShell -ms.assetid: 13e0ceec-d827-4681-a5c3-8704349e3ba9 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: greg-lindsay -ms.date: 04/25/2017 -ms.topic: article ---- - -# Use VAMT in Windows PowerShell - -The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to perform the same functions as the Vamt.exe command-line tool. -**To install PowerShell 3.0** -- VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=218356). - **To install the Windows Assessment and Deployment Kit** -- In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK). - **To prepare the VAMT PowerShell environment** -- To open PowerShell with administrative credentials, click **Start** and type “PowerShell” to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**. - - **Important** - If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories: - - The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe - - The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe -- For all supported operating systems you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. - - For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, type: - - ``` ps1 - cd “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0” - ``` -- Import the VAMT PowerShell module. To import the module, type the following at a command prompt: - ``` syntax - Import-Module .\VAMT.psd1 - ``` - Where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, type `get-help about_profiles`. - -## To Get Help for VAMT PowerShell cmdlets - -You can view all of the help sections for a VAMT PowerShell cmdlet, or you can view only the section that you are interested in. To view all of the Help content for a VAMT cmdlet, type: -``` ps1 -get-help -all -``` -For example, type: -``` ps1 -get-help get-VamtProduct -all -``` - -**Warning** -The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=242278). - -**To view VAMT PowerShell Help sections** - -1. To get the syntax to use with a cmdlet, type the following at a command prompt: - ``` ps1 - get-help - ``` - For example, type: - ``` ps1 - get-help get-VamtProduct - ``` -2. To see examples using a cmdlet, type: - ``` ps1 - get-help -examples - ``` - For example, type: - ``` ps1 - get-help get-VamtProduct -examples - ``` +--- +title: Use VAMT in Windows PowerShell (Windows 10) +description: Use VAMT in Windows PowerShell +ms.assetid: 13e0ceec-d827-4681-a5c3-8704349e3ba9 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: activation +audience: itpro +author: greg-lindsay +ms.date: 04/25/2017 +ms.topic: article +--- + +# Use VAMT in Windows PowerShell + +The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to perform the same functions as the Vamt.exe command-line tool. +**To install PowerShell 3.0** +- VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=218356). + **To install the Windows Assessment and Deployment Kit** +- In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK). + **To prepare the VAMT PowerShell environment** +- To open PowerShell with administrative credentials, click **Start** and type “PowerShell” to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**. + + **Important** + If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories: + - The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe + - The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe +- For all supported operating systems you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. + + For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, type: + + ``` powershell + cd “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0” + ``` +- Import the VAMT PowerShell module. To import the module, type the following at a command prompt: + ``` powershell + Import-Module .\VAMT.psd1 + ``` + Where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, type `get-help about_profiles`. + +## To Get Help for VAMT PowerShell cmdlets + +You can view all of the help sections for a VAMT PowerShell cmdlet, or you can view only the section that you are interested in. To view all of the Help content for a VAMT cmdlet, type: +``` powershell +get-help -all +``` +For example, type: +``` powershell +get-help get-VamtProduct -all +``` + +**Warning** +The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=242278). + +**To view VAMT PowerShell Help sections** + +1. To get the syntax to use with a cmdlet, type the following at a command prompt: + ``` powershell + get-help + ``` + For example, type: + ``` powershell + get-help get-VamtProduct + ``` +2. To see examples using a cmdlet, type: + ``` powershell + get-help -examples + ``` + For example, type: + ``` powershell + get-help get-VamtProduct -examples + ``` diff --git a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md index cc781ed87e..563e086966 100644 --- a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md +++ b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md @@ -1,45 +1,46 @@ ---- -title: Windows Autopilot device guidelines -ms.reviewer: -manager: laurawi -description: Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article ---- - - -# Windows Autopilot device guidelines - -**Applies to** - -- Windows 10 - -## Hardware and firmware best practice guidelines for Windows Autopilot - -All devices used with Windows Autopilot should meet the [minimum hardware requirements](https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview) for Windows 10. - -The following additional best practices ensure that devices can easily be provisioned by organizations as part of the Windows Autopilot deployment process: -- Ensure that the TPM 2.0 is enabled and in a good state (not in Reduced Functionality Mode) by default on devices intended for Windows Autopilot self-deploying mode. -- The OEM provisions unique tuple info (SmbiosSystemManufacturer, SmbiosSystemProductName, SmbiosSystemSerialNumber) or PKID + SmbiosSystemSerialNumber into the [SMBIOS fields](https://docs.microsoft.com/windows-hardware/drivers/bringup/smbios) per Microsoft specification (Manufacturer, Product Name and Serial Number stored in SMBIOS Type 1 04h, Type 1 05h and Type 1 07h). -- The OEM uploads 4K Hardware Hashes obtained using OA3 Tool RS3+ run in Audit mode on full OS to Microsoft via CBR report prior to shipping devices to an Autopilot customer or channel partner. -- As a best practice, Microsoft requires that OEM shipping drivers are published to Windows Update within 30 days of the CBR being submitted, and system firmware and driver updates are published to Windows Update within 14 days -- The OEM ensures that the PKID provisioned in the SMBIOS is passed on to the channel. - -## Software best practice guidelines for Windows Autopilot - -- The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers and Office 365 Pro Plus Retail (C2R). -- Unless explicitly requested by the customer, no other preinstalled software should be included. - - Per OEM Policy, Windows 10 features, including built-in apps, should not be disabled or removed. - -## Related topics - -[Windows Autopilot customer consent](registration-auth.md)
      -[Motherboard replacement scenario guidance](autopilot-mbr.md)
      +--- +title: Windows Autopilot device guidelines +ms.reviewer: +manager: laurawi +description: Windows Autopilot deployment +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + + +# Windows Autopilot device guidelines + +**Applies to** + +- Windows 10 + +## Hardware and firmware best practice guidelines for Windows Autopilot + +All devices used with Windows Autopilot should meet the [minimum hardware requirements](https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview) for Windows 10. + +The following additional best practices ensure that devices can easily be provisioned by organizations as part of the Windows Autopilot deployment process: +- Ensure that the TPM 2.0 is enabled and in a good state (not in Reduced Functionality Mode) by default on devices intended for Windows Autopilot self-deploying mode. +- The OEM provisions unique tuple info (SmbiosSystemManufacturer, SmbiosSystemProductName, SmbiosSystemSerialNumber) or PKID + SmbiosSystemSerialNumber into the [SMBIOS fields](https://docs.microsoft.com/windows-hardware/drivers/bringup/smbios) per Microsoft specification (Manufacturer, Product Name and Serial Number stored in SMBIOS Type 1 04h, Type 1 05h and Type 1 07h). +- The OEM uploads 4K Hardware Hashes obtained using OA3 Tool RS3+ run in Audit mode on full OS to Microsoft via CBR report prior to shipping devices to an Autopilot customer or channel partner. +- As a best practice, Microsoft requires that OEM shipping drivers are published to Windows Update within 30 days of the CBR being submitted, and system firmware and driver updates are published to Windows Update within 14 days +- The OEM ensures that the PKID provisioned in the SMBIOS is passed on to the channel. + +## Software best practice guidelines for Windows Autopilot + +- The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers and Office 365 Pro Plus Retail (C2R). +- Unless explicitly requested by the customer, no other preinstalled software should be included. + - Per OEM Policy, Windows 10 features, including built-in apps, should not be disabled or removed. + +## Related topics + +[Windows Autopilot customer consent](registration-auth.md)
      +[Motherboard replacement scenario guidance](autopilot-mbr.md)
      diff --git a/windows/deployment/windows-autopilot/index.md b/windows/deployment/windows-autopilot/index.md index 61d676afdc..efeffc2e04 100644 --- a/windows/deployment/windows-autopilot/index.md +++ b/windows/deployment/windows-autopilot/index.md @@ -1,76 +1,77 @@ ---- -title: Windows Autopilot deployment -description: Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.reviewer: mniehaus -manager: laurawi -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article ---- - - -# Windows Autopilot deployment - -**Applies to** - -- Windows 10 - -Windows Autopilot is a zero-touch, self-service Windows deployment platform introduced with Windows 10, version 1703. The Windows Autopilot process runs immediately after powering on a new computer for the first time, enabling employees to configure new devices to be business-ready with just a few clicks. - -This guide is intended for use by an IT-specialist, system architect, or business decision maker. The guide provides information about how Windows Autopilot deployment works, including detailed requirements, deployment scenarios, and platform capabilities. The document highlights options that are available to you when planning a modern, cloud-joined Windows 10 deployment strategy. Links are provided to detailed step by step configuration procedures. - -## In this guide - - -
      What's new Windows Autopilot is always being updated with new features! Check this topic to read about the latests capabilities. -
      - -### Understanding Windows Autopilot - - -
      Overview of Windows AutopilotA review of Windows Autopilot is provided with a video walkthrough. Benefits and general requirements are discussed. -
      RequirementsDetailed software, network, licensiing, and configuration requirments are provided. -
      Scenarios and CapabilitiesA summary of Windows Autopilot deployment scenarios and capabilities. -
      Get startedInterested in trying out Autopilot? See this step-by-step walkthrough to test Windows Autopilot on a virtual machine or physical device with a free 30-day trial premium Intune account. -
      - -### Deployment scenarios - - -
      User-driven modeRequirements and validation steps for deploying a new Azure Active Directory (AAD) joined or hybrid AAD-joined Windows 10 device are provided. -
      Self-deploying modeRequirements and validation steps for deploying a new Windows 10 device with little to no user interaction are provided. -
      Windows Autopilot ResetUsing Windows Autopilot Reset, a device can be restored to its original settings, taking it back to a business-ready state. Both local and remote reset scenarios are discussed. -
      Windows Autopilot for white glove deploymentRequirements and procedures are described that enable additional policies and apps to be delivered to a Windows Autopilot device. -
      Support for existing devicesThis topic describes how Windows Autopilot can be used to convert Windows 7 or Windows 8.1 domain-joined computers to AAD-joined computers running Windows 10. -
      - -### Using Windows Autopilot - - -
      Registering devicesThe process of registering a device with the Windows Autopilot deployment service is described. -
      Configuring device profilesThe device profile settings that specifie its behavior when it is deployed are described. -
      Enrollment status pageSettings that are available on the Enrollment Status Page are described. -
      Bitlocker encryption Available options for configuring BitLocker on Windows Autopilot devices are described. -
      Troubleshooting Windows AutopilotDiagnotic event information and troubleshooting procedures are provided. -
      Known issuesA list of current known issues and solutions is provided. -
      - -### Support topics - - -
      FAQFrequently asked questions on several topics are provided. -
      Support contactsSupport information is provided. -
      Registration authorizationThis article discusses how a CSP partner or OEM can obtain customer authorization to register Windows Autopilot devices. -
      Motherboard replacementInformation about how to deal with Autopilot registration and device repair issues is provided. -
      - -## Related topics - -[Windows Autopilot](https://www.microsoft.com/windowsforbusiness/windows-autopilot) +--- +title: Windows Autopilot deployment +description: Windows Autopilot deployment +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.reviewer: mniehaus +manager: laurawi +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + + +# Windows Autopilot deployment + +**Applies to** + +- Windows 10 + +Windows Autopilot is a zero-touch, self-service Windows deployment platform introduced with Windows 10, version 1703. The Windows Autopilot process runs immediately after powering on a new computer for the first time, enabling employees to configure new devices to be business-ready with just a few clicks. + +This guide is intended for use by an IT-specialist, system architect, or business decision maker. The guide provides information about how Windows Autopilot deployment works, including detailed requirements, deployment scenarios, and platform capabilities. The document highlights options that are available to you when planning a modern, cloud-joined Windows 10 deployment strategy. Links are provided to detailed step by step configuration procedures. + +## In this guide + + +
      What's new Windows Autopilot is always being updated with new features! Check this topic to read about the latests capabilities. +
      + +### Understanding Windows Autopilot + + +
      Overview of Windows AutopilotA review of Windows Autopilot is provided with a video walkthrough. Benefits and general requirements are discussed. +
      RequirementsDetailed software, network, licensiing, and configuration requirments are provided. +
      Scenarios and CapabilitiesA summary of Windows Autopilot deployment scenarios and capabilities. +
      Get startedInterested in trying out Autopilot? See this step-by-step walkthrough to test Windows Autopilot on a virtual machine or physical device with a free 30-day trial premium Intune account. +
      + +### Deployment scenarios + + +
      User-driven modeRequirements and validation steps for deploying a new Azure Active Directory (AAD) joined or hybrid AAD-joined Windows 10 device are provided. +
      Self-deploying modeRequirements and validation steps for deploying a new Windows 10 device with little to no user interaction are provided. +
      Windows Autopilot ResetUsing Windows Autopilot Reset, a device can be restored to its original settings, taking it back to a business-ready state. Both local and remote reset scenarios are discussed. +
      Windows Autopilot for white glove deploymentRequirements and procedures are described that enable additional policies and apps to be delivered to a Windows Autopilot device. +
      Support for existing devicesThis topic describes how Windows Autopilot can be used to convert Windows 7 or Windows 8.1 domain-joined computers to AAD-joined computers running Windows 10. +
      + +### Using Windows Autopilot + + +
      Registering devicesThe process of registering a device with the Windows Autopilot deployment service is described. +
      Configuring device profilesThe device profile settings that specifie its behavior when it is deployed are described. +
      Enrollment status pageSettings that are available on the Enrollment Status Page are described. +
      BitLocker encryption Available options for configuring BitLocker on Windows Autopilot devices are described. +
      Troubleshooting Windows AutopilotDiagnotic event information and troubleshooting procedures are provided. +
      Known issuesA list of current known issues and solutions is provided. +
      + +### Support topics + + +
      FAQFrequently asked questions on several topics are provided. +
      Support contactsSupport information is provided. +
      Registration authorizationThis article discusses how a CSP partner or OEM can obtain customer authorization to register Windows Autopilot devices. +
      Motherboard replacementInformation about how to deal with Autopilot registration and device repair issues is provided. +
      + +## Related topics + +[Windows Autopilot](https://www.microsoft.com/windowsforbusiness/windows-autopilot) diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md index 34ca5dcbde..939b4ac431 100644 --- a/windows/deployment/windows-autopilot/self-deploying.md +++ b/windows/deployment/windows-autopilot/self-deploying.md @@ -1,73 +1,74 @@ ---- -title: Windows Autopilot Self-Deploying mode -description: Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.reviewer: mniehaus -manager: laurawi -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article ---- - -# Windows Autopilot Self-Deploying mode - -**Applies to: Windows 10, version 1903 or later** - -Windows Autopilot self-deploying mode enables a device to be deployed with little to no user interaction. For devices with an Ethernet connection, no user interaction is required; for devices connected via Wi-fi, no interaction is required after making the Wi-fi connection (choosing the language, locale, and keyboard, then making a network connection). - -Self-deploying mode joins the device into Azure Active Directory, enrolls the device in Intune (or another MDM service) leveraging Azure AD for automatic MDM enrollment, and ensures that all policies, applications, certificates, and networking profiles are provisioned on the device, leveraging the enrollment status page to prevent access to the desktop until the device is fully provisioned. - ->[!NOTE] ->Self-deploying mode does not support Active Directory Join or Hybrid Azure AD Join. All devices will be joined to Azure Active Directory. - -Self-deploying mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device. When setting up a kiosk, you can leverage the new Kiosk Browser, an app built on Microsoft Edge that can be used to create a tailored, MDM-managed browsing experience. When combined with MDM policies to create a local account and configure it to automatically log on, the complete configuration of the device can be automated. Find out more about these options by reading simplifying kiosk management for IT with Windows 10. See [Set up a kiosk or digital sign in Intune or other MDM service](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage#set-up-a-kiosk-or-digital-sign-in-intune-or-other-mdm-service) for additional details. - ->[!NOTE] ->Self-deploying mode does not presently associate a user with the device (since no user ID or password is specified as part of the process). As a result, some Azure AD and Intune capabilities (such as BitLocker recovery, installation of apps from the Company Portal, or Conditional Access) may not be available to a user that signs into the device. - -![The user experience with Windows Autopilot self-deploying mode](images/self-deploy-welcome.png) - -## Requirements - -Because self-deploying mode uses a device’s TPM 2.0 hardware to authenticate the device into an organization’s Azure AD tenant, devices without TPM 2.0 cannot be used with this mode. The devices must also support TPM device attestation. (All newly-manufactured Windows devices should meet these requirements.) - ->[!IMPORTANT] ->If you attempt a self-deploying mode deployment on a device that does not have support TPM 2.0 or on a virtual machine, the process will fail when verifying the device with an 0x800705B4 timeout error (Hyper-V virtual TPMs are not supported).. Also note that Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809. Since Windows 10 Enterprise 2019 LTSC is based on Windows 10 version 1809, self-deploying mode is also not supported on Windows 10 Enterprise 2019 LTSC. - -In order to display an organization-specific logo and organization name during the Autopilot process, Azure Active Directory Company Branding needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details. - -## Step by step - -In order to perform a self-deploying mode deployment using Windows Autopilot, the following preparation steps need to be completed: - -- Create an Autopilot profile for self-deploying mode with the desired settings. In Microsoft Intune, this mode is explicitly chosen when creating the profile. (Note that it is not possible to create a profile in the Microsoft Store for Business or Partner Center for self-deploying mode.) -- If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group. Ensure that the profile has been assigned to the device before attempting to deploy that device. -- Boot the device, connecting it to Wi-fi if required, then wait for the provisioning process to complete. - -## Validation - -When performing a self-deploying mode deployment using Windows Autopilot, the following end-user experience should be observed: - -- Once connected to a network, the Autopilot profile will be downloaded. -- If the Autopilot profile has been configured to automatically configure the language, locale, and keyboard layout, these OOBE screens should be skipped as long as Ethernet connectivity is available. Otherwise, manual steps are required: - - If multiple languages are preinstalled in Windows 10, the user must pick a language. - - The user must pick a locale and a keyboard layout, and optionally a second keyboard layout. -- If connected via Ethernet, no network prompt is expected. If no Ethernet connection is available and Wi-fi is built in, the user needs to connect to a wireless network. -- Windows 10 will check for critical OOBE updates, and if any are available they will be automatically installed (rebooting if required). -- The device will join Azure Active Directory. -- After joining Azure Active Directory, the device will enroll in Intune (or other configured MDM services). -- The [enrollment status page](enrollment-status.md) will be displayed. -- Depending on the device settings deployed, the device will either: - - Remain at the logon screen, where any member of the organization can log on by specifying their Azure AD credentials. - - Automatically sign in as a local account, for devices configured as a kiosk or digital signage. - ->[!NOTE] ->Deploying EAS policies using self-deploying mode for kiosk deployments will cause auto-logon functionality to fail. - -In case the observed results do not match these expectations, consult the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation. +--- +title: Windows Autopilot Self-Deploying mode +description: Windows Autopilot deployment +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.reviewer: mniehaus +manager: laurawi +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + +# Windows Autopilot Self-Deploying mode + +**Applies to: Windows 10, version 1903 or later** + +Windows Autopilot self-deploying mode enables a device to be deployed with little to no user interaction. For devices with an Ethernet connection, no user interaction is required; for devices connected via Wi-fi, no interaction is required after making the Wi-fi connection (choosing the language, locale, and keyboard, then making a network connection). + +Self-deploying mode joins the device into Azure Active Directory, enrolls the device in Intune (or another MDM service) leveraging Azure AD for automatic MDM enrollment, and ensures that all policies, applications, certificates, and networking profiles are provisioned on the device, leveraging the enrollment status page to prevent access to the desktop until the device is fully provisioned. + +>[!NOTE] +>Self-deploying mode does not support Active Directory Join or Hybrid Azure AD Join. All devices will be joined to Azure Active Directory. + +Self-deploying mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device. When setting up a kiosk, you can leverage the new Kiosk Browser, an app built on Microsoft Edge that can be used to create a tailored, MDM-managed browsing experience. When combined with MDM policies to create a local account and configure it to automatically log on, the complete configuration of the device can be automated. Find out more about these options by reading simplifying kiosk management for IT with Windows 10. See [Set up a kiosk or digital sign in Intune or other MDM service](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage#set-up-a-kiosk-or-digital-sign-in-intune-or-other-mdm-service) for additional details. + +>[!NOTE] +>Self-deploying mode does not presently associate a user with the device (since no user ID or password is specified as part of the process). As a result, some Azure AD and Intune capabilities (such as BitLocker recovery, installation of apps from the Company Portal, or Conditional Access) may not be available to a user that signs into the device. For more information see [Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md) and [Setting the BitLocker encryption algorithm for Autopilot devices](bitlocker.md). + +![The user experience with Windows Autopilot self-deploying mode](images/self-deploy-welcome.png) + +## Requirements + +Because self-deploying mode uses a device’s TPM 2.0 hardware to authenticate the device into an organization’s Azure AD tenant, devices without TPM 2.0 cannot be used with this mode. The devices must also support TPM device attestation. (All newly-manufactured Windows devices should meet these requirements.) + +>[!IMPORTANT] +>If you attempt a self-deploying mode deployment on a device that does not have support TPM 2.0 or on a virtual machine, the process will fail when verifying the device with an 0x800705B4 timeout error (Hyper-V virtual TPMs are not supported).. Also note that Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809. Since Windows 10 Enterprise 2019 LTSC is based on Windows 10 version 1809, self-deploying mode is also not supported on Windows 10 Enterprise 2019 LTSC. + +In order to display an organization-specific logo and organization name during the Autopilot process, Azure Active Directory Company Branding needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details. + +## Step by step + +In order to perform a self-deploying mode deployment using Windows Autopilot, the following preparation steps need to be completed: + +- Create an Autopilot profile for self-deploying mode with the desired settings. In Microsoft Intune, this mode is explicitly chosen when creating the profile. (Note that it is not possible to create a profile in the Microsoft Store for Business or Partner Center for self-deploying mode.) +- If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group. Ensure that the profile has been assigned to the device before attempting to deploy that device. +- Boot the device, connecting it to Wi-fi if required, then wait for the provisioning process to complete. + +## Validation + +When performing a self-deploying mode deployment using Windows Autopilot, the following end-user experience should be observed: + +- Once connected to a network, the Autopilot profile will be downloaded. +- If the Autopilot profile has been configured to automatically configure the language, locale, and keyboard layout, these OOBE screens should be skipped as long as Ethernet connectivity is available. Otherwise, manual steps are required: + - If multiple languages are preinstalled in Windows 10, the user must pick a language. + - The user must pick a locale and a keyboard layout, and optionally a second keyboard layout. +- If connected via Ethernet, no network prompt is expected. If no Ethernet connection is available and Wi-fi is built in, the user needs to connect to a wireless network. +- Windows 10 will check for critical OOBE updates, and if any are available they will be automatically installed (rebooting if required). +- The device will join Azure Active Directory. +- After joining Azure Active Directory, the device will enroll in Intune (or other configured MDM services). +- The [enrollment status page](enrollment-status.md) will be displayed. +- Depending on the device settings deployed, the device will either: + - Remain at the logon screen, where any member of the organization can log on by specifying their Azure AD credentials. + - Automatically sign in as a local account, for devices configured as a kiosk or digital signage. + +>[!NOTE] +>Deploying EAS policies using self-deploying mode for kiosk deployments will cause auto-logon functionality to fail. + +In case the observed results do not match these expectations, consult the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation. diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md index 9862d47c2b..75e7e3a334 100644 --- a/windows/deployment/windows-autopilot/white-glove.md +++ b/windows/deployment/windows-autopilot/white-glove.md @@ -1,114 +1,116 @@ ---- -title: Windows Autopilot for white glove deployment -description: Windows Autopilot for white glove deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, pre-provisioning -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: low -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -manager: laurawi -ms.audience: itpro author: greg-lindsay -ms.collection: M365-modern-desktop -ms.topic: article ---- - -# Windows Autopilot for white glove deployment - -**Applies to: Windows 10, version 1903** - -Windows Autopilot enables organizations to easily provision new devices - leveraging the preinstalled OEM image and drivers with a simple process that can be performed by the end user to help get their device business-ready. - - ![OEM](images/wg01.png) - -Windows Autopilot can also provide a white glove service that enables partners or IT staff to pre-provision a Windows 10 PC so that it is fully configured and business-ready. From the end user’s perspective, the Windows Autopilot user-driven experience is unchanged, but getting their device to a fully provisioned state is faster. - -With **Windows Autopilot for white glove deployment**, the provisioning process is split. The time-consuming portions are performed by IT, partners, or OEMs. The end user simply completes a few necessary settings and polices and then they can begin using their device. - - ![OEM](images/wg02.png) - -Enabled with Microsoft Intune in Windows 10, version 1903 and later, white glove deployment capabilities build on top of existing Windows Autopilot [user-driven scenarios](user-driven.md), supporting both the user-driven [Azure AD join](user-driven-aad.md) and [Hybrid Azure AD](user-driven-hybrid.md) join scenarios. - -## Prerequisites - -In addition to [Windows Autopilot requirements](windows-autopilot-requirements.md), Windows Autopilot for white glove deployment adds the following: - -- Windows 10, version 1903 or later is required. -- An Intune subscription. -- Physical devices that support TPM 2.0 and device attestation; virtual machines are not supported. The white glove provisioning process leverages Windows Autopilot self-deploying capabilities, hence the TPM 2.0 requirements. -- Physical devices with Ethernet connectivity; Wi-fi connectivity is not supported due to the requirement to choose a language, locale, and keyboard to make that Wi-fi connection; doing that in a pre-provisioning process could prevent the user from choosing their own language, locale, and keyboard when they receive the device. - ->[!IMPORTANT] ->Because the OEM or vendor performs the white glove process, this doesn’t require access to an end-user's on-prem domain infrastructure. This is unlike a typical hybrid Azure AD-joined scenario because rebooting the device is postponed. The device is resealed prior to the time when connectivity to a domain controller is expected, and the domain network is contacted when the device is unboxed on-prem by the end-user. - -## Preparation - -Devices slated for WG provisioning are registered for Autopilot via the normal registration process. - -To be ready to try out Windows Autopilot for white glove deployment, ensure that you can first successfully use existing Windows Autopilot user-driven scenarios: - -- User-driven Azure AD join. Devices can be deployed using Windows Autopilot and joined to an Azure Active Directory tenant. -- User-driven with Hybrid Azure AD join. Devices can be deployed using Windows Autopilot and joined to an on-premises Active Directory domain, then registered with Azure Active Directory to enable the Hybrid Azure AD join features. - -If these scenarios cannot be completed, Windows Autopilot for white glove deployment will also not succeed since it builds on top of these scenarios. - -To enable white glove deployment, an additional Autopilot profile setting must be configured by the customer or IT Admin via their Intune account, prior to beginning the white glove process in the provisioning service facility: - - ![allow white glove](images/allow-white-glove-oobe.png) - -The Windows Autopilot for white glove deployment pre-provisioning process will apply all device-targeted policies from Intune. That includes certificates, security templates, settings, apps, and more – anything targeting the device. Additionally, any apps (Win32 or LOB) that are configured to install in the device context and targeted to the user that has been pre-assigned to the Autopilot device will also be installed. - ->[!NOTE] ->Other user-targeted policies will not apply until the user signs into the device. To verify these behaviors, be sure to create appropriate apps and policies targeted to devices and users. - -## Scenarios - -Windows Autopilot for white glove deployment supports two distinct scenarios: -- User-driven deployments with Azure AD Join. The device will be joined to an Azure AD tenant. -- User-driven deployments with Hybrid Azure AD Join. The device will be joined to an on-premises Active Directory domain, and separately registered with Azure AD. -Each of these scenarios consists of two parts, a technician flow and a user flow. At a high level, these parts are the same for Azure AD Join and Hybrid Azure AD join; differences are primarily seen by the end user in the authentication steps. - -### Technican flow - -After the customer or IT Admin has targeted all the apps and settings they want for their devices through Intune, the white glove technician can begin the white glove process. The technician could be a member of the IT staff, a services partner, or an OEM – each organization can decide who should perform these activities. Regardless of the scenario, the process to be performed by the technician is the same: -- Boot the device (running Windows 10 Pro, Enterprise, or Education SKUs, version 1903 or later). -- From the first OOBE screen (which could be a language selection or locale selection screen), do not click **Next**. Instead, press the Windows key five times to view an additional options dialog. From that screen, choose the **Windows Autopilot provisioning** option and then click **Continue**. - - ![choice](images/choice.png) - -- On the **Windows Autopilot Configuration** screen, information will be displayed about the device: - - The Autopilot profile assigned to the device. - - The organization name for the device. - - The user assigned to the device (if there is one). - - A QR code containing a unique identifier for the device, useful to look up the device in Intune to make any configuration changes needed (e.g. assigning a user, adding the device to any additional groups needed for app or policy targeting). - - **Note**: The QR codes can be scanned using a companion app, which will also configure the device to specify who it belongs to. An [open-source sample of the companion app](https://github.com/Microsoft/WindowsAutopilotCompanion) that integrates with Intune via the Graph API has been published to GitHub by the Autopilot team. -- Validate the information displayed. If any changes are needed, make these and then click **Refresh** to re-download the updated Autopilot profile details. - - ![landing](images/landing.png) - -- Click **Provision** to begin the provisioning process. - -If the pre-provisioning process completes successfully: -- A green status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps. - ![white-glove-result](images/white-glove-result.png) -- Click **Reseal** to shut the device down. At that point, the device can be shipped to the end user. - -If the pre-provisioning process fails: -- A red status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps. -- Diagnostic logs can be gathered from the device, and then it can be reset to start the process over again. - -### User flow - -If the pre-provisioning process completed successfully and the device was resealed, it can be delivered to the end user to complete the normal Windows Autopilot user-driven process. They will perform a standard set of steps: - -- Power on the device. -- Select the appropriate language, locale, and keyboard layout. -- Connect to a network (if using Wi-Fi). If using Hybrid Azure AD Join, there must be connectivity to a domain controller; if using Azure AD Join, internet connectivity is required. -- On the branded sign-on screen, enter the user’s Azure Active Directory credentials. -- If using Hybrid Azure AD Join, the device will reboot; after the reboot, enter the user’s Active Directory credentials. -- Additional policies and apps will be delivered to the device, as tracked by the Enrollment Status Page (ESP). Once complete, the user will be able to access the desktop. - -## Related topics - -[White glove video](https://youtu.be/nE5XSOBV0rI) +--- +title: Windows Autopilot for white glove deployment +description: Windows Autopilot for white glove deployment +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, pre-provisioning +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: low +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +manager: laurawi +ms.audience: itpro +author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article +--- + +# Windows Autopilot for white glove deployment + +**Applies to: Windows 10, version 1903** + +Windows Autopilot enables organizations to easily provision new devices - leveraging the preinstalled OEM image and drivers with a simple process that can be performed by the end user to help get their device business-ready. + + ![OEM](images/wg01.png) + +Windows Autopilot can also provide a white glove service that enables partners or IT staff to pre-provision a Windows 10 PC so that it is fully configured and business-ready. From the end user’s perspective, the Windows Autopilot user-driven experience is unchanged, but getting their device to a fully provisioned state is faster. + +With **Windows Autopilot for white glove deployment**, the provisioning process is split. The time-consuming portions are performed by IT, partners, or OEMs. The end user simply completes a few necessary settings and polices and then they can begin using their device. + + ![OEM](images/wg02.png) + +Enabled with Microsoft Intune in Windows 10, version 1903 and later, white glove deployment capabilities build on top of existing Windows Autopilot [user-driven scenarios](user-driven.md), supporting both the user-driven [Azure AD join](user-driven-aad.md) and [Hybrid Azure AD](user-driven-hybrid.md) join scenarios. + +## Prerequisites + +In addition to [Windows Autopilot requirements](windows-autopilot-requirements.md), Windows Autopilot for white glove deployment adds the following: + +- Windows 10, version 1903 or later is required. +- An Intune subscription. +- Physical devices that support TPM 2.0 and device attestation; virtual machines are not supported. The white glove provisioning process leverages Windows Autopilot self-deploying capabilities, hence the TPM 2.0 requirements. +- Physical devices with Ethernet connectivity; Wi-fi connectivity is not supported due to the requirement to choose a language, locale, and keyboard to make that Wi-fi connection; doing that in a pre-provisioning process could prevent the user from choosing their own language, locale, and keyboard when they receive the device. + +>[!IMPORTANT] +>Because the OEM or vendor performs the white glove process, this doesn’t require access to an end-user's on-prem domain infrastructure. This is unlike a typical hybrid Azure AD-joined scenario because rebooting the device is postponed. The device is resealed prior to the time when connectivity to a domain controller is expected, and the domain network is contacted when the device is unboxed on-prem by the end-user. + +## Preparation + +Devices slated for white glove provisioning are registered for Autopilot via the normal registration process. + +To be ready to try out Windows Autopilot for white glove deployment, ensure that you can first successfully use existing Windows Autopilot user-driven scenarios: + +- User-driven Azure AD join. Devices can be deployed using Windows Autopilot and joined to an Azure Active Directory tenant. +- User-driven with Hybrid Azure AD join. Devices can be deployed using Windows Autopilot and joined to an on-premises Active Directory domain, then registered with Azure Active Directory to enable the Hybrid Azure AD join features. + +If these scenarios cannot be completed, Windows Autopilot for white glove deployment will also not succeed since it builds on top of these scenarios. + +To enable white glove deployment, an additional Autopilot profile setting must be configured by the customer or IT Admin via their Intune account, prior to beginning the white glove process in the provisioning service facility: + + ![allow white glove](images/allow-white-glove-oobe.png) + +The Windows Autopilot for white glove deployment pre-provisioning process will apply all device-targeted policies from Intune. That includes certificates, security templates, settings, apps, and more – anything targeting the device. Additionally, any apps (Win32 or LOB) that are configured to install in the device context and targeted to the user that has been pre-assigned to the Autopilot device will also be installed. + +>[!NOTE] +>Other user-targeted policies will not apply until the user signs into the device. To verify these behaviors, be sure to create appropriate apps and policies targeted to devices and users. + +## Scenarios + +Windows Autopilot for white glove deployment supports two distinct scenarios: +- User-driven deployments with Azure AD Join. The device will be joined to an Azure AD tenant. +- User-driven deployments with Hybrid Azure AD Join. The device will be joined to an on-premises Active Directory domain, and separately registered with Azure AD. +Each of these scenarios consists of two parts, a technician flow and a user flow. At a high level, these parts are the same for Azure AD Join and Hybrid Azure AD join; differences are primarily seen by the end user in the authentication steps. + +### Technican flow + +After the customer or IT Admin has targeted all the apps and settings they want for their devices through Intune, the white glove technician can begin the white glove process. The technician could be a member of the IT staff, a services partner, or an OEM – each organization can decide who should perform these activities. Regardless of the scenario, the process to be performed by the technician is the same: +- Boot the device (running Windows 10 Pro, Enterprise, or Education SKUs, version 1903 or later). +- From the first OOBE screen (which could be a language selection or locale selection screen), do not click **Next**. Instead, press the Windows key five times to view an additional options dialog. From that screen, choose the **Windows Autopilot provisioning** option and then click **Continue**. + + ![choice](images/choice.png) + +- On the **Windows Autopilot Configuration** screen, information will be displayed about the device: + - The Autopilot profile assigned to the device. + - The organization name for the device. + - The user assigned to the device (if there is one). + - A QR code containing a unique identifier for the device, useful to look up the device in Intune to make any configuration changes needed (e.g. assigning a user, adding the device to any additional groups needed for app or policy targeting). + - **Note**: The QR codes can be scanned using a companion app, which will also configure the device to specify who it belongs to. An [open-source sample of the companion app](https://github.com/Microsoft/WindowsAutopilotCompanion) that integrates with Intune via the Graph API has been published to GitHub by the Autopilot team. +- Validate the information displayed. If any changes are needed, make these and then click **Refresh** to re-download the updated Autopilot profile details. + + ![landing](images/landing.png) + +- Click **Provision** to begin the provisioning process. + +If the pre-provisioning process completes successfully: +- A green status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps. + ![white-glove-result](images/white-glove-result.png) +- Click **Reseal** to shut the device down. At that point, the device can be shipped to the end user. + +If the pre-provisioning process fails: +- A red status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps. +- Diagnostic logs can be gathered from the device, and then it can be reset to start the process over again. + +### User flow + +If the pre-provisioning process completed successfully and the device was resealed, it can be delivered to the end user to complete the normal Windows Autopilot user-driven process. They will perform a standard set of steps: + +- Power on the device. +- Select the appropriate language, locale, and keyboard layout. +- Connect to a network (if using Wi-Fi). If using Hybrid Azure AD Join, there must be connectivity to a domain controller; if using Azure AD Join, internet connectivity is required. +- On the branded sign-on screen, enter the user’s Azure Active Directory credentials. +- If using Hybrid Azure AD Join, the device will reboot; after the reboot, enter the user’s Active Directory credentials. +- Additional policies and apps will be delivered to the device, as tracked by the Enrollment Status Page (ESP). Once complete, the user will be able to access the desktop. + +## Related topics + +[White glove video](https://youtu.be/nE5XSOBV0rI) diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md index f94b65ffef..742ae20f20 100644 --- a/windows/deployment/windows-deployment-scenarios-and-tools.md +++ b/windows/deployment/windows-deployment-scenarios-and-tools.md @@ -1,350 +1,352 @@ ---- -title: Windows 10 deployment tools (Windows 10) -description: To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. -ms.assetid: 0d6cee1f-14c4-4b69-b29a-43b0b327b877 -ms.reviewer: -manager: laurawi -ms.audience: itpro author: greg-lindsay -keywords: deploy, volume activation, BitLocker, recovery, install, installation, VAMT, MDT, USMT, WDS -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Windows 10 deployment scenarios and tools - - -To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. - -Microsoft provides many tools, services, and solutions. These tools include Windows Deployment Services (WDS), the Volume Activation Management Tool (VAMT), the User State Migration Tool (USMT), Windows System Image Manager (Windows SIM), Windows Preinstallation Environment (Windows PE), and Windows Recovery Environment (Windows RE). Keep in mind that these are just tools and not a complete solution on their own. It’s when you combine these tools with solutions like [Microsoft Deployment Toolkit (MDT)](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) or [Microsoft System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) that you get the complete deployment solution. - -In this topic, you also learn about different types of reference images that you can build, and why reference images are beneficial for most organizations - -## Windows Assessment and Deployment Kit - - -Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more details, see [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803 ) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md). - -![figure 1](images/win-10-adk-select.png) - -Figure 1. The Windows 10 ADK feature selection page. - -### Deployment Image Servicing and Management (DISM) - -DISM is one of the deployment tools included in the Windows ADK and is used for capturing, servicing, and deploying boot images and operating system images. - -DISM services online and offline images. For example, with DISM you can install the Microsoft .NET Framework 3.5.1 in Windows 10 online, which means that you can start the installation in the running operating system, not that you get the software online. The /LimitAccess switch configures DISM to get the files only from a local source: - -``` syntax -Dism.exe /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\Sources\SxS /LimitAccess -``` - -In Windows 10, you can use Windows PowerShell for many of the functions performed by DISM.exe. The equivalent command in Windows 10 using PowerShell is: - -``` syntax -Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 -All --Source D:\Sources\SxS -LimitAccess -``` - -![figure 2](images/mdt-11-fig05.png) - -Figure 2. Using DISM functions in PowerShell. - -For more information on DISM, see [DISM technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619161). - -### User State Migration Tool (USMT) - -USMT is a backup and restore tool that allows you to migrate user state, data, and settings from one installation to another. Microsoft Deployment Toolkit (MDT) and System Center 2012 R2 Configuration Manager use USMT as part of the operating system deployment process. - -**Note**   -Occasionally, we find that customers are wary of USMT because they believe it requires significant configuration, but, as you will learn below, using USMT is not difficult. If you use MDT and Lite Touch to deploy your machines, the USMT feature is automatically configured and extended so that it is easy to use. With MDT, you do nothing at all and USMT just works. - - - -USMT includes several command-line tools, the most important of which are ScanState and LoadState: - -- **ScanState.exe.** This performs the user-state backup. - -- **LoadState.exe.** This performs the user-state restore. - -- **UsmtUtils.exe.** This supplements the functionality in ScanState.exe and LoadState.exe. - -In addition to these tools, there are also XML templates that manage which data is migrated. You can customize the templates, or create new ones, to manage the backup process at a high level of detail. USMT uses the following terms for its templates: - -- **Migration templates.** The default templates in USMT. - -- **Custom templates.** Custom templates that you create. - -- **Config template.** An optional template, called Config.xml, which you can use to exclude or include components in a migration without modifying the other standard XML templates. - -![figure 3](images/mdt-11-fig06.png) - -Figure 3. A sample USMT migration file that will exclude .MP3 files on all local drives and include the folder C:\\Data and all its files, including its subdirectories and their files. - -USMT supports capturing data and settings from Windows Vista and later, and restoring the data and settings to Windows 7 and later (including Windows 10 in both cases). It also supports migrating from a 32-bit operating system to a 64-bit operating system, but not the other way around. For example, you can use USMT to migrate from Windows 7 x86 to Windows 10 x64. - -By default USMT migrates many settings, most of which are related to the user profile but also to Control Panel configurations, file types, and more. The default templates that are used in Windows 10 deployments are MigUser.xml and MigApp.xml. These two default templates migrate the following data and settings: - -- Folders from each profile, including those from user profiles as well as shared and public profiles. For example, the My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites folders are migrated. - -- Specific file types. USMT templates migrate the following file types: .accdb, .ch3, .csv, .dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*. - - **Note**   - The OpenDocument extensions (\*.odt, \*.odp, \*.ods, etc.) that Microsoft Office applications can use are not migrated by default. - - - -- Operating system component settings - -- Application settings - -These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more details on what USMT migrates, see [What does USMT migrate?](https://go.microsoft.com/fwlink/p/?LinkId=619227) For more information on the USMT overall, see the [USMT technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619228). - -### Windows Imaging and Configuration Designer - -Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device (PCs, tablets, and phones). This is particularly useful for setting up new devices, without the need for re-imaging the device with a custom image. - -![figure 4](images/windows-icd.png) - -Figure 4. Windows Imaging and Configuration Designer. - -For more information, see [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkID=525483). - -### Windows System Image Manager (Windows SIM) - -Windows SIM is an authoring tool for Unattend.xml files. When using MDT and/or Configuration Manager, you don’t need Windows SIM very often because those systems automatically update the Unattend.xml file during the deployment, greatly simplifying the process overall. - -![figure 7](images/mdt-11-fig07.png) - -Figure 5. Windows answer file opened in Windows SIM. - -For more information, see [Windows System Image Manager Technical Reference]( https://go.microsoft.com/fwlink/p/?LinkId=619906). - -### Volume Activation Management Tool (VAMT) - -If you don’t use KMS, you can still manage your MAKs centrally with the Volume Activation Management Tool (VAMT). With this tool, you can install and manage product keys throughout the organization. VAMT also can activate on behalf of clients without Internet access, acting as a MAK proxy. - -![figure 6](images/mdt-11-fig08.png) - -Figure 6. The updated Volume Activation Management Tool. - -VAMT also can be used to create reports, switch from MAK to KMS, manage Active Directory-based activation, and manage Office 2010 and Office 2013 volume activation. VAMT also supports PowerShell (instead of the old command-line tool). For example, if you want to get information from the VAMT database, you can type: - -``` syntax -Get-VamtProduct -``` - -For more information on the VAMT, see [VAMT technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619230). - -### Windows Preinstallation Environment (Windows PE) - -Windows PE is a “Lite” version of Windows 10 and was created to act as a deployment platform. Windows PE replaces the DOS or Linux boot disks that ruled the deployment solutions of the last decade. - -The key thing to know about Windows PE is that, like the operating system, it needs drivers for at least network and storage devices in each PC. Luckily Windows PE includes the same drivers as the full Windows 10 operating system, which means much of your hardware will work out of the box. - -![figure 7](images/mdt-11-fig09.png) - -Figure 7. A machine booted with the Windows ADK default Windows PE boot image. - -For more details on Windows PE, see [Windows PE (WinPE)](https://go.microsoft.com/fwlink/p/?LinkId=619233). - -## Windows Recovery Environment - - -Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset included in Windows Vista and later operating systems. The latest version of Windows RE is based on Windows PE. You can also extend Windows RE and add your own tools if needed. If a Windows installation fails to start and Windows RE is installed, you will see an automatic failover into Windows RE. - -![figure 8](images/mdt-11-fig10.png) - -Figure 8. A Windows 10 client booted into Windows RE, showing Advanced options. - -For more information on Windows RE, see [Windows Recovery Environment](https://go.microsoft.com/fwlink/p/?LinkId=619236). - -## Windows Deployment Services - - -Windows Deployment Services (WDS) has been updated and improved in several ways starting with Windows 8. Remember that the two main functions you will use are the PXE boot support and multicast. Most of the changes are related to management and increased performance. In Windows Server 2012 R2, WDS also can be used for the Network Unlock feature in BitLocker. - -![figure 9](images/mdt-11-fig11.png) - -Figure 9. Windows Deployment Services using multicast to deploy three machines. - -In Windows Server 2012 R2, [Windows Deployment Services](https://go.microsoft.com/fwlink/p/?LinkId=619245) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you will use them instead. In WDS, it is possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management. - -### Trivial File Transfer Protocol (TFTP) configuration - -In some cases, you need to modify TFTP Maximum Block Size settings for performance tuning reasons, especially when PXE traffic travels through routers and such. In the previous version of WDS, it was possible to change that, but the method of do so—editing the registry—was not user friendly. In Windows Server 2012, this has become much easier to do as it can be configured as a setting. - -Also, there are a few new features related to TFTP performance: - -- **Scalable buffer management.** Allows buffering an entire file instead of a fixed-size buffer for each client, enabling different sessions to read from the same shared buffer. - -- **Scalable port management.** Provides the capability to service clients with shared UDP port allocation, increasing scalability. - -- **Variable-size transmission window (Variable Windows Extension).** Improves TFTP performance by allowing the client and server to determine the largest workable window size. - -![figure 10](images/mdt-11-fig12.png) - -Figure 10. TFTP changes are now easy to perform. - -## Microsoft Deployment Toolkit - - -MDT is a free deployment solution from Microsoft. It provides end-to-end guidance, best practices, and tools for planning, building, and deploying Windows operating systems. MDT builds on top of the core deployment tools in the Windows ADK by contributing guidance, reducing complexity, and adding critical features for an enterprise-ready deployment solution. - -MDT has two main parts: the first is Lite Touch, which is a stand-alone deployment solution; the second is Zero Touch, which is an extension to System Center 2012 R2 Configuration Manager. - -**Note**   -Lite Touch and Zero Touch are marketing names for the two solutions that MDT supports, and the naming has nothing to do with automation. You can fully automate the stand-alone MDT solution (Lite Touch), and you can configure the solution integration with Configuration Manager to prompt for information. - - - -![figure 11](images/mdt-11-fig13.png) - -Figure 11. The Deployment Workbench in, showing a task sequence. - -For more information on MDT, see the [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=618117) resource center. - -## Microsoft Security Compliance Manager 2013 - - -[Microsoft SCM](https://go.microsoft.com/fwlink/p/?LinkId=619246) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer. - -![figure 12](images/mdt-11-fig14.png) - -Figure 12. The SCM console showing a baseline configuration for a fictional client's computer security compliance. - -## Microsoft Desktop Optimization Pack - - -MDOP is a suite of technologies available to Software Assurance customers through an additional subscription. - -The following components are included in the MDOP suite: - -- **Microsoft Application Virtualization (App-V).** App-V 5.0 provides an integrated platform, more flexible virtualization, and powerful management for virtualized applications. With the release of App-V 5.0 SP3, you have support to run virtual applications on Windows 10. - -- **Microsoft User Experience Virtualization (UE-V).** UE-V monitors the changes that are made by users to application settings and Windows operating system settings. The user settings are captured and centralized to a settings storage location. These settings can then be applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. - -- **Microsoft Advanced Group Policy Management (AGPM).** AGPM enables advanced management of Group Policy objects by providing change control, offline editing, and role-based delegation. - -- **Microsoft Diagnostics and Recovery Toolset (DaRT).** DaRT provides additional tools that extend Windows RE to help you troubleshoot and repair your machines. - -- **Microsoft BitLocker Administration and Monitoring (MBAM).** MBAM is an administrator interface used to manage BitLocker drive encryption. It allows you to configure your enterprise with the correct BitLocker encryption policy options, as well as monitor compliance with these policies. - -For more information on the benefits of an MDOP subscription, see [Microsoft Desktop Optimization Pack](https://go.microsoft.com/fwlink/p/?LinkId=619247). - -## Internet Explorer Administration Kit 11 - - -There has been a version of IEAK for every version of Internet Explorer since 3.0. It gives you the capability to customize Internet Explorer as you would like. The end result of using IEAK is an Internet Explorer package that can be deployed unattended. The wizard creates one .exe file and one .msi file. - -![figure 13](images/mdt-11-fig15.png) - -Figure 13. The User Experience selection screen in IEAK 11. - -To download IEAK 11, see the [Internet Explorer Administration Kit (IEAK) Information and Downloads](https://go.microsoft.com/fwlink/p/?LinkId=619248) page. - -## Windows Server Update Services - - -WSUS is a server role in Windows Server 2012 R2 that enables you to maintain a local repository of Microsoft updates and then distribute them to machines on your network. WSUS offers approval control and reporting of update status in your environment. - -![figure 14](images/mdt-11-fig16.png) - -Figure 14. The Windows Server Update Services console. - -For more information on WSUS, see the [Windows Server Update Services Overview](https://go.microsoft.com/fwlink/p/?LinkId=619249). - -## Unified Extensible Firmware Interface - - -For many years BIOS has been the industry standard for booting a PC. BIOS has served us well, but it is time to replace it with something better. **UEFI** is the replacement for BIOS, so it is important to understand the differences between BIOS and UEFI. In this section, you learn the major differences between the two and how they affect operating system deployment. - -### Introduction to UEFI - -BIOS has been in use for approximately 30 years. Even though it clearly has proven to work, it has some limitations, including: - -- 16-bit code - -- 1 MB address space - -- Poor performance on ROM initialization - -- MBR maximum bootable disk size of 2.2 TB - -As the replacement to BIOS, UEFI has many features that Windows can and will use. - -With UEFI, you can benefit from: - -- **Support for large disks.** UEFI requires a GUID Partition Table (GPT) based disk, which means a limitation of roughly 16.8 million TB in disk size and more than 100 primary disks. - -- **Faster boot time.** UEFI does not use INT 13, and that improves boot time, especially when it comes to resuming from hibernate. - -- **Multicast deployment.** UEFI firmware can use multicast directly when it boots up. In WDS, MDT, and Configuration Manager scenarios, you need to first boot up a normal Windows PE in unicast and then switch into multicast. With UEFI, you can run multicast from the start. - -- **Compatibility with earlier BIOS.** Most of the UEFI implementations include a compatibility support module (CSM) that emulates BIOS. - -- **CPU-independent architecture.** Even if BIOS can run both 32- and 64-bit versions of firmware, all firmware device drivers on BIOS systems must also be 16-bit, and this affects performance. One of the reasons is the limitation in addressable memory, which is only 64 KB with BIOS. - -- **CPU-independent drivers.** On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. That is not needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images, which allow for a processor-independent device driver environment. - -- **Flexible pre-operating system environment.** UEFI can perform many functions for you. You just need an UEFI application, and you can perform diagnostics and automatic repairs, and call home to report errors. - -- **Secure boot.** Windows 8 and later can use the UEFI firmware validation process, called secure boot, which is defined in UEFI 2.3.1. Using this process, you can ensure that UEFI launches only a verified operating system loader and that malware cannot switch the boot loader. - -### Versions - -UEFI Version 2.3.1B is the version required for Windows 8 and later logo compliance. Later versions have been released to address issues; a small number of machines may need to upgrade their firmware to fully support the UEFI implementation in Windows 8 and later. - -### Hardware support for UEFI - -In regard to UEFI, hardware is divided into four device classes: - -- **Class 0 devices.** This is the UEFI definition for a BIOS, or non-UEFI, device. - -- **Class 1 devices.** These devices behave like a standard BIOS machine, but they run EFI internally. They should be treated as normal BIOS-based machines. Class 1 devices use a CSM to emulate BIOS. These older devices are no longer manufactured. - -- **Class 2 devices.** These devices have the capability to behave as a BIOS- or a UEFI-based machine, and the boot process or the configuration in the firmware/BIOS determines the mode. Class 2 devices use a CSM to emulate BIOS. These are the most common type of devices currently available. - -- **Class 3 devices.** These are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 is not supported on these class 3 devices. Class 3 devices do not have a CSM to emulate BIOS. - -### Windows support for UEFI - -Microsoft started with support for EFI 1.10 on servers and then added support for UEFI on both clients and servers. - -With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI does not support cross-platform boot. This means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system. - -### How UEFI is changing operating system deployment - -There are many things that affect operating system deployment as soon as you run on UEFI/EFI-based hardware. Here are considerations to keep in mind when working with UEFI devices: - -- Switching from BIOS to UEFI in the hardware is easy, but you also need to reinstall the operating system because you need to switch from MBR/NTFS to GPT/FAT32 and NTFS. - -- When you deploy to a Class 2 device, make sure the boot option you select matches the setting you want to have. It is common for old machines to have several boot options for BIOS but only a few for UEFI, or vice versa. - -- When deploying from media, remember the media has to be FAT32 for UEFI, and FAT32 has a file-size limitation of 4GB. - -- UEFI does not support cross-platform booting; therefore, you need to have the correct boot media (32- or 64-bit). - -For more information on UEFI, see the [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619251) overview and related resources. - -## Related topics - - - - -[Deploy Windows To Go](deploy-windows-to-go.md) - -[Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10) - -[Windows ADK for Windows 10 scenarios for IT pros](windows-adk-scenarios-for-it-pros.md) - - - - - - - - - +--- +title: Windows 10 deployment tools (Windows 10) +description: To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. +ms.assetid: 0d6cee1f-14c4-4b69-b29a-43b0b327b877 +ms.reviewer: +manager: laurawi +ms.audience: itpro +author: greg-lindsay +keywords: deploy, volume activation, BitLocker, recovery, install, installation, VAMT, MDT, USMT, WDS +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Windows 10 deployment scenarios and tools + + +To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. + +Microsoft provides many tools, services, and solutions. These tools include Windows Deployment Services (WDS), the Volume Activation Management Tool (VAMT), the User State Migration Tool (USMT), Windows System Image Manager (Windows SIM), Windows Preinstallation Environment (Windows PE), and Windows Recovery Environment (Windows RE). Keep in mind that these are just tools and not a complete solution on their own. It’s when you combine these tools with solutions like [Microsoft Deployment Toolkit (MDT)](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) or [Microsoft System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) that you get the complete deployment solution. + +In this topic, you also learn about different types of reference images that you can build, and why reference images are beneficial for most organizations + +## Windows Assessment and Deployment Kit + + +Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more details, see [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803 ) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md). + +![figure 1](images/win-10-adk-select.png) + +Figure 1. The Windows 10 ADK feature selection page. + +### Deployment Image Servicing and Management (DISM) + +DISM is one of the deployment tools included in the Windows ADK and is used for capturing, servicing, and deploying boot images and operating system images. + +DISM services online and offline images. For example, with DISM you can install the Microsoft .NET Framework 3.5.1 in Windows 10 online, which means that you can start the installation in the running operating system, not that you get the software online. The /LimitAccess switch configures DISM to get the files only from a local source: + +``` syntax +Dism.exe /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\Sources\SxS /LimitAccess +``` + +In Windows 10, you can use Windows PowerShell for many of the functions performed by DISM.exe. The equivalent command in Windows 10 using PowerShell is: + +``` syntax +Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 -All +-Source D:\Sources\SxS -LimitAccess +``` + +![figure 2](images/mdt-11-fig05.png) + +Figure 2. Using DISM functions in PowerShell. + +For more information on DISM, see [DISM technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619161). + +### User State Migration Tool (USMT) + +USMT is a backup and restore tool that allows you to migrate user state, data, and settings from one installation to another. Microsoft Deployment Toolkit (MDT) and System Center 2012 R2 Configuration Manager use USMT as part of the operating system deployment process. + +**Note**   +Occasionally, we find that customers are wary of USMT because they believe it requires significant configuration, but, as you will learn below, using USMT is not difficult. If you use MDT and Lite Touch to deploy your machines, the USMT feature is automatically configured and extended so that it is easy to use. With MDT, you do nothing at all and USMT just works. + + + +USMT includes several command-line tools, the most important of which are ScanState and LoadState: + +- **ScanState.exe.** This performs the user-state backup. + +- **LoadState.exe.** This performs the user-state restore. + +- **UsmtUtils.exe.** This supplements the functionality in ScanState.exe and LoadState.exe. + +In addition to these tools, there are also XML templates that manage which data is migrated. You can customize the templates, or create new ones, to manage the backup process at a high level of detail. USMT uses the following terms for its templates: + +- **Migration templates.** The default templates in USMT. + +- **Custom templates.** Custom templates that you create. + +- **Config template.** An optional template, called Config.xml, which you can use to exclude or include components in a migration without modifying the other standard XML templates. + +![figure 3](images/mdt-11-fig06.png) + +Figure 3. A sample USMT migration file that will exclude .MP3 files on all local drives and include the folder C:\\Data and all its files, including its subdirectories and their files. + +USMT supports capturing data and settings from Windows Vista and later, and restoring the data and settings to Windows 7 and later (including Windows 10 in both cases). It also supports migrating from a 32-bit operating system to a 64-bit operating system, but not the other way around. For example, you can use USMT to migrate from Windows 7 x86 to Windows 10 x64. + +By default USMT migrates many settings, most of which are related to the user profile but also to Control Panel configurations, file types, and more. The default templates that are used in Windows 10 deployments are MigUser.xml and MigApp.xml. These two default templates migrate the following data and settings: + +- Folders from each profile, including those from user profiles as well as shared and public profiles. For example, the My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites folders are migrated. + +- Specific file types. USMT templates migrate the following file types: .accdb, .ch3, .csv, .dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*. + + **Note**   + The OpenDocument extensions (\*.odt, \*.odp, \*.ods, etc.) that Microsoft Office applications can use are not migrated by default. + + + +- Operating system component settings + +- Application settings + +These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more details on what USMT migrates, see [What does USMT migrate?](https://go.microsoft.com/fwlink/p/?LinkId=619227) For more information on the USMT overall, see the [USMT technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619228). + +### Windows Imaging and Configuration Designer + +Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device (PCs, tablets, and phones). This is particularly useful for setting up new devices, without the need for re-imaging the device with a custom image. + +![figure 4](images/windows-icd.png) + +Figure 4. Windows Imaging and Configuration Designer. + +For more information, see [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkID=525483). + +### Windows System Image Manager (Windows SIM) + +Windows SIM is an authoring tool for Unattend.xml files. When using MDT and/or Configuration Manager, you don’t need Windows SIM very often because those systems automatically update the Unattend.xml file during the deployment, greatly simplifying the process overall. + +![figure 7](images/mdt-11-fig07.png) + +Figure 5. Windows answer file opened in Windows SIM. + +For more information, see [Windows System Image Manager Technical Reference]( https://go.microsoft.com/fwlink/p/?LinkId=619906). + +### Volume Activation Management Tool (VAMT) + +If you don’t use KMS, you can still manage your MAKs centrally with the Volume Activation Management Tool (VAMT). With this tool, you can install and manage product keys throughout the organization. VAMT also can activate on behalf of clients without Internet access, acting as a MAK proxy. + +![figure 6](images/mdt-11-fig08.png) + +Figure 6. The updated Volume Activation Management Tool. + +VAMT also can be used to create reports, switch from MAK to KMS, manage Active Directory-based activation, and manage Office 2010 and Office 2013 volume activation. VAMT also supports PowerShell (instead of the old command-line tool). For example, if you want to get information from the VAMT database, you can type: + +``` syntax +Get-VamtProduct +``` + +For more information on the VAMT, see [VAMT technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619230). + +### Windows Preinstallation Environment (Windows PE) + +Windows PE is a “Lite” version of Windows 10 and was created to act as a deployment platform. Windows PE replaces the DOS or Linux boot disks that ruled the deployment solutions of the last decade. + +The key thing to know about Windows PE is that, like the operating system, it needs drivers for at least network and storage devices in each PC. Luckily Windows PE includes the same drivers as the full Windows 10 operating system, which means much of your hardware will work out of the box. + +![figure 7](images/mdt-11-fig09.png) + +Figure 7. A machine booted with the Windows ADK default Windows PE boot image. + +For more details on Windows PE, see [Windows PE (WinPE)](https://go.microsoft.com/fwlink/p/?LinkId=619233). + +## Windows Recovery Environment + + +Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset included in Windows Vista and later operating systems. The latest version of Windows RE is based on Windows PE. You can also extend Windows RE and add your own tools if needed. If a Windows installation fails to start and Windows RE is installed, you will see an automatic failover into Windows RE. + +![figure 8](images/mdt-11-fig10.png) + +Figure 8. A Windows 10 client booted into Windows RE, showing Advanced options. + +For more information on Windows RE, see [Windows Recovery Environment](https://go.microsoft.com/fwlink/p/?LinkId=619236). + +## Windows Deployment Services + + +Windows Deployment Services (WDS) has been updated and improved in several ways starting with Windows 8. Remember that the two main functions you will use are the PXE boot support and multicast. Most of the changes are related to management and increased performance. In Windows Server 2012 R2, WDS also can be used for the Network Unlock feature in BitLocker. + +![figure 9](images/mdt-11-fig11.png) + +Figure 9. Windows Deployment Services using multicast to deploy three machines. + +In Windows Server 2012 R2, [Windows Deployment Services](https://go.microsoft.com/fwlink/p/?LinkId=619245) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you will use them instead. In WDS, it is possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management. + +### Trivial File Transfer Protocol (TFTP) configuration + +In some cases, you need to modify TFTP Maximum Block Size settings for performance tuning reasons, especially when PXE traffic travels through routers and such. In the previous version of WDS, it was possible to change that, but the method of do so—editing the registry—was not user friendly. In Windows Server 2012, this has become much easier to do as it can be configured as a setting. + +Also, there are a few new features related to TFTP performance: + +- **Scalable buffer management.** Allows buffering an entire file instead of a fixed-size buffer for each client, enabling different sessions to read from the same shared buffer. + +- **Scalable port management.** Provides the capability to service clients with shared UDP port allocation, increasing scalability. + +- **Variable-size transmission window (Variable Windows Extension).** Improves TFTP performance by allowing the client and server to determine the largest workable window size. + +![figure 10](images/mdt-11-fig12.png) + +Figure 10. TFTP changes are now easy to perform. + +## Microsoft Deployment Toolkit + + +MDT is a free deployment solution from Microsoft. It provides end-to-end guidance, best practices, and tools for planning, building, and deploying Windows operating systems. MDT builds on top of the core deployment tools in the Windows ADK by contributing guidance, reducing complexity, and adding critical features for an enterprise-ready deployment solution. + +MDT has two main parts: the first is Lite Touch, which is a stand-alone deployment solution; the second is Zero Touch, which is an extension to System Center 2012 R2 Configuration Manager. + +**Note**   +Lite Touch and Zero Touch are marketing names for the two solutions that MDT supports, and the naming has nothing to do with automation. You can fully automate the stand-alone MDT solution (Lite Touch), and you can configure the solution integration with Configuration Manager to prompt for information. + + + +![figure 11](images/mdt-11-fig13.png) + +Figure 11. The Deployment Workbench in, showing a task sequence. + +For more information on MDT, see the [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=618117) resource center. + +## Microsoft Security Compliance Manager 2013 + + +[Microsoft SCM](https://go.microsoft.com/fwlink/p/?LinkId=619246) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer. + +![figure 12](images/mdt-11-fig14.png) + +Figure 12. The SCM console showing a baseline configuration for a fictional client's computer security compliance. + +## Microsoft Desktop Optimization Pack + + +MDOP is a suite of technologies available to Software Assurance customers through an additional subscription. + +The following components are included in the MDOP suite: + +- **Microsoft Application Virtualization (App-V).** App-V 5.0 provides an integrated platform, more flexible virtualization, and powerful management for virtualized applications. With the release of App-V 5.0 SP3, you have support to run virtual applications on Windows 10. + +- **Microsoft User Experience Virtualization (UE-V).** UE-V monitors the changes that are made by users to application settings and Windows operating system settings. The user settings are captured and centralized to a settings storage location. These settings can then be applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. + +- **Microsoft Advanced Group Policy Management (AGPM).** AGPM enables advanced management of Group Policy objects by providing change control, offline editing, and role-based delegation. + +- **Microsoft Diagnostics and Recovery Toolset (DaRT).** DaRT provides additional tools that extend Windows RE to help you troubleshoot and repair your machines. + +- **Microsoft BitLocker Administration and Monitoring (MBAM).** MBAM is an administrator interface used to manage BitLocker drive encryption. It allows you to configure your enterprise with the correct BitLocker encryption policy options, as well as monitor compliance with these policies. + +For more information on the benefits of an MDOP subscription, see [Microsoft Desktop Optimization Pack](https://go.microsoft.com/fwlink/p/?LinkId=619247). + +## Internet Explorer Administration Kit 11 + + +There has been a version of IEAK for every version of Internet Explorer since 3.0. It gives you the capability to customize Internet Explorer as you would like. The end result of using IEAK is an Internet Explorer package that can be deployed unattended. The wizard creates one .exe file and one .msi file. + +![figure 13](images/mdt-11-fig15.png) + +Figure 13. The User Experience selection screen in IEAK 11. + +To download IEAK 11, see the [Internet Explorer Administration Kit (IEAK) Information and Downloads](https://go.microsoft.com/fwlink/p/?LinkId=619248) page. + +## Windows Server Update Services + + +WSUS is a server role in Windows Server 2012 R2 that enables you to maintain a local repository of Microsoft updates and then distribute them to machines on your network. WSUS offers approval control and reporting of update status in your environment. + +![figure 14](images/mdt-11-fig16.png) + +Figure 14. The Windows Server Update Services console. + +For more information on WSUS, see the [Windows Server Update Services Overview](https://go.microsoft.com/fwlink/p/?LinkId=619249). + +## Unified Extensible Firmware Interface + + +For many years BIOS has been the industry standard for booting a PC. BIOS has served us well, but it is time to replace it with something better. **UEFI** is the replacement for BIOS, so it is important to understand the differences between BIOS and UEFI. In this section, you learn the major differences between the two and how they affect operating system deployment. + +### Introduction to UEFI + +BIOS has been in use for approximately 30 years. Even though it clearly has proven to work, it has some limitations, including: + +- 16-bit code + +- 1 MB address space + +- Poor performance on ROM initialization + +- MBR maximum bootable disk size of 2.2 TB + +As the replacement to BIOS, UEFI has many features that Windows can and will use. + +With UEFI, you can benefit from: + +- **Support for large disks.** UEFI requires a GUID Partition Table (GPT) based disk, which means a limitation of roughly 16.8 million TB in disk size and more than 100 primary disks. + +- **Faster boot time.** UEFI does not use INT 13, and that improves boot time, especially when it comes to resuming from hibernate. + +- **Multicast deployment.** UEFI firmware can use multicast directly when it boots up. In WDS, MDT, and Configuration Manager scenarios, you need to first boot up a normal Windows PE in unicast and then switch into multicast. With UEFI, you can run multicast from the start. + +- **Compatibility with earlier BIOS.** Most of the UEFI implementations include a compatibility support module (CSM) that emulates BIOS. + +- **CPU-independent architecture.** Even if BIOS can run both 32- and 64-bit versions of firmware, all firmware device drivers on BIOS systems must also be 16-bit, and this affects performance. One of the reasons is the limitation in addressable memory, which is only 64 KB with BIOS. + +- **CPU-independent drivers.** On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. That is not needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images, which allow for a processor-independent device driver environment. + +- **Flexible pre-operating system environment.** UEFI can perform many functions for you. You just need an UEFI application, and you can perform diagnostics and automatic repairs, and call home to report errors. + +- **Secure boot.** Windows 8 and later can use the UEFI firmware validation process, called secure boot, which is defined in UEFI 2.3.1. Using this process, you can ensure that UEFI launches only a verified operating system loader and that malware cannot switch the boot loader. + +### Versions + +UEFI Version 2.3.1B is the version required for Windows 8 and later logo compliance. Later versions have been released to address issues; a small number of machines may need to upgrade their firmware to fully support the UEFI implementation in Windows 8 and later. + +### Hardware support for UEFI + +In regard to UEFI, hardware is divided into four device classes: + +- **Class 0 devices.** This is the UEFI definition for a BIOS, or non-UEFI, device. + +- **Class 1 devices.** These devices behave like a standard BIOS machine, but they run EFI internally. They should be treated as normal BIOS-based machines. Class 1 devices use a CSM to emulate BIOS. These older devices are no longer manufactured. + +- **Class 2 devices.** These devices have the capability to behave as a BIOS- or a UEFI-based machine, and the boot process or the configuration in the firmware/BIOS determines the mode. Class 2 devices use a CSM to emulate BIOS. These are the most common type of devices currently available. + +- **Class 3 devices.** These are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 is not supported on these class 3 devices. Class 3 devices do not have a CSM to emulate BIOS. + +### Windows support for UEFI + +Microsoft started with support for EFI 1.10 on servers and then added support for UEFI on both clients and servers. + +With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI does not support cross-platform boot. This means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system. + +### How UEFI is changing operating system deployment + +There are many things that affect operating system deployment as soon as you run on UEFI/EFI-based hardware. Here are considerations to keep in mind when working with UEFI devices: + +- Switching from BIOS to UEFI in the hardware is easy, but you also need to reinstall the operating system because you need to switch from MBR/NTFS to GPT/FAT32 and NTFS. + +- When you deploy to a Class 2 device, make sure the boot option you select matches the setting you want to have. It is common for old machines to have several boot options for BIOS but only a few for UEFI, or vice versa. + +- When deploying from media, remember the media has to be FAT32 for UEFI, and FAT32 has a file-size limitation of 4GB. + +- UEFI does not support cross-platform booting; therefore, you need to have the correct boot media (32- or 64-bit). + +For more information on UEFI, see the [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619251) overview and related resources. + +## Related topics + + + + +[Deploy Windows To Go](deploy-windows-to-go.md) + +[Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10) + +[Windows ADK for Windows 10 scenarios for IT pros](windows-adk-scenarios-for-it-pros.md) + + + + + + + + + diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index acef50c475..aed5ac00b0 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -36,12 +36,12 @@ At Microsoft, we use Windows diagnostic data to inform our decisions and focus o To frame a discussion about diagnostic data, it is important to understand Microsoft’s privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows diagnostic data system in the following ways: -- **Control.** We offer customers control of the diagnostic data they share with us by providing easy-to-use management tools. -- **Transparency.** We provide information about the diagnostic data that Windows and Windows Server collects so our customers can make informed decisions. -- **Security.** We encrypt diagnostic data in transit from your device via TLS 1.2, and additionally use certificate pinning to secure the connection. -- **Strong legal protections.** We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right. -- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows diagnostic data system. Customer content inadvertently collected is kept confidential and not used for user targeting. -- **Benefits to you.** We collect Windows diagnostic data to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers. +- **Control.** We offer customers control of the diagnostic data they share with us by providing easy-to-use management tools. +- **Transparency.** We provide information about the diagnostic data that Windows and Windows Server collects so our customers can make informed decisions. +- **Security.** We encrypt diagnostic data in transit from your device via TLS 1.2, and additionally use certificate pinning to secure the connection. +- **Strong legal protections.** We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right. +- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows diagnostic data system. Customer content inadvertently collected is kept confidential and not used for user targeting. +- **Benefits to you.** We collect Windows diagnostic data to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers. In previous versions of Windows and Windows Server, Microsoft used diagnostic data to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server, you can control diagnostic data streams by using the Privacy option in Settings, Group Policy, or MDM. @@ -56,16 +56,16 @@ The release cadence of Windows may be fast, so feedback is critical to its succe ### What is Windows diagnostic data? Windows diagnostic data is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways: -- Keep Windows up to date -- Keep Windows secure, reliable, and performant -- Improve Windows – through the aggregate analysis of the use of Windows -- Personalize Windows engagement surfaces +- Keep Windows up to date +- Keep Windows secure, reliable, and performant +- Improve Windows – through the aggregate analysis of the use of Windows +- Personalize Windows engagement surfaces Here are some specific examples of Windows diagnostic data: -- Type of hardware being used -- Applications installed and usage details -- Reliability information on device drivers +- Type of hardware being used +- Applications installed and usage details +- Reliability information on device drivers ### What is NOT diagnostic data? @@ -96,9 +96,9 @@ There was a version of a video driver that was crashing on some devices running Windows diagnostic data also helps Microsoft better understand how customers use (or do not use) the operating system’s features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers’ experiences. Examples are: -- **Start menu.** How do people change the Start menu layout? Do they pin other apps to it? Are there any apps that they frequently unpin? We use this dataset to adjust the default Start menu layout to better reflect people’s expectations when they turn on their device for the first time. -- **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance. -- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature. +- **Start menu.** How do people change the Start menu layout? Do they pin other apps to it? Are there any apps that they frequently unpin? We use this dataset to adjust the default Start menu layout to better reflect people’s expectations when they turn on their device for the first time. +- **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance. +- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature. **These examples show how the use of diagnostic data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.** diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index 8577fea884..6f5daf90d1 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -44,8 +44,8 @@ Before you can use this tool for viewing Windows diagnostic data, you must turn ### Download the Diagnostic Data Viewer Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. - >[!Important] - >It's possible that your Windows machine may not have the Microsoft Store available (e.g. Windows Server). If this is the case, please check out [Diagnostic Data Viewer for PowerShell](https://go.microsoft.com/fwlink/?linkid=2094264). + >[!Important] + >It's possible that your Windows device doesn't have the Microsoft Store available (for example, Windows Server). If this is the case, see [Diagnostic Data Viewer for PowerShell](https://go.microsoft.com/fwlink/?linkid=2023830). ### Start the Diagnostic Data Viewer You can start this app from the **Settings** panel. diff --git a/windows/privacy/gdpr-win10-whitepaper.md b/windows/privacy/gdpr-win10-whitepaper.md index 4797029729..3ad1a4a14e 100644 --- a/windows/privacy/gdpr-win10-whitepaper.md +++ b/windows/privacy/gdpr-win10-whitepaper.md @@ -105,11 +105,11 @@ A key provision within the GDPR is data protection by design and by default, and The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can: -- Generate, store, and limit the use of cryptographic keys. +- Generate, store, and limit the use of cryptographic keys. -- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into itself. +- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into itself. -- Help to ensure platform integrity by taking and storing security measurements. +- Help to ensure platform integrity by taking and storing security measurements. Additional advanced device protection relevant to your operating without data breaches include Windows Trusted Boot to help maintain the integrity of the system by ensuring malware is unable to start before system defenses. diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md index 4f007d6da6..ae5da4bba4 100644 --- a/windows/privacy/manage-windows-1709-endpoints.md +++ b/windows/privacy/manage-windows-1709-endpoints.md @@ -23,11 +23,11 @@ ms.reviewer: Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include: -- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. -- Connecting to email servers to send and receive email. -- Connecting to the web for every day web browsing. -- Connecting to the cloud to store and access backups. -- Using your location to show a weather forecast. +- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. +- Connecting to email servers to send and receive email. +- Connecting to the web for every day web browsing. +- Connecting to the cloud to store and access backups. +- Using your location to show a weather forecast. This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md index c8c4bffe0c..2ad044d990 100644 --- a/windows/privacy/manage-windows-1803-endpoints.md +++ b/windows/privacy/manage-windows-1803-endpoints.md @@ -23,11 +23,11 @@ ms.reviewer: Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include: -- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. -- Connecting to email servers to send and receive email. -- Connecting to the web for every day web browsing. -- Connecting to the cloud to store and access backups. -- Using your location to show a weather forecast. +- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. +- Connecting to email servers to send and receive email. +- Connecting to the web for every day web browsing. +- Connecting to the cloud to store and access backups. +- Using your location to show a weather forecast. This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index 2f2f90b82d..f574f6409d 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -23,11 +23,11 @@ ms.reviewer: Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include: -- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. -- Connecting to email servers to send and receive email. -- Connecting to the web for every day web browsing. -- Connecting to the cloud to store and access backups. -- Using your location to show a weather forecast. +- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. +- Connecting to email servers to send and receive email. +- Connecting to the web for every day web browsing. +- Connecting to the cloud to store and access backups. +- Using your location to show a weather forecast. This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index 5400e152f2..01c084966d 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -22,11 +22,11 @@ ms.date: 5/3/2019 Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include: -- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. -- Connecting to email servers to send and receive email. -- Connecting to the web for every day web browsing. -- Connecting to the cloud to store and access backups. -- Using your location to show a weather forecast. +- Connecting to Microsoft Office and Windows sites to download the latest app and security updates. +- Connecting to email servers to send and receive email. +- Connecting to the web for every day web browsing. +- Connecting to the cloud to store and access backups. +- Using your location to show a weather forecast. This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml index 048946f759..ab7065d60a 100644 --- a/windows/release-information/resolved-issues-windows-10-1507.yml +++ b/windows/release-information/resolved-issues-windows-10-1507.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -53,6 +54,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 10240.18244

      June 11, 2019
      KB4503291      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

      See details >      		OS Build 10240.18244

      June 11, 2019
      KB4503291      		Resolved
      KB4507458      		July 09, 2019
      10:00 AM PT
      Unable to access some gov.uk websites
      gov.uk websites that don’t support “HSTS” may not be accessible

      See details >      		OS Build 10240.18215

      May 14, 2019
      KB4499154      		Resolved
      KB4505051      		May 19, 2019
      02:00 PM PT
      Embedded objects may display incorrectly
      Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

      See details >      		OS Build 10240.18132

      February 12, 2019
      KB4487018      		Resolved
      KB4493475      		April 09, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 10240.18244

      June 11, 2019
      KB4503291      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index c20d9b33f0..2c0de867c7 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -65,6 +66,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 14393.3025

      June 11, 2019
      KB4503267      		Resolved External
      		August 09, 2019
      04:25 PM PT
      SCVMM cannot enumerate and manage logical switches deployed on the host
      For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

      See details >      		OS Build 14393.2639

      November 27, 2018
      KB4467684      		Resolved
      KB4507459      		July 16, 2019
      10:00 AM PT
      Some applications may fail to run as expected on clients of AD FS 2016
      Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

      See details >      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Resolved
      KB4507459      		July 16, 2019
      10:00 AM PT
      Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
      Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

      See details >      		OS Build 14393.2969

      May 14, 2019
      KB4494440      		Resolved
      KB4507460      		July 09, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 14393.3025

      June 11, 2019
      KB4503267      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index b87928c05d..3401b26fdf 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -58,6 +59,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 15063.1868

      June 11, 2019
      KB4503279      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
      Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

      See details >      		OS Build 15063.1805

      May 14, 2019
      KB4499181      		Resolved
      KB4507450      		July 09, 2019
      10:00 AM PT
      Difficulty connecting to some iSCSI-based SANs
      Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

      See details >      		OS Build 15063.1839

      May 28, 2019
      KB4499162      		Resolved
      KB4509476      		June 26, 2019
      04:00 PM PT
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

      See details >      		OS Build 15063.1868

      June 11, 2019
      KB4503279      		Resolved
      KB4503289      		June 18, 2019
      02:00 PM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 15063.1868

      June 11, 2019
      KB4503279      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index cd92b2d492..d2b59916e7 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -59,6 +60,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 16299.1217

      June 11, 2019
      KB4503284      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Difficulty connecting to some iSCSI-based SANs
      Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

      See details >      		OS Build 16299.1182

      May 28, 2019
      KB4499147      		Resolved
      KB4509477      		June 26, 2019
      04:00 PM PT
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

      See details >      		OS Build 16299.1217

      June 11, 2019
      KB4503284      		Resolved
      KB4503281      		June 18, 2019
      02:00 PM PT
      Opening Internet Explorer 11 may fail
      Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

      See details >      		OS Build 16299.1182

      May 28, 2019
      KB4499147      		Resolved
      KB4503284      		June 11, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 16299.1217

      June 11, 2019
      KB4503284      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index 7174542746..24ad1254f2 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -59,6 +60,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Difficulty connecting to some iSCSI-based SANs
      Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

      See details >      		OS Build 17134.799

      May 21, 2019
      KB4499183      		Resolved
      KB4509478      		June 26, 2019
      04:00 PM PT
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

      See details >      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Resolved
      KB4503288      		June 18, 2019
      02:00 PM PT
      Opening Internet Explorer 11 may fail
      Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

      See details >      		OS Build 17134.799

      May 21, 2019
      KB4499183      		Resolved
      KB4503286      		June 11, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index 0d43d708e8..f2dc569ffb 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -71,6 +72,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Difficulty connecting to some iSCSI-based SANs
      Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

      See details >      		OS Build 17763.529

      May 21, 2019
      KB4497934      		Resolved
      KB4509479      		June 26, 2019
      04:00 PM PT
      Devices with Realtek Bluetooth radios drivers may not pair or connect as expected
      Devices with some Realtek Bluetooth radios drivers, in some circumstances, may have issues pairing or connecting to devices.

      See details >      		OS Build 17763.503

      May 14, 2019
      KB4494441      		Resolved
      KB4501371      		June 18, 2019
      02:00 PM PT
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

      See details >      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Resolved
      KB4501371      		June 18, 2019
      02:00 PM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index 4e7aae8a05..ad7c9065b6 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -52,6 +53,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 18362.175

      June 11, 2019
      KB4503293      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Display brightness may not respond to adjustments
      Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

      See details >      		OS Build 18362.116

      May 21, 2019
      KB4505057      		Resolved
      KB4505903      		July 26, 2019
      02:00 PM PT
      RASMAN service may stop working and result in the error “0xc0000005”
      The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Resolved
      KB4505903      		July 26, 2019
      02:00 PM PT
      Loss of functionality in Dynabook Smartphone Link app
      After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

      See details >      		OS Build 18362.116

      May 20, 2019
      KB4505057      		Resolved
      		July 11, 2019
      01:54 PM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 18362.175

      June 11, 2019
      KB4503293      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 8d0678c091..33a6733fd2 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -60,6 +61,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		June 11, 2019
      KB4503292      		Resolved External
      		August 09, 2019
      04:25 PM PT
      IE11 may stop working when loading or interacting with Power BI reports
      Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

      See details >      		May 14, 2019
      KB4499164      		Resolved
      KB4503277      		June 20, 2019
      02:00 PM PT
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

      See details >      		June 11, 2019
      KB4503292      		Resolved
      KB4503277      		June 20, 2019
      02:00 PM PT
      Unable to access some gov.uk websites
      gov.uk websites that don’t support “HSTS” may not be accessible

      See details >      		May 14, 2019
      KB4499164      		Resolved
      KB4505050      		May 18, 2019
      02:00 PM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		June 11, 2019
      KB4503292      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index dc386260cc..9bf1ac9d82 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -61,6 +62,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		June 11, 2019
      KB4503276      		Resolved External
      		August 09, 2019
      04:25 PM PT
      IE11 may stop working when loading or interacting with Power BI reports
      Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

      See details >      		May 14, 2019
      KB4499151      		Resolved
      KB4503283      		June 20, 2019
      02:00 PM PT
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

      See details >      		June 11, 2019
      KB4503276      		Resolved
      KB4503283      		June 20, 2019
      02:00 PM PT
      Issue using PXE to start a device from WDS
      There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

      See details >      		March 12, 2019
      KB4489881      		Resolved
      KB4503276      		June 11, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		June 11, 2019
      KB4503276      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index 1a7ffb0d7a..aeb08c2fd5 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -52,6 +53,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		June 11, 2019
      KB4503273      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

      See details >      		June 11, 2019
      KB4503273      		Resolved
      KB4503271      		June 20, 2019
      02:00 PM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493471      		Resolved
      		May 14, 2019
      01:21 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493471      		Resolved
      		May 14, 2019
      01:19 PM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		June 11, 2019
      KB4503273      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index b46a4674bf..532b8144c8 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -59,6 +60,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		June 11, 2019
      KB4503285      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Some devices and generation 2 Hyper-V VMs may have issues installing updates
      Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

      See details >      		June 11, 2019
      KB4503285      		Resolved
      KB4503295      		June 21, 2019
      02:00 PM PT
      IE11 may stop working when loading or interacting with Power BI reports
      Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

      See details >      		May 14, 2019
      KB4499171      		Resolved
      KB4503295      		June 21, 2019
      02:00 PM PT
      Event Viewer may close or you may receive an error when using Custom Views
      When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

      See details >      		June 11, 2019
      KB4503285      		Resolved
      KB4503295      		June 20, 2019
      02:00 PM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		June 11, 2019
      KB4503285      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: June 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 88f03f07b7..010cb9d55b 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      +
      SummaryOriginating updateStatusLast updated
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 10240.18244

      June 11, 2019
      KB4503291      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 10240.18094

      January 08, 2019
      KB4480962      		Mitigated
      		April 25, 2019
      02:00 PM PT
      " @@ -71,6 +72,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " + + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 10240.18244

      June 11, 2019
      KB4503291      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 0f3ce76fc4..a554e88e9e 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,8 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - + + @@ -84,6 +85,7 @@ sections: - type: markdown text: "
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 14393.3115

      July 16, 2019
      KB4507459      		Investigating
      		August 08, 2019
      03:14 PM PT
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 14393.3025

      June 11, 2019
      KB4503267      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 14393.3115

      July 16, 2019
      KB4507459      		Investigating
      		August 08, 2019
      07:18 PM PT
      Apps and scripts using the NetQueryDisplayInformation API may fail with error
      Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

      See details >      		OS Build 14393.3053

      June 18, 2019
      KB4503294      		Investigating
      		August 01, 2019
      05:00 PM PT
      Internet Explorer 11 and apps using the WebBrowser control may fail to render
      JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

      See details >      		OS Build 14393.3085

      July 09, 2019
      KB4507460      		Mitigated
      		July 26, 2019
      04:58 PM PT
      SCVMM cannot enumerate and manage logical switches deployed on the host
      For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

      See details >      		OS Build 14393.2639

      November 27, 2018
      KB4467684      		Resolved
      KB4507459      		July 16, 2019
      10:00 AM PT
      +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 14393.3025

      June 11, 2019
      KB4503267      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      Apps and scripts using the NetQueryDisplayInformation API may fail with error
       Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

      Affected platforms:
      • Server: Windows Server 2019; Windows Server 2016
      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 14393.3053

      June 18, 2019
      KB4503294      		Investigating
      		Last updated:
      August 01, 2019
      05:00 PM PT

      Opened:
      August 01, 2019
      05:00 PM PT
      " @@ -94,7 +96,7 @@ sections: text: " +

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top
      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 14393.3115

      July 16, 2019
      KB4507459      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      OS Build 14393.3115

      July 16, 2019
      KB4507459      		Investigating
      		Last updated:
      August 08, 2019
      07:18 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Internet Explorer 11 and apps using the WebBrowser control may fail to render
      Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

      Affected platforms:
      • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server 2016
      Workaround: To mitigate this issue, you need to Enable Script Debugging using one of the following ways.

      You can configure the below registry key:
      Registry setting: HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main
      Value: Disable Script Debugger
      Type: REG_SZ
      Data: no

      Or you can Enable Script Debugging in Internet Settings. You can open Internet Setting by either typing Internet Settings into the search box on Windows or by selecting Internet Options in Internet Explorer. Once open, select Advanced then Browsing and finally, select Enable Script Debugging.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 14393.3085

      July 09, 2019
      KB4507460      		Mitigated
      		Last updated:
      July 26, 2019
      04:58 PM PT

      Opened:
      July 26, 2019
      04:58 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

      Affected platforms:
      • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
      Workaround:
      To mitigate this issue on an SCCM server:
      1. Verify Variable Window Extension is enabled.
      2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
      Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

      To mitigate this issue on a WDS server without SCCM:
      1. In WDS TFTP settings, verify Variable Window Extension is enabled.
      2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
      3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
      Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 14393.3025

      June 11, 2019
      KB4503267      		Mitigated
      		Last updated:
      July 10, 2019
      07:09 PM PT

      Opened:
      July 10, 2019
      02:51 PM PT
      diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index c8b0808465..58b6047c36 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,8 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - + +
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 15063.1955

      July 16, 2019
      KB4507467      		Investigating
      		August 08, 2019
      03:14 PM PT
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 15063.1868

      June 11, 2019
      KB4503279      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 15063.1955

      July 16, 2019
      KB4507467      		Investigating
      		August 08, 2019
      07:18 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 15063.1563

      January 08, 2019
      KB4480973      		Mitigated
      		April 25, 2019
      02:00 PM PT
      " @@ -72,13 +73,22 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " + + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 15063.1868

      June 11, 2019
      KB4503279      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: July 2019 - items: - type: markdown text: " +

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top
      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 15063.1955

      July 16, 2019
      KB4507467      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      OS Build 15063.1955

      July 16, 2019
      KB4507467      		Investigating
      		Last updated:
      August 08, 2019
      07:18 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index c251b85868..279e20ebd2 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,8 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - + +
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 16299.1296

      July 16, 2019
      KB4507465      		Investigating
      		August 08, 2019
      03:14 PM PT
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 16299.1217

      June 11, 2019
      KB4503284      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 16299.1296

      July 16, 2019
      KB4507465      		Investigating
      		August 08, 2019
      07:18 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		OS Build 16299.1217

      June 11, 2019
      KB4503284      		Mitigated
      		July 10, 2019
      07:09 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 16299.904

      January 08, 2019
      KB4480978      		Mitigated
      		April 25, 2019
      02:00 PM PT
      @@ -73,13 +74,22 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " + + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 16299.1217

      June 11, 2019
      KB4503284      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: July 2019 - items: - type: markdown text: " +

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top
      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 16299.1296

      July 16, 2019
      KB4507465      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      OS Build 16299.1296

      July 16, 2019
      KB4507465      		Investigating
      		Last updated:
      August 08, 2019
      07:18 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

      Affected platforms:
      • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
      Workaround:
      To mitigate this issue on an SCCM server:
      1. Verify Variable Window Extension is enabled.
      2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
      Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

      To mitigate this issue on a WDS server without SCCM:
      1. In WDS TFTP settings, verify Variable Window Extension is enabled.
      2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
      3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
      Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 16299.1217

      June 11, 2019
      KB4503284      		Mitigated
      		Last updated:
      July 10, 2019
      07:09 PM PT

      Opened:
      July 10, 2019
      02:51 PM PT
      " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 0b63a46c96..ab543899da 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,8 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - + + @@ -79,13 +80,22 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 17134.915

      July 16, 2019
      KB4507466      		Investigating
      		August 08, 2019
      03:14 PM PT
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 17134.915

      July 16, 2019
      KB4507466      		Investigating
      		August 08, 2019
      07:18 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Mitigated
      		July 10, 2019
      07:09 PM PT
      Startup to a black screen after installing updates
      Your device may startup to a black screen during the first logon after installing updates.

      See details >      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Mitigated
      		June 14, 2019
      04:41 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 17134.523

      January 08, 2019
      KB4480966      		Mitigated
      		April 25, 2019
      02:00 PM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: July 2019 - items: - type: markdown text: " +

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top
      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 17134.915

      July 16, 2019
      KB4507466      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      OS Build 17134.915

      July 16, 2019
      KB4507466      		Investigating
      		Last updated:
      August 08, 2019
      07:18 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

      Affected platforms:
      • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
      Workaround:
      To mitigate this issue on an SCCM server:
      1. Verify Variable Window Extension is enabled.
      2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
      Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

      To mitigate this issue on a WDS server without SCCM:
      1. In WDS TFTP settings, verify Variable Window Extension is enabled.
      2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
      3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
      Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 17134.829

      June 11, 2019
      KB4503286      		Mitigated
      		Last updated:
      July 10, 2019
      07:09 PM PT

      Opened:
      July 10, 2019
      02:51 PM PT
      " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 7e07f5c970..d67d705cf0 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,8 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - + + @@ -85,6 +86,7 @@ sections: - type: markdown text: "
      SummaryOriginating updateStatusLast updated
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 17763.652

      July 22, 2019
      KB4505658      		Investigating
      		August 08, 2019
      03:14 PM PT
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 17763.652

      July 22, 2019
      KB4505658      		Investigating
      		August 08, 2019
      07:18 PM PT
      Apps and scripts using the NetQueryDisplayInformation API may fail with error
      Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

      See details >      		OS Build 17763.55

      October 09, 2018
      KB4464330      		Investigating
      		August 01, 2019
      05:00 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Mitigated
      		July 10, 2019
      07:09 PM PT
      Startup to a black screen after installing updates
      Your device may startup to a black screen during the first logon after installing updates.

      See details >      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Mitigated
      		June 14, 2019
      04:41 PM PT
      +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      Apps and scripts using the NetQueryDisplayInformation API may fail with error
       Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

      Affected platforms:
      • Server: Windows Server 2019; Windows Server 2016
      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 17763.55

      October 09, 2018
      KB4464330      		Investigating
      		Last updated:
      August 01, 2019
      05:00 PM PT

      Opened:
      August 01, 2019
      05:00 PM PT
      " @@ -95,7 +97,7 @@ sections: text: " +

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top
      DetailsOriginating updateStatusHistory
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 17763.652

      July 22, 2019
      KB4505658      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      OS Build 17763.652

      July 22, 2019
      KB4505658      		Investigating
      		Last updated:
      August 08, 2019
      07:18 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

      Affected platforms:
      • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
      Workaround:
      To mitigate this issue on an SCCM server:
      1. Verify Variable Window Extension is enabled.
      2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
      Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

      To mitigate this issue on a WDS server without SCCM:
      1. In WDS TFTP settings, verify Variable Window Extension is enabled.
      2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
      3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
      Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 17763.557

      June 11, 2019
      KB4503327      		Mitigated
      		Last updated:
      July 10, 2019
      07:09 PM PT

      Opened:
      July 10, 2019
      02:51 PM PT
      " diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 270f97ec5b..1eff433b4f 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,8 +65,9 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - - + + + @@ -91,14 +92,23 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusLast updated
      Issues updating when certain versions of Intel storage drivers are installed
      Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Mitigated External
      		August 08, 2019
      05:50 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		August 08, 2019
      03:14 PM PT
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		OS Build 18362.175

      June 11, 2019
      KB4503293      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Issues updating when certain versions of Intel storage drivers are installed
      Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Mitigated External
      		August 09, 2019
      02:20 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

      See details >      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		August 08, 2019
      07:18 PM PT
      Intermittent loss of Wi-Fi connectivity
      Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

      See details >      		OS Build 18362.116

      May 21, 2019
      KB4505057      		Mitigated External
      		August 01, 2019
      08:44 PM PT
      Gamma ramps, color profiles, and night light settings do not apply in some cases
      Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

      See details >      		OS Build 18362.116

      May 21, 2019
      KB4505057      		Mitigated
      		August 01, 2019
      06:27 PM PT
      Display brightness may not respond to adjustments
      Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

      See details >      		OS Build 18362.116

      May 21, 2019
      KB4505057      		Resolved
      KB4505903      		July 26, 2019
      02:00 PM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		OS Build 18362.175

      June 11, 2019
      KB4503293      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: July 2019 - items: - type: markdown text: " - + +

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 23ba82cf44..88c5129963 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      DetailsOriginating updateStatusHistory
      Issues updating when certain versions of Intel storage drivers are installed
      Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

      To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

      Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

      Affected platforms:
      • Client: Windows 10, version 1903
      • Server: Windows Server, version 1903
      Next steps: To resolve this issue, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for the May 2019 Update. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

      Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Mitigated External
      		Last updated:
      August 08, 2019
      05:50 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Issues updating when certain versions of Intel storage drivers are installed
      Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

      To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

      Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

      Affected platforms:
      • Client: Windows 10, version 1903
      • Server: Windows Server, version 1903
      Workaround: To mitigate this issue before the resolution is released, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

      Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

      Next Steps: We are working on a resolution and estimate a solution will be available in late August.

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Mitigated External
      		Last updated:
      August 09, 2019
      02:20 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      Domain connected devices that use MIT Kerberos realms will not start up
      Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

      To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

      Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
      HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
      Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		Last updated:
      August 08, 2019
      03:14 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		Last updated:
      August 08, 2019
      07:18 PM PT

      Opened:
      July 25, 2019
      06:10 PM PT
      The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
      Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

      To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

      Affected platforms:
      • Client: Windows 10, version 1903
      Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

      Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		Last updated:
      July 16, 2019
      09:04 AM PT

      Opened:
      July 12, 2019
      04:20 PM PT
      Initiating a Remote Desktop connection may result in black screen
      When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

      Affected platforms:
      • Client: Windows 10, version 1903
      • Server: Windows Server, version 1903
      Next steps: We are working on a resolution that will be made available in upcoming release.

      Back to top      		OS Build 18362.145

      May 29, 2019
      KB4497935      		Investigating
      		Last updated:
      July 12, 2019
      04:42 PM PT

      Opened:
      July 12, 2019
      04:42 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503293 on a WDS server.

      Affected platforms:
      • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
      Workaround:
      To mitigate this issue on an SCCM server:
      1. Verify Variable Window Extension is enabled.
      2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
      Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

      To mitigate this issue on a WDS server without SCCM:
      1. In WDS TFTP settings, verify Variable Window Extension is enabled.
      2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
      3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
      Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 18362.175

      June 11, 2019
      KB4503293      		Mitigated
      		Last updated:
      July 10, 2019
      07:09 PM PT

      Opened:
      July 10, 2019
      02:51 PM PT
      +
      SummaryOriginating updateStatusLast updated
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		June 11, 2019
      KB4503292      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		June 11, 2019
      KB4503292      		Mitigated
      		July 10, 2019
      02:59 PM PT
      System may be unresponsive after restart with certain McAfee antivirus products
      Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

      See details >      		April 09, 2019
      KB4493472      		Mitigated
      		April 25, 2019
      02:00 PM PT
      @@ -72,6 +73,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " + + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		June 11, 2019
      KB4503292      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: July 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 36e559e6aa..a15ed55837 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      + @@ -74,6 +75,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusLast updated
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		June 11, 2019
      KB4503276      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		June 11, 2019
      KB4503276      		Mitigated
      		July 10, 2019
      07:09 PM PT
      Japanese IME doesn't show the new Japanese Era name as a text input option
      If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

      See details >      		April 25, 2019
      KB4493443      		Mitigated
      		May 15, 2019
      05:53 PM PT
      System may be unresponsive after restart with certain McAfee antivirus products
      Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

      See details >      		April 09, 2019
      KB4493446      		Mitigated
      		April 18, 2019
      05:00 PM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		June 11, 2019
      KB4503276      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: July 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index f3d9d5d69b..7e730c134a 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      +
      SummaryOriginating updateStatusLast updated
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		June 11, 2019
      KB4503273      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		June 11, 2019
      KB4503273      		Mitigated
      		July 10, 2019
      02:59 PM PT
      " @@ -71,6 +72,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " + + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		June 11, 2019
      KB4503273      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: July 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 55b84c6427..ed7deea5f4 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      + @@ -73,6 +74,15 @@ sections:
      " +- title: August 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusLast updated
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

      See details >      		June 11, 2019
      KB4503285      		Resolved External
      		August 09, 2019
      04:25 PM PT
      Devices starting using PXE from a WDS or SCCM servers may fail to start
      Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

      See details >      		June 11, 2019
      KB4503285      		Mitigated
      		July 10, 2019
      07:09 PM PT
      Japanese IME doesn't show the new Japanese Era name as a text input option
      If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

      See details >      		April 25, 2019
      KB4493462      		Mitigated
      		May 15, 2019
      05:53 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

      See details >      		January 08, 2019
      KB4480975      		Mitigated
      		April 25, 2019
      02:00 PM PT
      + +
      DetailsOriginating updateStatusHistory
      MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
      You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

      Affected platforms:
      • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
      • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

      Back to top      		June 11, 2019
      KB4503285      		Resolved External
      		Last updated:
      August 09, 2019
      04:25 PM PT

      Opened:
      August 09, 2019
      04:25 PM PT
      + " + - title: July 2019 - items: - type: markdown diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md index d8db3e63d2..c1d0c47fdc 100644 --- a/windows/security/identity-protection/access-control/security-identifiers.md +++ b/windows/security/identity-protection/access-control/security-identifiers.md @@ -194,9 +194,9 @@ The SECURITY\_NT\_AUTHORITY (S-1-5) predefined identifier authority produces SID | S-1-5-2 | Network | A group that includes all users who are logged on by means of a network connection. Access tokens for interactive users do not contain the Network SID.| | S-1-5-3 | Batch | A group that includes all users who have logged on by means of a batch queue facility, such as task scheduler jobs.| | S-1-5-4 | Interactive| A group that includes all users who log on interactively. A user can start an interactive logon session by logging on directly at the keyboard, by opening a Remote Desktop Services connection from a remote computer, or by using a remote shell such as Telnet. In each case, the user's access token contains the Interactive SID. If the user signs in by using a Remote Desktop Services connection, the user's access token also contains the Remote Interactive Logon SID.| -| S-1-5-5- *X *- *Y * | Logon Session| The *X * and *Y * values for these SIDs uniquely identify a particular logon session.| +| S-1-5-5- *X*-*Y* | Logon Session| The *X* and *Y* values for these SIDs uniquely identify a particular logon session.| | S-1-5-6 | Service| A group that includes all security principals that have signed in as a service.| -| S-1-5-7 | Anonymous Logon| A user who has connected to the computer without supplying a user name and password.
      The Anonymous Logon identity is different from the identity that is used by Internet Information Services (IIS) for anonymous web access. IIS uses an actual account—by default, IUSR_ *ComputerName *, for anonymous access to resources on a website. Strictly speaking, such access is not anonymous because the security principal is known even though unidentified people are using the account. IUSR_ *ComputerName * (or whatever you name the account) has a password, and IIS logs on the account when the service starts. As a result, the IIS "anonymous" user is a member of Authenticated Users but Anonymous Logon is not.| +| S-1-5-7 | Anonymous Logon| A user who has connected to the computer without supplying a user name and password.
      The Anonymous Logon identity is different from the identity that is used by Internet Information Services (IIS) for anonymous web access. IIS uses an actual account—by default, IUSR_ *ComputerName*, for anonymous access to resources on a website. Strictly speaking, such access is not anonymous because the security principal is known even though unidentified people are using the account. IUSR_ *ComputerName* (or whatever you name the account) has a password, and IIS logs on the account when the service starts. As a result, the IIS "anonymous" user is a member of Authenticated Users but Anonymous Logon is not.| | S-1-5-8| Proxy| Does not currently apply: this SID is not used.| | S-1-5-9 | Enterprise Domain Controllers| A group that includes all domain controllers in a forest of domains.| | S-1-5-10 | Self| A placeholder in an ACE for a user, group, or computer object in Active Directory. When you grant permissions to Self, you grant them to the security principal that is represented by the object. During an access check, the operating system replaces the SID for Self with the SID for the security principal that is represented by the object.| diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md index c67ea0ab51..870cc58a84 100644 --- a/windows/security/identity-protection/credential-guard/additional-mitigations.md +++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md @@ -71,7 +71,7 @@ Then on the devices that are running Windows Defender Credential Guard, enroll t **Enrolling devices in a certificate** Run the following command: -``` syntax +```powershell CertReq -EnrollCredGuardCert MachineAuthentication ``` @@ -87,7 +87,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro - The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority. From a Windows PowerShell command prompt, run the following command: - ``` syntax + ```powershell .\get-IssuancePolicy.ps1 –LinkedToGroup:All ``` @@ -96,7 +96,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro - The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group. From a Windows PowerShell command prompt, run the following command: - ``` syntax + ```powershell .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" ``` @@ -143,7 +143,7 @@ Here is a list of scripts mentioned in this topic. Save this script file as get-IssuancePolicy.ps1. -``` syntax +```powershell ####################################### ## Parameters to be defined ## ## by the user ## diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md index 1a19c1ea01..e50ae1fdfb 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md @@ -34,14 +34,14 @@ The following known issue has been fixed in the [Cumulative Security Update for The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017: -- [KB4015217 Windows Defender Credential Guard generates double bad password count on Active Directory domain-joined Windows 10 machines](https://support.microsoft.com/help/4015217/windows-10-update-kb4015217) +- [KB4015217 Windows Defender Credential Guard generates double bad password count on Active Directory domain-joined Windows 10 machines](https://support.microsoft.com/help/4015217/windows-10-update-kb4015217) This issue can potentially lead to unexpected account lockouts. See also Microsoft® Knowledge Base articles [KB4015219](https://support.microsoft.com/help/4015219/windows-10-update-kb4015219) and [KB4015221](https://support.microsoft.com/help/4015221/windows-10-update-kb4015221) -- [KB4033236 Two incorrect logon attempts sent to Active Directory after Windows Defender Credential Guard installed on Windows 10](https://support.microsoft.com/help/4033236/two-incorrect-logon-attempts-sent-to-active-directory-after-credential?preview) +- [KB4033236 Two incorrect logon attempts sent to Active Directory after Windows Defender Credential Guard installed on Windows 10](https://support.microsoft.com/help/4033236/two-incorrect-logon-attempts-sent-to-active-directory-after-credential?preview) - This issue can potentially lead to unexpected account lockouts. The issue was fixed in servicing updates for each of the following operating systems: + This issue can potentially lead to unexpected account lockouts. The issue was fixed in servicing updates for each of the following operating systems: - Windows 10 Version 1607 and Windows Server 2016: [KB4015217 (OS Build 14393.1066 and 14393.1083)](https://support.microsoft.com/help/4015217) @@ -52,30 +52,30 @@ The following known issues have been fixed by servicing releases made available The following issue affects the Java GSS API. See the following Oracle bug database article: -- [JDK-8161921: Windows 10 Windows Defender Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921) +- [JDK-8161921: Windows 10 Windows Defender Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921) When Windows Defender Credential Guard is enabled on Windows 10, the Java GSS API will not authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and will not provide the TGT session key to applications regardless of registry key settings. For further information see [Application requirements](https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). The following issue affects Cisco AnyConnect Secure Mobility Client: -- [Blue screen on Windows 10 computers running Windows Defender Device Guard and Windows Defender Credential Guard with Cisco Anyconnect 4.3.04027](https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc66692) \* +- [Blue screen on Windows 10 computers running Windows Defender Device Guard and Windows Defender Credential Guard with Cisco Anyconnect 4.3.04027](https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc66692) \* *Registration required to access this article. The following issue affects McAfee Application and Change Control (MACC): -- [KB88869 Windows 10 machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Windows Defender Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869) [1] +- [KB88869 Windows 10 machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Windows Defender Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869) [1] The following issue affects AppSense Environment Manager. For further information, see the following Knowledge Base article: -- [Installing AppSense Environment Manager on Windows 10 machines causes LSAISO.exe to exhibit high CPU usage when Windows Defender Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) [1] \** +- [Installing AppSense Environment Manager on Windows 10 machines causes LSAISO.exe to exhibit high CPU usage when Windows Defender Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) [1] \** The following issue affects Citrix applications: -- Windows 10 machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. [1] +- Windows 10 machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. [1] [1] Products that connect to Virtualization Based Security (VBS) protected processes can cause Windows Defender Credential Guard-enabled Windows 10 or Windows Server 2016 machines to exhibit high CPU usage. For technical and troubleshooting information, see the following Microsoft Knowledge Base article: -- [KB4032786 High CPU usage in the LSAISO process on Windows 10 or Windows Server 2016](https://support.microsoft.com/help/4032786) +- [KB4032786 High CPU usage in the LSAISO process on Windows 10 or Windows Server 2016](https://support.microsoft.com/help/4032786) For further technical information on LSAISO.exe, see the MSDN article: [Isolated User Mode (IUM) Processes](https://msdn.microsoft.com/library/windows/desktop/mt809132(v=vs.85).aspx) @@ -86,7 +86,7 @@ For further technical information on LSAISO.exe, see the MSDN article: [Isolated ## Vendor support See the following article on Citrix support for Secure Boot: -- [Citrix Support for Secure Boot](https://www.citrix.com/blogs/2016/12/08/windows-server-2016-hyper-v-secure-boot-support-now-available-in-xenapp-7-12/) +- [Citrix Support for Secure Boot](https://www.citrix.com/blogs/2016/12/08/windows-server-2016-hyper-v-secure-boot-support-now-available-in-xenapp-7-12/) Windows Defender Credential Guard is not supported by either these products, products versions, computer systems, or Windows 10 versions: diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 3fe994764f..a583960ecd 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -106,7 +106,8 @@ You can do this by using either the Control Panel or the Deployment Image Servic > [!NOTE] > You can also enable Windows Defender Credential Guard by setting the registry entries in the [FirstLogonCommands](https://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. - + + ### Enable Windows Defender Credential Guard by using the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool You can also enable Windows Defender Credential Guard by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). @@ -115,7 +116,7 @@ You can also enable Windows Defender Credential Guard by using the [Windows Defe DG_Readiness_Tool_v3.5.ps1 -Enable -AutoReboot ``` > [!IMPORTANT] -> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSAch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. +> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. > This is a known issue. ### Review Windows Defender Credential Guard performance @@ -199,7 +200,8 @@ To disable Windows Defender Credential Guard, you can use the following set of p For more info on virtualization-based security and Windows Defender Device Guard, see [Windows Defender Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide). - + + #### Disable Windows Defender Credential Guard by using the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool You can also disable Windows Defender Credential Guard by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). @@ -208,7 +210,7 @@ You can also disable Windows Defender Credential Guard by using the [Windows Def DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot ``` > [!IMPORTANT] -> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSAch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. +> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. > This is a known issue. #### Disable Windows Defender Credential Guard for a virtual machine diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md index 2e1a83d9b7..582af34a67 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md @@ -96,7 +96,7 @@ Then on the devices that are running Windows Defender Credential Guard, enroll t **Enrolling devices in a certificate** Run the following command: -``` syntax +```powershell CertReq -EnrollCredGuardCert MachineAuthentication ``` @@ -112,7 +112,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro - The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority. From a Windows PowerShell command prompt, run the following command: - ``` syntax + ```powershell .\get-IssuancePolicy.ps1 –LinkedToGroup:All ``` @@ -121,7 +121,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro - The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group. From a Windows PowerShell command prompt, run the following command: - ``` syntax + ```powershell .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" ``` @@ -172,7 +172,7 @@ Here is a list of scripts mentioned in this topic. Save this script file as get-IssuancePolicy.ps1. -``` syntax +```powershell ####################################### ## Parameters to be defined ## ## by the user ## @@ -363,7 +363,7 @@ write-host "There are no issuance policies which are not mapped to groups" Save the script file as set-IssuancePolicyToGroupLink.ps1. -``` syntax +```powershell ####################################### ## Parameters to be defined ## ## by the user ## diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md index 0b6d13f777..dae9193c68 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md @@ -25,7 +25,7 @@ Here is a list of scripts mentioned in this topic. Save this script file as get-IssuancePolicy.ps1. -``` syntax +```powershell ####################################### ## Parameters to be defined ## ## by the user ## @@ -216,7 +216,7 @@ write-host "There are no issuance policies which are not mapped to groups" Save the script file as set-IssuancePolicyToGroupLink.ps1. -``` syntax +```powershell ####################################### ## Parameters to be defined ## ## by the user ## diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index 3c60042dd6..18314f3f58 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -44,7 +44,7 @@ Windows Hello provides many benefits, including: - Support for Windows Hello is built into the operating system so you can add additional biometric devices and polices as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.
      For more info about the available Group Policies and MDM CSPs, see the [Implement Windows Hello for Business in your organization](hello-manage-in-organization.md) topic. -## Where is Microsoft Hello data stored? +## Where is Windows Hello data stored? The biometric data used to support Windows Hello is stored on the local device only. It doesn’t roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Additionally, even if an attacker was actually able to get the biometric data, it still can’t be easily converted to a form that could be recognized by the biometric sensor. ## Has Microsoft set any device requirements for Windows Hello? diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md index 1a029f2dc9..37591f1f54 100644 --- a/windows/security/identity-protection/hello-for-business/hello-features.md +++ b/windows/security/identity-protection/hello-for-business/hello-features.md @@ -147,7 +147,7 @@ To configure PIN reset on Windows devices you manage, use an [Intune Windows 10 ### On-premises Deployments -** Requirements** +**Requirements** * Active Directory * On-premises Windows Hello for Business deployment * Reset from settings - Windows 10, version 1703, Professional @@ -260,7 +260,7 @@ Users appreciate convenience of biometrics and administrators value the security ![WHFB Certificate GP Setting](images/rdpbio/rdpbiopolicysetting.png) > [!IMPORTANT] -> The remote desktop with biometric feature does not work with [Dual Enrollment](#dual-enrollment) feature or scenarios where the user provides alternative credentials. Microsoft continues to investigate supporting the feature.\ +> The remote desktop with biometric feature does not work with [Dual Enrollment](#dual-enrollment) feature or scenarios where the user provides alternative credentials. Microsoft continues to investigate supporting the feature. ## Related topics diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 2fc0996eb0..73c0ca23ab 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -79,7 +79,7 @@ The easiest way to verify the onPremisesDistingushedNamne attribute is synchroni 1. Open a web browser and navigate to https://graphexplorer.azurewebsites.net/ 2. Click **Login** and provide Azure credentials -3. In the Azure AD Graph Explorer URL, type https://graph.windows.net/myorganization/users/[userid], where **[userid] is the user principal name of user in Azure Active Directory. Click **Go** +3. In the Azure AD Graph Explorer URL, type https://graph.windows.net/myorganization/users/[userid], where **[userid]** is the user principal name of user in Azure Active Directory. Click **Go** 4. In the returned results, review the JSON data for the **onPremisesDistinguishedName** attribute. Ensure the attribute has a value and the value is accurate for the given user. ![Azure AD Connect On-Prem DN Attribute](images/aadjcert/aadconnectonpremdn.png) @@ -659,7 +659,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 13. Refer to the "Configure Certificate Templates on NDES" task for how you configured the **AADJ WHFB Authentication** certificate template in the registry. Select the appropriate combination of key usages from the **Key Usages** list that map to configured NDES template in the registry. In this example, the **AADJ WHFB Authentication** certificate template was added to the **SignatureTemplate** registry value name. The **Key usage** that maps to that registry value name is **Digital Signature**. 14. Select a previously configured **Trusted certificate** profile that matches the root certificate of the issuing certificate authority. ![WHFB SCEP certificate profile Trusted Certificate selection](images/aadjcert/intunewhfbscepprofile-01.png) -15. Under **Extended key usage**, type **Smart Card Logon** under Name. Type **1.3.6.1.4.1.311.20.2.2 under **Object identifier**. Click **Add**. +15. Under **Extended key usage**, type **Smart Card Logon** under **Name**. Type **1.3.6.1.4.1.311.20.2.2** under **Object identifier**. Click **Add**. 16. Type a percentage (without the percent sign) next to **Renewal Threshold** to determine when the certificate should attempt to renew. The recommended value is **20**. ![WHFB SCEP certificate Profile EKUs](images/aadjcert/intunewhfbscepprofile-03.png) 17. Under **SCEP Server URLs**, type the fully qualified external name of the Azure AD Application proxy you configured. Append to the name **/certsrv/mscep/mscep.dll**. For example, https://ndes-mtephendemo.msappproxy.net/certsrv/mscep/mscep.dll. Click **Add**. Repeat this step for each additional NDES Azure AD Application Proxy you configured to issue Windows Hello for Business certificates. Microsoft Intune round-robin load balances requests amongst the URLs listed in the SCEP certificate profile. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 1df71e5f3d..433457239a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -196,10 +196,19 @@ In a federated Azure AD configuration, devices rely on Active Directory Federati Windows current devices authenticate using Integrated Windows Authentication to an active WS-Trust endpoint (either 1.3 or 2005 versions) hosted by the on-premises federation service. +When you're using AD FS, you need to enable the following WS-Trust endpoints: +`/adfs/services/trust/2005/windowstransport` +`/adfs/services/trust/13/windowstransport` +`/adfs/services/trust/2005/usernamemixed` +`/adfs/services/trust/13/usernamemixed` +`/adfs/services/trust/2005/certificatemixed` +`/adfs/services/trust/13/certificatemixed` + +> [!WARNING] +> Both **adfs/services/trust/2005/windowstransport** or **adfs/services/trust/13/windowstransport** should be enabled as intranet facing endpoints only and must NOT be exposed as extranet facing endpoints through the Web Application Proxy. To learn more on how to disable WS-Trust WIndows endpoints, see [Disable WS-Trust Windows endpoints on the proxy](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#disable-ws-trust-windows-endpoints-on-the-proxy-ie-from-extranet). You can see what endpoints are enabled through the AD FS management console under **Service** > **Endpoints**. + > [!NOTE] -> When using AD FS, either **adfs/services/trust/13/windowstransport** or **adfs/services/trust/2005/windowstransport** must be enabled. If you are using the Web Authentication Proxy, also ensure that this endpoint is published through the proxy. You can see what end-points are enabled through the AD FS management console under **Service > Endpoints**. -> -> If you don't have AD FS as your on-premises federation service, follow the instructions of your vendor to make sure they support WS-Trust 1.3 or 2005 end-points and that these are published through the Metadata Exchange file (MEX). +>If you don’t have AD FS as your on-premises federation service, follow the instructions from your vendor to make sure they support WS-Trust 1.3 or 2005 endpoints and that these are published through the Metadata Exchange file (MEX). The following claims must exist in the token received by Azure DRS for device registration to complete. Azure DRS will create a device object in Azure AD with some of this information which is then used by Azure AD Connect to associate the newly created device object with the computer account on-premises. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 71517e7da8..cd40458897 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -74,6 +74,9 @@ The two directories used in hybrid deployments must be synchronized. You need A Organizations using older directory synchronization technology, such as DirSync or Azure AD sync, need to upgrade to Azure AD Connect. In case the schema of your local AD DS was changed since the last directory synchronization, you may need to [refresh directory schema](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema). +> [!NOTE] +> Windows Hello for Business is tied between a user and a device. Both the user and device need to be synchronized between Azure Active Directory and Active Directory. + ### Section Review > [!div class="checklist"] > * Azure Active Directory Connect directory synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index 05a4294ad7..f65eaf8b20 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -151,7 +151,7 @@ The default configuration for Windows Hello for Business is to prefer hardware p You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials. Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business. -Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. +Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Therefore, some organization may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. #### Use biometrics diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 73e64d3e70..1b30d94278 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -33,9 +33,9 @@ On-premises certificate-based deployments of Windows Hello for Business needs on ## Enable Windows Hello for Business Group Policy -The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled. +The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users. -You can configure the Enable Windows Hello for Business Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users that sign-in that computer to attempt a Windows Hello for Business enrollment. Deploying this policy setting to a user results in only that user attempting a Windows Hello for Business enrollment. Additionally, you can deploy the policy setting to a group of users so only those users attempt a Windows Hello for Business enrollment. If both user and computer policy settings are deployed, the user policy setting has precedence. +If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business. For these settings to be configured using GPO, you need to download and install the latest Administrative Templates (.admx) for Windows 10. ## Create the Windows Hello for Business Group Policy object diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 19a03daf36..06aa82ad4b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -18,6 +18,9 @@ ms.reviewer: --- # Validate and Deploy Multifactor Authentication Services (MFA) +> [!IMPORTANT] +> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. + **Applies to** - Windows 10, version 1703 or later - On-premises deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 68ee7e67cf..207675b3e4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -166,11 +166,13 @@ If your organization does not have cloud resources, write **On-Premises** in box ### Trust type +Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. + Choose a trust type that is best suited for your organizations. Remember, the trust type determines two things. Whether you issue authentication certificates to your users and if your deployment needs Windows Server 2016 domain controllers. One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end entity certificates (key-trust) against using existing domain controllers (Windows Server 2008R2 or later) and needing to enroll certificates for all their users (certificate trust). -Because the certificate trust types issues certificates, there is more configuration and infrastructure needed to accommodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificate-trust deployments includes a certificate registration authority. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. +Because the certificate trust types issues certificates, there is more configuration and infrastructure needed to accommodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificate-trust deployments includes a certificate registration authority. In a federated environment, you need to activate the Device Writeback option in Azure AD Connect. If your organization wants to use the key trust type, write **key trust** in box **1b** on your planning worksheet. Write **Windows Server 2016** in box **4d**. Write **N/A** in box **5b**. diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 062ad20bc7..d9a19aed80 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -1,5 +1,5 @@ --- -title: Password-less Strategy +title: Passwordless Strategy description: Reducing Password Usage Surface keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless ms.prod: w10 @@ -14,195 +14,195 @@ ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/20/2018 -ms.reviewer: +ms.reviewer: --- -# Password-less Strategy +# Passwordless Strategy -## Four steps to Password-less +## Four steps to password freedom -Over the past few years, Microsoft has continued their commitment to enabling a world without passwords. At Microsoft Ignite 2017, we shared our four-step approach to password-less. -![Password-less approach](images/four-steps-passwordless.png) +Over the past few years, Microsoft has continued their commitment to enabling a world without passwords. At Microsoft Ignite 2017, we shared our four-step approach to password freedom. +![Passwordless approach](images/four-steps-passwordless.png) ### 1. Develop a password replacement offering -Before you move away from passwords, you need something to replace them. With Windows 10, Microsoft introduced Windows Hello for Business, a strong, hardware protected two-factor credential that enables single-sign on to Azure Active Directory and Active Directory. +Before you move away from passwords, you need something to replace them. With Windows 10, Microsoft introduced Windows Hello for Business, a strong, hardware protected two-factor credential that enables single sign-on to Azure Active Directory and Active Directory. -Deploying Windows Hello for Business is the first step towards password-less. With Windows Hello for Business deployed, it coexists with password nicely. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it. +Deploying Windows Hello for Business is the first step towards a passwordless environment. Windows Hello for Business coexists nicely with existing password-based security. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it. ### 2. Reduce user-visible password surface area -With Windows Hello for Business and passwords coexisting in your environment, the next step towards password-less is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the user knows they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. +With Windows Hello for Business and passwords coexisting in your environment, the next step is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the users know they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. -### 3. Transition into a password-less deployment -Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a password-less world. A world where: - - the user never types their password - - the user never changes their password - - the user does not know their password +### 3. Transition into a passwordless deployment +Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a passwordless world. A world where: + - the users never type their password + - the users never change their password + - the users do not know their password -In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business. +In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business. ### 4. Eliminate passwords from the identity directory -The final step of the password-less story is where passwords simply do not exist. At this step, identity directories no longer persist any form of the password. This is where Microsoft achieves the long-term security promise of a truly password-less environment. +The final step of the passwordless story is where passwords simply do not exist. At this step, identity directories no longer persist any form of the password. This is where Microsoft achieves the long-term security promise of a truly passwordless environment. ## Methodology -The four steps to password-less provides a overall view of how Microsoft envisions the road to password-less. But the road to password-less is frequently traveled and derailed by many. The scope of work is vast and filled with many challenges and frustrations. Nearly everyone wants the instant gratification of password-less, but can easily become overwhelmed in any of the steps. You are not alone and Microsoft understands. While there are many ways to accomplish password-less, here is one recommendation based on several years of research, investigation, and customer conversations. +Four steps to password freedom provides an overall view of how Microsoft envisions the road to eliminating passwords. But this road is frequently traveled and derailed by many. The scope of work is vast and filled with many challenges and frustrations. Nearly everyone wants the instant gratification of achieving a passwordless environment, but can easily become overwhelmed by any of the steps. You are not alone and Microsoft understands. While there are many ways to accomplish freedom from passwords, here is one recommendation based on several years of research, investigation, and customer conversations. -### Prepare for the Journey -The road to password-less is a journey. The duration of that journey varies from each organization. It is important for IT decision makers to understand the criteria that influences the length of the journey. +### Prepare for the Journey +The road to being passwordless is a journey. The duration of that journey varies for each organization. It is important for IT decision-makers to understand the criteria influencing the length of that journey. -The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size. One way to break down the size of the organization is: +The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size? One way to break down the size of the organization is by creating a summary of the: - Number of departments -- Organization or department hierarchy +- Organization or department hierarchy - Number and type of applications and services - Number of work personas - Organization's IT structure -#### Number of departments -The number of departments within an organization varies. Most organizations have a common set of departments such as executive leadership, human resources, accounting, sales, and marketing. Other organizations will have those departments and additional ones such research and development or support. Small organizations may not segment their departments this explicitly while larger ones may. Additionally, there may be sub-departments, and sub-departments of those sub-departments as well. +#### Number of departments +The number of departments within an organization varies. Most organizations have a common set of departments such as executive leadership, human resources, accounting, sales, and marketing. Other organizations will have those departments and additional ones such research and development or support. Small organizations may not segment their departments this explicitly, while larger ones may. Additionally, there may be sub-departments, and sub-departments of those sub-departments as well. -You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computer (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable for password-less. +You need to know all the departments within your organization and you need to know which departments use computers and which ones do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed that it is not applicable. -Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will you and your staff on the road to password-less. Realistically, many of us lose sight of our organization chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-less, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your password-less strategy. +Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the road to password freedom. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organization goes password-free, but your partners continue to use passwords and then access your corporate resources, you should know about it and include them in your passwordless strategy. #### Organization or department hierarchy -Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct password-less strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently than a member of middle management in the sales department. Both of those use cases are likely different than how an individual contributor in the customer service department uses their device. +Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used, most likely differs between each department, but also within the structure of the department. To determine the correct passwordless strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently compared to a member of middle management in the sales department. Both of those user cases are probably different to how an individual contributor in the customer service department uses their device. #### Number and type of applications and services -The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical item in your password-less assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedure and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. +The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical items in your passwordless assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedures and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. -Capturing the number of applications used is easier once you have the departments, their hierarchy, and their stakeholders. In this approach, you should have an organized list of departments and the hierarchy in each. You can now associate the applications that are used by all levels within each department. You'll also want to document whether the application is internally developed or commercially available off-the-shelf (COTS). If the later, document the manufacture and the version. Also, do not forget web-based applications or services when inventorying applications. +Capturing the number of applications used is easier once you have the departments, their hierarchy, and their stakeholders. In this approach, you should have an organized list of departments and the hierarchy in each. You can now associate the applications that are used by all levels within each department. You'll also want to document whether the application is internally developed or commercially available off-the-shelf (COTS). If the latter, document the manufacturer and the version. Also, do not forget web-based applications or services when inventorying applications. #### Number of work personas -Work personas is where the three previous efforts converge. You know the departments, the organizational levels within each department, the numbers of applications used by each, respectively, and the type of application. From this you want to create a work persona. +Work personas is where the three previous efforts converge. You know the departments, the organizational levels within each department, the numbers of applications used by each, respectively, and the type of application. From this you want to create a work persona. -A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc), within a specific department to a collection of applications used. There is a high possibility and probability that you will have many work personas. These work personas will become units of work an you will refer to them in documentation and in meetings. You need to give them a name. +A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc.), within a specific department to a collection of applications used. There is a high probability that you will have many work personas. These work personas will become units of work, and you will refer to them in documentation and in meetings. You need to give them a name. -Give your personas easy and intuitive name like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. +Give your personas easy and intuitive names like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments, then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. -Ultimately, create a naming convention that does not require your stakeholders and partners to read through a long list of tables or that needs a secret decoder ring. Also, if possible, try to keep the references as names of people. After all, you are talking about a person, who is in that department, who uses that specific software. +Ultimately, create a naming convention that does not require your stakeholders and partners to read through a long list of tables or a secret decoder ring. Also, if possible, try to keep the references as names of people. After all, you are talking about a person who is in that department and who uses that specific software. #### Organization's IT structure -IT department structures can vary more than the organization. Some IT departments are centralized while others are decentralized. Also, the road to password-less will likely have you interacting with the client authentication team, the deployment team, the security team, the PKI team, the Active Directory team, the cloud team, and the list continues. Most of these teams will be your partner on your journey to password-less. Ensure there is a password-less stakeholder on each of these teams and that the effort is understood and funded. +IT department structures can vary more than the organization. Some IT departments are centralized while others are decentralized. Also, the road to password freedom will probably have you interacting with the client authentication team, the deployment team, the security team, the PKI team, the Active Directory team, the cloud team, and the list continues. Most of these teams will be your partner on your journey to password freedom. Ensure there is a passwordless stakeholder on each of these teams, and that the effort is understood and funded. #### Assess your Organization -You have a ton of information. You have created your work personas, you identified your stakeholders throughout the different IT groups. Now what? +You have a ton of information. You have created your work personas, you have identified your stakeholders throughout the different IT groups. Now what? -By now you can see why its a journey and not a weekend project. You need to investigate user-visible password surfaces for each of your work personas. Once you identified the password surfaces, you need to mitigate them. Resolving some password surfaces are simple-- meaning a solution already exists in the environment and its a matter of moving users to it. Resolution to some passwords surfaces may exist, but are not deployed in your environment. That resolution results in a project that must be planned, tested, and then deployed. That is likely to span multiple IT departments with multiple people, and potentially one or more distributed systems. Those types of projects take time and need dedicated cycles. This same sentiment is true with in-house software development. Even with agile development methodologies, changing the way someone authenticates to an application is critical. Without the proper planning and testing, it has the potential to severely impact productivity. +By now you can see why it is a journey and not a weekend project. You need to investigate user-visible password surfaces for each of your work personas. Once you have identified the password surfaces, you need to mitigate them. Resolving some password surfaces are simple - meaning a solution already exists in the environment and it is only a matter of moving users to it. Resolution to some passwords surfaces may exist, but are not deployed in your environment. That resolution results in a project which must be planned, tested, and then deployed. That is likely to span multiple IT departments with multiple people, and potentially one or more distributed systems. Those types of projects take time and need dedicated cycles. This same sentiment is true with in-house software development. Even with agile development methodologies, changing the way someone authenticates to an application is critical. Without the proper planning and testing, it has the potential to severely impact productivity. -How long does it take to reach password-less? The answer is "it depends". It depends on the organizational alignment of a password-less strategy. Top-down agreement that password-less is the organization's goal makes conversations much easier. Easier conversations means less time spent convincing people and more time spent moving forward toward the goal. Top-down agreement on password-less as a priority within the ranks of other on-going IT projects helps everyone understand how to prioritize existing projects. Agreeing on priorities should reduce and minimize manager and executive level escalations. After these organizational discussions, modern project management techniques are used to continue the password-less effort. The organization allocates resources based on the priority (after they agreed on the strategy). Those resources will: +How long does it take to become passwordless? The answer is "it depends". It depends on the organizational alignment of a passwordless strategy. Top-down agreement that a passwordless environment is the organization's goal makes conversations much easier. Easier conversations means less time spent convincing people and more time spent moving forward toward the goal. Top-down agreement, as a priority within the ranks of other on-going IT projects, helps everyone understand how to prioritize existing projects. Agreeing on priorities should reduce and minimize manager and executive level escalations. After these organizational discussions, modern project management techniques are used to continue the passwordless effort. The organization allocates resources based on the priority (after they have agreed on the strategy). Those resources will: - work through the work personas - organize and deploy user acceptance testing - evaluate user acceptance testing results for user-visible password surfaces - work with stakeholders to create solutions that mitigate user-visible password surfaces - add the solution to the project backlog and prioritize against other projects -- deploy solution -- User acceptance testing to confirm the solution mitigates the user-visible password surface -- Repeat as needed +- deploy the solution +- perform user acceptance testing to confirm that the solution mitigates the user-visible password surface +- repeat the testing as needed -Your organization's journey to password-less may take some time to get there. Counting the number of work personas and the number of applications is probably a good indicator of the investment. Hopefully, your organization is growing, which means that the list of personas and the list of applications is unlikely to shrink. If the work to go password-less today is *n*, then it is likely that to go password-less tomorrow is *n x 2* or perhaps more, *n x n*. Do not let the size or duration of the project be a distraction. As you progress through each work persona, the actions and tasks will become more familiar for you and your stakeholders. Scope the project to sizable, realistic phases, pick the correct work personas, and soon you will see parts of your organization transition to password-less. +Your organization's journey to password freedom may take some time. Counting the number of work personas and the number of applications is probably a good indicator of the investment. Hopefully, your organization is growing, which means that the list of personas and the list of applications is unlikely to shrink. If the work to go passwordless today is *n*, then it is likely that to go passwordless tomorrow is *n x 2* or perhaps more, *n x n*. Do not let the size or duration of the project be a distraction. As you progress through each work persona, the actions and tasks will become more familiar for you and your stakeholders. Scope the project to sizable, realistic phases, pick the correct work personas, and soon you will see parts of your organization transition to a passwordless state. ### Where to start? -What is the best guidance for kicking off the journey to password-less? You will want to show you management a proof of concept as soon as possible. Ideally, you want to show this at each step of your password-less journey. Keeping password-less top of mind and showing consistent progress keeps everyone focused. +What is the best guidance for kicking off the journey to password freedom? You will want to show your management a proof of concept as soon as possible. Ideally, you want to show this at each step of your passwordless journey. Keeping your passwordless strategy top of mind and showing consistent progress keeps everyone focused. -#### Work persona -You begin with your work personas. These were part of your preparation process. They have a persona name, such as Abby Accounting II, or any other naming convention your organization defined. That work persona includes a list of all the applications that Abby uses to perform her assigned duties in the accounting department. To start, you need to pick a work persona. This is the targeted work persona you will enable to climb the password-less steps. +#### Work persona +You begin with your work personas. These were part of your preparation process. They have a persona name, such as Abby Accounting II, or any other naming convention your organization defined. That work persona includes a list of all the applications Abby uses to perform her assigned duties in the accounting department. To start, you need to pick a work persona. This is the targeted work persona you will enable to climb the steps to password freedom. > [!IMPORTANT] -> Avoid using any work personas from your IT department. This is probably the worst way to start the password-less journey. IT roles are very difficult and time consuming. IT workers typically have multiple credentials, run a multitude of scripts and custom applications, and are the worst offenders of password usage. It is better to save these work personas for the middle or end of your journey. +> Avoid using any work personas from your IT department. This is probably the worst way to start the passwordless journey. IT roles are very difficult and time consuming. IT workers typically have multiple credentials, run a multitude of scripts and custom applications, and are the worst offenders of password usage. It is better to save these work personas for the middle or end of your journey. -Review your collection of work personas. Early in your password-less journey, identify personas that have the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. +Review your collection of work personas. Early in your passwordless journey, identify personas with the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. -Most organizations host their proof of concept in a test lab or environment. To do that with password-less may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could be a few days or several weeks depending on the complexity of targeted work persona. +Most organizations host their proof of concept in a test lab or environment. To do that with a password-free strategy may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could take a few days or several weeks, depending on the complexity of the targeted work persona. -You will want to balance testing in a lab with providing results to management quickly. Continuing to show forward progress on your password-less journey is always good thing. If there are ways you can test in production with low or now risk, that may be advantageous to your time line. +You will want to balance lab testing with providing results to management quickly. Continuing to show forward progress on your journey to password freedom is always a good thing. If there are ways you can test in production with low or no risk, it may be advantageous to your timeline. ## The Process -The journey to password-less is to take each work persona through each password-less step. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like +The journey to password freedom is to take each work persona through each step of the process. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like this: -1. Password-less replacement offering (Step 1) - 1. Identify test users that represent the targeted work persona. +1. Passwordless replacement offering (Step 1) + 1. Identify test users representing the targeted work persona. 2. Deploy Windows Hello for Business to test users. - 3. Validate password and Windows Hello for Business work. + 3. Validate that passwords and Windows Hello for Business work. 2. Reduce User-visible Password Surface (Step 2) 1. Survey test user workflow for password usage. 2. Identify password usage and plan, develop, and deploy password mitigations. 3. Repeat until all user password usage is mitigated. - 4. Remove password capabilities from the Windows. - 5. Validate **all** workflows do not need passwords. -3. Transition into a password-less (Step 3) - 1. Awareness campaign and user education. - 2. Including remaining users that fit the work persona. - 3. Validate **all** users of the work personas do not need passwords. - 4. Configure user accounts to disallow password authentication. + 4. Remove password capabilities from Windows. + 5. Validate that **none of the workflows** need passwords. +3. Transition into a passwordless scenario (Step 3) + 1. Awareness campaign and user education. + 2. Include remaining users who fit the work persona. + 3. Validate that **none of the users** of the work personas need passwords. + 4. Configure user accounts to disallow password authentication. -After successfully moving a work persona to password-less, you can prioritize the remaining work personas, and repeat the process. +After successfully moving a work persona to password freedom, you can prioritize the remaining work personas and repeat the process. -### Password-less replacement offering (Step 1) -THe first step to password-less is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. +### Passwordless replacement offering (Step 1) +The first step to password freedom is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. #### Identify test users that represent the targeted work persona -A successful transition to password-less heavily relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or to accurately validate them. You need to enlist the help of users that fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. +A successful transition relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or how to accurately validate them. You need to enlist the help of users who fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. #### Deploy Windows Hello for Business to test users -Next, you will want to plan your Windows Hello for Business deployment. Your test users will need an alternative way to sign-in during step 2 of the password-less journey. Use the [Windows Hello for Business Planning Guide](hello-planning-guide.md) to help learn which deployment is best for your environment. Next, use the [Windows Hello for Business deployment guides](hello-deployment-guide.md) to deploy Windows Hello for Business. +Next, you will want to plan your Windows Hello for Business deployment. Your test users will need an alternative way to sign-in during step 2 of the journey to becoming passwordless. Use the [Windows Hello for Business Planning Guide](hello-planning-guide.md) to help learning which deployment is best suited for your environment. Next, use the [Windows Hello for Business deployment guides](hello-deployment-guide.md) to deploy Windows Hello for Business. -With the Windows Hello for Business infrastructure in place, you can limit Windows Hello for Business enrollments to the targeted work personas. The great news is you will only need to deploy the infrastructure once. When other targeted work personas need to provision Windows Hello for Business, you can simply add them to a group. You will use the first work persona to validate your Windows Hello for Business deployment. +With the Windows Hello for Business infrastructure in place, you can limit Windows Hello for Business enrollments to the targeted work personas. The great news is that you will only need to deploy the infrastructure once. When other targeted work personas need to provision Windows Hello for Business, you can simply add them to a group. You will use the first work persona to validate your Windows Hello for Business deployment. > [!NOTE] -> There are many different ways to connect a device to Azure. Deployments may vary based on how the device is joined to Azure Active Directory. Review your planning guide and deployment guide to ensure additional infrastructure is not needed for an additional Azure joined devices. +> There are many different ways to connect a device to Azure. Deployments may vary based on how the device is joined to Azure Active Directory. Review your planning guide and deployment guide to ensure additional infrastructure is not needed for an additional Azure joined devices. -#### Validate password and Windows Hello for Business work -In this first step, passwords and Windows Hello for Business must coexist. You want to validate that while your targeted work personas can sign in and unlock using Windows Hello for Business, but they can also sign-in, unlock, and use passwords as needed. Reducing the user-visible password surface too soon can create frustration and confusion with your targeted user personas. +#### Validate that passwords and Windows Hello for Business work +In this first step, passwords and Windows Hello for Business must coexist. You want to validate that while your targeted work personas can sign in and unlock using Windows Hello for Business, but they can also sign-in, unlock, and use passwords as needed. Reducing the user-visible password surface too soon can create frustration and confusion with your targeted user personas. ### Reduce User-visible Password Surface (Step 2) Before you move to step 2, ensure you have: -- selected your targeted work persona. -- identified your test users that represented the targeted work persona. +- selected your targeted work persona. +- identified your test users who represent the targeted work persona. - deployed Windows Hello for Business to test users. - validated passwords and Windows Hello for Business both work for the test users. #### Survey test user workflow for password usage -Now is the time to learn more about the targeted work persona. You have a list of applications they use, but you do not know what, why, when, and how frequently. This information is important as your further your progress through step 2. +Now is the time to learn more about the targeted work persona. You have a list of applications they use, but you do not know what, why, when, and how frequently. This information is important as you further your progress through step 2. -Test users create the workflows associated with the targeted work persona. Their initial goal is to do one simply task. Document password usage. This list is not a comprehensive one, but it gives you an idea of the type of information you want. The general idea is to learn about all the scenarios in which that work persona encounters a password. A good approach is: +Test users create the workflows associated with the targeted work persona. Their initial goal is to do one simple task: Document password usage. This list is not a comprehensive one, but it gives you an idea of the type of information you want. The general idea is to learn about all the scenarios in which that work persona encounters a password. A good approach is to ask yourself the following set of questions: - What is the name of the application that asked for a password?. - Why do they use the application that asked for a password? (Example: is there more than one application that can do the same thing?). - What part of their workflow makes them use the application? Try to be as specific as possible (I use application x to issue credit card refunds for amounts over y.). - How frequently do you use this application in a given day? week? -- Is the password you type into the application the same as the password you use to sign-in to Windows? +- Is the password you type into the application the same as the password you use to sign-in to Windows? -Some organizations will empower their users to write this information while some may insist on having a member of the IT department shadow them. An objective viewer may notice a password prompt that the user overlooks simply because of muscle memory. As previously mentioned, this information is critical. You could miss one password prompt which could delay the transition to password-less. +Some organizations will empower their users to write this information while some may insist on having a member of the IT department shadow them. An objective viewer may notice a password prompt that the user overlooks simply because of muscle memory. As previously mentioned, this information is critical. You could miss one password prompt that could delay the transition to being passwordless. #### Identify password usage and plan, develop, and deploy password mitigations -Your test users have provided you valuable information that describes the how, what, why and when they use a password. It is now time for your team to identify each of these password use cases and understand why the user must use a password. +Your test users have provided you valuable information that describes the how, what, why and when they use a password. It is now time for your team to identify each of these password use cases and understand why the user must use a password. -Create a master list of the scenarios. Each scenario should have a clear problem statement. Name the scenario with a one-sentence summary of the problem statement. Include in the scenario the results of your team's investigation as to why the user is prompted by a password. Include relevant, but accurate details. If its policy or procedure driven, then include the name and section of the policy that dictates why the workflow uses a password. +Create a master list of the scenarios. Each scenario should have a clear problem statement. Name the scenario with a one-sentence summary of the problem statement. Include in the scenario the results of your team's investigation as to why the user is prompted by a password. Include relevant, but accurate details. If it is policy or procedure driven, then include the name and section of the policy that dictates why the workflow uses a password. -Keep in mind your test users will not uncover all scenarios. Some scenarios you will need to force on your users because they low percentage scenarios. Remember to include scenarios like: +Keep in mind your test users will not uncover all scenarios. Some scenarios you will need to force on your users because they are low percentage scenarios. Remember to include scenarios like: - Provisioning a new brand new user without a password. - Users who forget the PIN or other remediation flows when the strong credential is unusable. -Next, review your master list of scenarios. You can start with the workflows that are dictated by process or policy or, you can begin with workflows that need technical solutions-- whichever of the two is easier or quicker. This will certainly vary by organization. +Next, review your master list of scenarios. You can start with the workflows that are dictated by process or policy, or you can begin with workflows that need technical solutions - whichever of the two is easier or quicker. This will certainly vary by organization. -Start mitigating password usages based on the workflows of your targeted personas. Document the mitigation as a solution to your scenario. Don't worry about the implementation details for the solution. A overview of the changes needed to reduce the password usages is all you need. If there are technical changes needed either infrastructure or code changes-- the exact details will likely be included in the project documentation. However your organization tracks projects, create a new project in that system. Associate your scenario to that project and start the processes needed to get that project funded. +Start mitigating password usages based on the workflows of your targeted personas. Document the mitigation as a solution to your scenario. Don't worry about the implementation details for the solution. An overview of the changes needed to reduce the password usages is all you need. If there are technical changes needed, either infrastructure or code changes, the exact details will likely be included in the project documentation. However your organization tracks projects, create a new project in that system. Associate your scenario to that project and start the processes needed to get that project funded. -Mitigating password usage with applications is one or the more challenging obstacle in the journey to password-less. If your organization develops the application, then you are in better shape the common-off-the-shelf software (COTS). +Mitigating password usage with applications is one of the more challenging obstacles in the passwordless journey. If your organization develops the application, then you are in better shape the common-off-the-shelf software (COTS). -The ideal mitigation for applications that prompt the user for a password is to enable those enable those applications to use an existing authenticated identity, such as Azure Active Directory or Active Directory. Work with the applications vendors to have them add support for Azure identities. For on-premises applications, have the application use Windows integrated authentication. The goal for your users should be a seamless single sign-on experience where each user authenticates once-- when they sign-in to Windows. Use this same strategy for applications that store their own identities in their own databases. +The ideal mitigation for applications that prompt the user for a password is to enable those applications to use an existing authenticated identity, such as Azure Active Directory or Active Directory. Work with the applications vendors to have them add support for Azure identities. For on-premises applications, have the application use Windows integrated authentication. The goal for your users should be a seamless single sign-on experience where each user authenticates once when they sign-in to Windows. Use this same strategy for applications that store their own identities in their own databases. -Each scenario on your master list should now have a problem statement, an investigation as to why the password was used, and a mitigation plan on how to make the password usage go away. Armed with this data, one-by-one, close the gaps on user-visible passwords. Change policies and procedures as needed, make infrastructure changes where possible. Convert in-house applications to use federated identities or Windows integrated authentication. Work with third-party software vendors to update their software to support federated identities or Windows integrated authenticate. +Each scenario on your master list should now have a problem statement, an investigation as to why the password was used, and a mitigation plan on how to make the password usage go away. Armed with this data, one-by-one, close the gaps on user-visible passwords. Change policies and procedures as needed, make infrastructure changes where possible. Convert in-house applications to use federated identities or Windows integrated authentication. Work with third-party software vendors to update their software to support federated identities or Windows integrated authentication. #### Repeat until all user password usage is mitigated -Some or all of your mitigations are in place. You need to validate your solutions have solved their problem statements. This is where you rely on your test users. You want to keep a good portion of your first test users, but this is a good opportunity to replace a few or add a few. Survey test users workflow for password usage. If all goes well, you have closed most or all the gaps. A few are likely to remain. Evaluate your solutions and what went wrong, change your solution as needed until you reach a solution that removes your user's need to type a password. If your stuck, others might be too. Use the forums from various sources or your network of IT colleague to describe your problem and see how others are solving it. If your out of options, contact Microsoft for assistance. +Some or all of your mitigations are in place. You need to validate that your solutions have solved their problem statements. This is where you rely on your test users. You want to keep a good portion of your first test users, but this is a good opportunity to replace a few or add a few. Survey test users workflow for password usage. If all goes well, you have closed most or all of the gaps. A few are likely to remain. Evaluate your solutions and what went wrong, change your solution as needed until you reach a solution that removes your user's need to type a password. If you are stuck, others might be too. Use the forums from various sources or your network of IT colleagues to describe your problem and see how others are solving it. If you are out of options, contact Microsoft for assistance. -#### Remove password capabilities from the Windows -You believe you have mitigates all the password usage for the targeted work persona. Now comes the true test-- configure Windows so the user cannot use a password. +#### Remove password capabilities from Windows +You believe you have mitigated all the password usage for the targeted work persona. Now comes the true test - configure Windows so the user cannot use a password. -Windows provides two ways to prevent your users from using passwords. You can use an interactive logon security policy to only allow Windows Hello for Business sign-in and unlocks, or you can exclude the password credential provider. +Windows provides two ways to prevent your users from using passwords. You can use an interactive logon security policy to only allow Windows Hello for Business sign-in and unlocks, or you can exclude the password credential provider. -##### Security Policy -You can use Group Policy to deploy an interactive logon security policy setting to the computer. This policy setting is found under **Computer Configuration > Policies > Windows Settings > Local Policy > Security Options**. The name of the policy setting depends on the version of the operating systems you use to configure Group Policy. +##### Security Policy +You can use Group Policy to deploy an interactive logon security policy setting to the computer. This policy setting is found under **Computer Configuration > Policies > Windows Settings > Local Policy > Security Options**. The name of the policy setting depends on the version of the operating systems you use to configure Group Policy. ![securityPolicyLocation](images/passwordless/00-securityPolicy.png) **Windows Server 2016 and earlier** @@ -213,33 +213,33 @@ The policy name for these operating systems is **Interactive logon: Require smar The policy name for these operating systems is **Interactive logon: Require Windows Hello for Business or smart card**. ![securityPolicyRSAT](images/passwordless/00-updatedsecuritypolicytext.png) -When you enables this security policy setting, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card. +When you enable this security policy setting, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card. #### Excluding the password credential provider -You can use Group Policy to deploy an administrative template policy settings to the computer. This policy settings is found under **Computer Configuration > Policies > Administrative Templates > Logon** +You can use Group Policy to deploy an administrative template policy setting to the computer. This policy setting is found under **Computer Configuration > Policies > Administrative Templates > Logon** ![HideCredProvPolicy](images/passwordless/00-hidecredprov.png) -The name of the policy setting is **Exclude credential providers**. The value to enter in the policy to hide the password credential provider is **60b78e88-ead8-445c-9cfd-0b87f74ea6cd**. +The name of the policy setting is **Exclude credential providers**. The value to enter in the policy to hide the password credential provider is **60b78e88-ead8-445c-9cfd-0b87f74ea6cd**. ![HideCredProvPolicy2](images/passwordless/01-hidecredprov.png) -Excluding the password credential provider hides the password credential provider from Windows and any application that attempts to load it. This prevents the user from entering a password using the credential provider. However, this does not prevent applications from creating their own password collection dialogs and prompting the user for a password using custom dialogs. +Excluding the password credential provider hides the password credential provider from Windows and any application that attempts to load it. This prevents the user from entering a password using the credential provider. However, this does not prevent applications from creating their own password collection dialogs and prompting the user for a password using custom dialogs. -#### Validate all workflows do not need passwords -This is the big moment. You have identified password usage, developed solutions to mitigate password usage, and have removed or disabled password usage from Windows. In this configuration, your users will not be able to use a passwords. Users will be blocked is any of their workflows ask them for a password. Ideally, your test users should be able to complete all the work flows of the targeted work persona without any password usage. Do not forget those low percentage work flows, such as provisioning a new user or a user that forgot their PIN or cannot use their strong credential. Ensure those scenarios are validated as well. +#### Validate that none of the workflows needs passwords +This is the big moment. You have identified password usage, developed solutions to mitigate password usage, and have removed or disabled password usage from Windows. In this configuration, your users will not be able to use a password. Users will be blocked if any of their workflows ask them for a password. Ideally, your test users should be able to complete all the work flows of the targeted work persona without any password usage. Do not forget those low percentage work flows, such as provisioning a new user or a user that forgot their PIN or cannot use their strong credential. Ensure those scenarios are validated as well. -### Transition into a password-less deployment (Step 3) -Congratulations! You are ready to transition one or more portions of your organization to a password-less deployment. You have validated the targeted work-persona is ready to go where the user no longer needs to know or use their password. You are just few steps away from declaring success. +### Transition into a passwordless deployment (Step 3) +Congratulations! You are ready to transition one or more portions of your organization to a passwordless deployment. You have validated that the targeted work persona is ready to go where the user no longer needs to know or use their password. You are just a few steps away from declaring success. #### Awareness and user education -In this last step, you are going to include the remaining users that fit the targeted work persona to the wonderful world of password-less. Before you do this, you want to invest in an awareness campaign. +In this last step, you are going to include the remaining users that fit the targeted work persona to the wonderful world of password freedom. Before you do this, you want to invest in an awareness campaign. -An awareness campaign is introduces the users to the new way of authenticating to their device, such as using Windows Hello for Business. The idea of the campaign is to positively promote the change to the users in advance. Explain the value and why your company is changing. The campaign should provide dates and encourage questions and feedback. This campaign can coincide user education, where you can show the users the changes and, if your environment allows, enable the users to try the experience out. +An awareness campaign introduces the users to the new way of authenticating to their device, such as using Windows Hello for Business. The idea of the campaign is to positively promote the change to the users in advance. Explain the value and why your company is changing. The campaign should provide dates and encourage questions and feedback. This campaign can coincide with user education, where you can show the users the changes and, if your environment allows, enable the users to try out the experience. #### Including remaining users that fit the work persona -You have implemented the awareness campaign for the targeted users. These users are informed and ready to transition to password-less. Add the remaining users that match the targeted work persona to your deployment. +You have implemented the awareness campaign for the targeted users. These users are informed and ready to transition to being passwordless. Add the remaining users that match the targeted work persona to your deployment. -#### Validate **all** users of the work personas do not need passwords. -You have successfully transitioned all users for the targeted work persona to password-less. Monitor the users within the work persona to ensure they do not encounter any issues while working in a password-less environment. +#### Validate that none of the users of the work personas needs passwords +You have successfully transitioned all users for the targeted work persona to being passwordless. Monitor the users within the work persona to ensure they do not encounter any issues while working in a passwordless environment. Track all reported issues. Set priority and severity to each reported issue and have your team triage the issues appropriately. As you triage issues, some things to consider are: - Is the reporting user performing a task outside the work persona? @@ -247,24 +247,24 @@ Track all reported issues. Set priority and severity to each reported issue and - Is the outage a result of a misconfiguration? - Is the outage a overlooked gap from step 2? -Each organization's priority and severity will differ however most organizations consider work stoppages fairly significant. Your team should pre-define levels of priority and severity. With each of these levels, create service level agreements (SLAs) for each combination of severity and priority and hold everyone accountable to those agreements. Reactive planning enables people to spend more time on the issue and resolving it and less time on process. +Each organization's priority and severity will differ. However, most organizations consider work stoppages to be fairly significant. Your team should predefine levels of priority and severity. With each of these levels, create service level agreements (SLAs) for each combination of severity and priority, and hold everyone accountable to those agreements. Reactive planning enables people to spend more time on the issue and resolving it, and less time on the process. -Resolve the issues per your service level agreements. Higher severity items may require returning some or all of the user's password surface. Clearly this is not the end goal but, do not let this slow your password-less momentum. Refer to how you reduced the user's password surface in step 2 and progress forward to a solution, deploying that solution and validating. +Resolve the issues per your service level agreements. Higher severity items may require returning some or all of the user's password surface. Clearly this is not the end goal, but do not let this slow down your momentum towards becoming passwordless. Refer to how you reduced the user's password surface in step 2 and progress forward to a solution, deploying that solution and validating it. #### Configure user accounts to disallow password authentication. -You transitioned all the users for the targeted work persona to a password-less environment and you have successfully validated all their workflows. The last step to complete the password-less transition is to remove the user's knowledge of the password and prevent the authenticating authority from accepting passwords. +You transitioned all the users for the targeted work persona to a passwordless environment and you have successfully validated all their workflows. The last step to complete the passwordless transition is to remove the user's knowledge of the password and prevent the authenticating authority from accepting passwords. You can change the user's password to random data and prevent domain controllers from allowing users to use passwords for interactive sign-ins using an account configuration on the user object. The account options on a user account includes an option -- **Smart card is required for interactive logon**, also known as (SCRIL). > [!NOTE] -> Do not confuse the Interactive Logon security policy for SCRIL. Security policies are enforced on the client (locally). A user account configured for SCRIL is enforced at the domain controller. +> Do not confuse the Interactive Logon security policy for SCRIL. Security policies are enforced on the client (locally). A user account configured for SCRIL is enforced at the domain controller. ![SCRIL setting on AD Users and Computers](images/passwordless/00-scril-dsa.png) **SCRIL setting for a user on Active Directory Users and Computers.** -When you configure an user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account do not allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level do not expire. The users is effectively password-less because: +When you configure a user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account do not allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level do not expire. The users are effectively passwordless because: - the do not know their password. - their password is 128 random bits of data and is likely to include non-typable characters. - the user is not asked to change their password @@ -274,7 +274,7 @@ When you configure an user account for SCRIL, Active Directory changes the affec **SCRIL setting for a user in Active Directory Administrative Center on Windows Server 2012.** > [!NOTE] -> Although a SCRIL user's password never expires in early domains, you can toggle the SCRIL configuration on a user account (clear the check box, save the settings, select the check box and save the settings) to generate a new random 128 bit password. However, you should consider upgrading the domain to Windows Server 2016 domain forest functional level and allow the domain controller to do this for you automatically. +> Although a SCRIL user's password never expires in early domains, you can toggle the SCRIL configuration on a user account (clear the check box, save the settings, select the check box and save the settings) to generate a new random 128 bit password. However, you should consider upgrading the domain to Windows Server 2016 domain forest functional level and allow the domain controller to do this for you automatically. ![SCRIL setting from ADAC on Windows Server 2016](images/passwordless/01-scril-adac-2016.png) **SCRIL setting for a user in Active Directory Administrative Center on Windows Server 2016.** @@ -283,14 +283,14 @@ When you configure an user account for SCRIL, Active Directory changes the affec > Windows Hello for Business was formerly known as Microsoft Passport. ##### Automatic password change for SCRIL configured users -Domains configured for Windows Server 2016 domain functional level can further secure the unknown password for a SCRIL enabled users by configuring the domain to automatically change the password for SCRIL users. +Domains configured for Windows Server 2016 domain functional level can further secure the unknown password for SCRIL-enabled users by configuring the domain to automatically change the password for SCRIL users. -In this configuration, passwords for SCRIL configured users expired based on Active Directory password policy settings. When the SCRIL user authentication from a domain controller, the domain controller recognizes the password has expired, and automatically generates a new random 128 bit password for the user as part of the authentication. What is great about this feature is your users do not experience any change password notifications or experience any authentication outages. +In this configuration, passwords for SCRIL-configured users expire based on Active Directory password policy settings. When the SCRIL user authenticates from a domain controller, the domain controller recognizes the password has expired, and automatically generates a new random 128 bit password for the user as part of the authentication. What is great about this feature is your users do not experience any change password notifications or any authentication outages. ![Rotate Password 2016](images/passwordless/02-rotate-scril-2016.png) > [!NOTE] -> Some components within Windows 10, such as Data Protection APIs and NTLM authentication, still need artifacts of a user possessing a password. This configuration provides interoperability with while reducing the usage surface while Microsoft continues to close the gaps to remove the password completely. +> Some components within Windows 10, such as Data Protection APIs and NTLM authentication, still need artifacts of a user possessing a password. This configuration provides interoperability by reducing the usage surface while Microsoft continues to close the gaps to remove the password completely. ## The Road Ahead -The information presented here is just the beginning. We will update this guide with improved tool and methods and scenarios, like Azure AD joined and MDM managed environments, As we continue to invest in password-less, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback). +The information presented here is just the beginning. We will update this guide with improved tools, methods, and scenarios, like Azure AD joined and MDM managed environments. As we continue to invest in a passwordless future, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback). diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md index b6001998ed..d55a5400cc 100644 --- a/windows/security/identity-protection/index.md +++ b/windows/security/identity-protection/index.md @@ -17,7 +17,7 @@ ms.date: 02/05/2018 # Identity and access management -Learn more about identity annd access management technologies in Windows 10 and Windows 10 Mobile. +Learn more about identity and access management technologies in Windows 10 and Windows 10 Mobile. | Section | Description | |-|-| diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 8029b9b1b9..acd70ac9ea 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -206,7 +206,7 @@ This command returns the volumes on the target, current encryption status and vo For example, suppose that you want to enable BitLocker on a computer without a TPM chip. To properly enable BitLocker for the operating system volume, you will need to use a USB flash drive as a startup key to boot (in this example, the drive letter E). You would first create the startup key needed for BitLocker using the –protectors option and save it to the USB drive on E: and then begin the encryption process. You will need to reboot the computer when prompted to complete the encryption process. -``` syntax +```powershell manage-bde –protectors -add C: -startupkey E: manage-bde -on C: ``` @@ -237,7 +237,7 @@ Data volumes use the same syntax for encryption as operating system volumes but A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn BitLocker on. -``` syntax +```powershell manage-bde -protectors -add -pw C: manage-bde -on C: ``` @@ -382,13 +382,13 @@ Occasionally, all protectors may not be shown when using Get-BitLockerVo If you wanted to remove the existing protectors prior to provisioning BitLocker on the volume, you can utilize the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed. A simple script can pipe the values of each **Get-BitLockerVolume** return out to another variable as seen below: -``` syntax +```powershell $vol = Get-BitLockerVolume $keyprotectors = $vol.KeyProtector ``` Using this, we can display the information in the **$keyprotectors** variable to determine the GUID for each protector. Using this information, we can then remove the key protector for a specific volume using the command: -``` syntax +```powershell Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}" ``` > **Note:**  The BitLocker cmdlet requires the key protector GUID enclosed in quotation marks to execute. Ensure the entire GUID, with braces, is included in the command. @@ -398,19 +398,19 @@ Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}" Using the BitLocker Windows PowerShell cmdlets is similar to working with the manage-bde tool for encrypting operating system volumes. Windows PowerShell offers users a lot of flexibility. For example, users can add the desired protector as part command for encrypting the volume. Below are examples of common user scenarios and steps to accomplish them using the BitLocker cmdlets for Windows PowerShell. To enable BitLocker with just the TPM protector. This can be done using the command: -``` syntax +```powershell Enable-BitLocker C: ``` The example below adds one additional protector, the StartupKey protectors, and chooses to skip the BitLocker hardware test. In this example, encryption starts immediately without the need for a reboot. -``` syntax +```powershell Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath -SkipHardwareTest ``` ### Data volume Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user defined password. Last, encryption begins. -``` syntax +```powershell $pw = Read-Host -AsSecureString Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw @@ -423,12 +423,12 @@ The ADAccountOrGroup protector is an Active Directory SID-based protector. This To add an ADAccountOrGroup protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G. -``` syntax +```powershell Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator ``` For users who wish to use the SID for the account or group, the first step is to determine the SID associated with the account. To get the specific SID for a user account in Windows PowerShell, use the following command: -``` syntax +```powershell get-aduser -filter {samaccountname -eq "administrator"} ``` > **Note:**  Use of this command requires the RSAT-AD-PowerShell feature. @@ -437,7 +437,7 @@ get-aduser -filter {samaccountname -eq "administrator"} In the example below, the user wishes to add a domain SID based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command: -``` syntax +```powershell Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup "" ``` > **Note:**  Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes. @@ -469,7 +469,7 @@ Administrators who prefer a command line interface can utilize manage-bde to che To check the status of a volume using manage-bde, use the following command: -``` syntax +```powershell manage-bde -status ``` > **Note:**  If no volume letter is associated with the -status command, all volumes on the computer display their status. @@ -480,7 +480,7 @@ Windows PowerShell commands offer another way to query BitLocker status for volu Using the Get-BitLockerVolume cmdlet, each volume on the system will display its current BitLocker status. To get information that is more detailed on a specific volume, use the following command: -``` syntax +```powershell Get-BitLockerVolume -Verbose | fl ``` This command will display information about the encryption method, volume type, key protectors, etc. @@ -506,12 +506,12 @@ Once decryption is complete, the drive will update its status in the control pan Decrypting volumes using manage-bde is very straightforward. Decryption with manage-bde offers the advantage of not requiring user confirmation to start the process. Manage-bde uses the -off command to start the decryption process. A sample command for decryption is: -``` syntax +```powershell manage-bde -off C: ``` This command disables protectors while it decrypts the volume and removes all protectors when decryption is complete. If a user wishes to check the status of the decryption, they can use the following command: -``` syntax +```powershell manage-bde -status C: ``` ### Decrypting volumes using the BitLocker Windows PowerShell cmdlets @@ -520,12 +520,12 @@ Decryption with Windows PowerShell cmdlets is straightforward, similar to manage Using the Disable-BitLocker command, they can remove all protectors and encryption at the same time without the need for additional commands. An example of this command is: -``` syntax +```powershell Disable-BitLocker ``` If a user did not want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is: -``` syntax +```powershell Disable-BitLocker -MountPoint E:,F:,G: ``` ## See also diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index 70ba14d6a6..f8d1a6e1f9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -52,14 +52,14 @@ The `servermanager` Windows PowerShell module can use either the `Install-Window By default, installation of features in Windows PowerShell does not include optional sub-features or management tools as part of the install process. This can be seen using the `-WhatIf` option in Windows PowerShell. -``` syntax +```powershell Install-WindowsFeature BitLocker -WhatIf ``` The results of this command show that only the BitLocker Drive Encryption feature installs using this command. To see what would be installed with the BitLocker feature including all available management tools and sub-features, use the following command: -``` syntax +```powershell Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -WhatIf | fl ``` @@ -75,7 +75,7 @@ The result of this command displays the following list of all the administration The command to complete a full installation of the BitLocker feature with all available features and then rebooting the server at completion is: -``` syntax +```powershell Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -Restart ``` @@ -85,7 +85,7 @@ Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools - The `dism` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism` module does not support wildcards when searching for feature names. To list feature names for the `dism` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command will list all of the optional features in an online (running) operating system. -``` syntax +```powershell Get-WindowsOptionalFeature -Online | ft ``` @@ -93,13 +93,13 @@ From this output, we can see that there are three BitLocker related optional fea To install BitLocker using the `dism` module, use the following command: -``` syntax +```powershell Enable-WindowsOptionalFeature -Online -FeatureName BitLocker -All ``` This command will prompt the user for a reboot. The Enable-WindowsOptionalFeature cmdlet does not offer support for forcing a reboot of the computer. This command does not include installation of the management tools for BitLocker. For a complete installation of BitLocker and all available management tools, use the following command: -``` syntax +```powershell Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilities -All ``` ## More information diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 6545ca0992..49b3e4f60f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -313,7 +313,7 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many - Verify the clients were rebooted after applying the policy. - Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer: - ``` syntax + ```powershell manage-bde –protectors –get C: ``` >**Note:** Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md index f21beec5e9..bde16da8e3 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md @@ -278,26 +278,25 @@ You can reset the recovery password in two ways: 1. Remove the previous recovery password - ``` syntax + ```powershell Manage-bde –protectors –delete C: –type RecoveryPassword ``` 2. Add the new recovery password - ``` syntax + ```powershell Manage-bde –protectors –add C: -RecoveryPassword - ``` 3. Get the ID of the new recovery password. From the screen copy the ID of the recovery password. - ``` syntax + ```powershell Manage-bde –protectors –get C: -Type RecoveryPassword - ``` + 4. Backup the new recovery password to AD DS - ``` syntax + ```powershell Manage-bde –protectors –adbackup C: -id {EXAMPLE6-5507-4924-AA9E-AFB2EB003692} ``` >**Warning:**  You must include the braces in the ID string. @@ -315,7 +314,7 @@ You can reset the recovery password in two ways: You can use the following sample script to create a VBScript file to reset the recovery passwords. -``` syntax +```vb ' Target drive letter strDriveLetter = "c:" ' Target computer name @@ -404,7 +403,7 @@ The following sample script exports all previously-saved key packages from AD D You can use the following sample script to create a VBScript file to retrieve the BitLocker key package from AD DS. -``` syntax +```vb ' -------------------------------------------------------------------------------- ' Usage ' -------------------------------------------------------------------------------- @@ -551,7 +550,7 @@ The following sample script exports a new key package from an unlocked, encrypte **cscript GetBitLockerKeyPackage.vbs -?** -``` syntax +```vb ' -------------------------------------------------------------------------------- ' Usage ' -------------------------------------------------------------------------------- diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index 30fea18843..20ab73acfb 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -46,7 +46,7 @@ Listed below are examples of basic valid commands for operating system volumes. A good practice when using manage-bde is to determine the volume status on the target system. Use the following command to determine volume status: -``` syntax +```powershell manage-bde -status ``` This command returns the volumes on the target, current encryption status, encryption method, and volume type (operating system or data) for each volume: @@ -55,7 +55,7 @@ This command returns the volumes on the target, current encryption status, encry The following example illustrates enabling BitLocker on a computer without a TPM chip. Before beginning the encryption process you must create the startup key needed for BitLocker and save it to the USB drive. When BitLocker is enabled for the operating system volume, the BitLocker will need to access the USB flash drive to obtain the encryption key (in this example, the drive letter E represents the USB drive). You will be prompted to reboot to complete the encryption process. -``` syntax +```powershell manage-bde –protectors -add C: -startupkey E: manage-bde -on C: ``` @@ -64,7 +64,7 @@ manage-bde -on C: An alternative to the startup key protector on non-TPM hardware is to use a password and an **ADaccountorgroup** protector to protect the operating system volume. In this scenario, you would add the protectors first. This is done with the command: -``` syntax +```powershell manage-bde -protectors -add C: -pw -sid ``` @@ -72,13 +72,13 @@ This command will require you to enter and then confirm the password protector b On computers with a TPM it is possible to encrypt the operating system volume without any defined protectors using manage-bde. The command to do this is: -``` syntax +```powershell manage-bde -on C: ``` This will encrypt the drive using the TPM as the default protector. If you are not sure if a TPM protector is available, to list the protectors available for a volume, run the following command: -``` syntax +```powershell manage-bde -protectors -get ``` ### Using manage-bde with data volumes @@ -87,7 +87,7 @@ Data volumes use the same syntax for encryption as operating system volumes but A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn BitLocker on. -``` syntax +```powershell manage-bde -protectors -add -pw C: manage-bde -on C: ``` @@ -257,7 +257,7 @@ If you want to remove the existing protectors prior to provisioning BitLocker on A simple script can pipe the values of each Get-BitLockerVolume return out to another variable as seen below: -``` syntax +```powershell $vol = Get-BitLockerVolume $keyprotectors = $vol.KeyProtector ``` @@ -266,7 +266,7 @@ Using this, you can display the information in the $keyprotectors variable to de Using this information, you can then remove the key protector for a specific volume using the command: -``` syntax +```powershell Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}" ``` @@ -278,13 +278,13 @@ Using the BitLocker Windows PowerShell cmdlets is similar to working with the ma The following example shows how to enable BitLocker on an operating system drive using only the TPM protector: -``` syntax +```powershell Enable-BitLocker C: - ``` + In the example below, adds one additional protector, the StartupKey protector and chooses to skip the BitLocker hardware test. In this example, encryption starts immediately without the need for a reboot. -``` syntax +```powershell Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath -SkipHardwareTest ``` @@ -293,7 +293,7 @@ Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath -SkipHardwareTes Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user defined password. -``` syntax +```powershell $pw = Read-Host -AsSecureString Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw @@ -306,7 +306,7 @@ The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2 To add an **ADAccountOrGroup** protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G. -``` syntax +```powershell Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator ``` @@ -314,7 +314,7 @@ For users who wish to use the SID for the account or group, the first step is to >**Note:**  Use of this command requires the RSAT-AD-PowerShell feature. -``` syntax +```powershell get-aduser -filter {samaccountname -eq "administrator"} ``` @@ -322,7 +322,7 @@ get-aduser -filter {samaccountname -eq "administrator"} The following example adds an **ADAccountOrGroup** protector to the previously encrypted operating system volume using the SID of the account: -``` syntax +```powershell Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup S-1-5-21-3651336348-8937238915-291003330-500 ``` diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index e19f192e4c..01c9fe213f 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -66,13 +66,13 @@ BitLocker encryption is available for disks before or after addition to a cluste 2. Ensure the disk is formatted NTFS and has a drive letter assigned to it. 3. Identify the name of the cluster with Windows PowerShell. - ``` syntax + ```powershell Get-Cluster - ``` + 4. Enable BitLocker on the volume of your choice with an **ADAccountOrGroup** protector, using the cluster name. For example, use a command such as: - ``` syntax + ```powershell Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$ ``` @@ -88,32 +88,32 @@ When the cluster service owns a disk resource already, it needs to be set into m 1. Install the BitLocker Drive Encryption feature if it is not already installed. 2. Check the status of the cluster disk using Windows PowerShell. - ``` syntax + ```powershell Get-ClusterResource "Cluster Disk 1" ``` 3. Put the physical disk resource into maintenance mode using Windows PowerShell. - ``` syntax + ```powershell Get-ClusterResource "Cluster Disk 1" | Suspend-ClusterResource ``` 4. Identify the name of the cluster with Windows PowerShell. - ``` syntax + ```powershell Get-Cluster ``` 5. Enable BitLocker on the volume of your choice with an **ADAccountOrGroup** protector, using the cluster name. For example, use a command such as: - ``` syntax + ```powershell Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$ ``` >**Warning:**  You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster. 6. Use **Resume-ClusterResource** to take the physical disk resource back out of maintenance mode: - ``` syntax + ```powershell Get-ClusterResource "Cluster Disk 1" | Resume-ClusterResource ``` @@ -146,7 +146,7 @@ You can also use manage-bde to enable BitLocker on clustered volumes. The steps 6. Once the disk is online in the storage pool, it can be added to a CSV by right clicking on the disk resource and choosing "**Add to cluster shared volumes**". CSVs can include both encrypted and unencrypted volumes. To check the status of a particular volume for BitLocker encryption, administrators can utilize the manage-bde -status command with a path to the volume inside the CSV namespace as seen in the example command line below. -``` syntax +```powershell manage-bde -status "C:\ClusterStorage\volume1" ``` diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index 08af5d2456..96b109ce32 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -172,6 +172,17 @@ You can try any of the processes included in these scenarios, but you should foc
    Stop Google Drive from syncing WIP protected files and folders. +
      +
    • In silent configuration, add Google Drive to Protected Apps and set it to Deny. This way, Google Drive will not sync WIP protected files and folders.
      • +
    • Google Drive details
      • + Publisher=O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US + File=GOOGLEDRIVESYNC.EXE +
    +
    >[!NOTE] diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index c5c5466214..d72c39898d 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -39,6 +39,26 @@ To complete this procedure, you must be logged on as a member of the built-in Ad - To audit failure events, click **Fail.** - To audit all events, click **All.** + + +6. In the **Applies to** box, select the object(s) that the audit of events will apply to. These include: + + - **This folder only** + - **This folder, subfolders and files** + - **This folder and subfolders** + - **This folder and files** + - **Subfolders and files only** + - **Subfolders only** + - **Files only** + +7. By default, the selected **Basic Permissions** to audit are the following: + - **Read and execute** + - **List folder contents** + - **Read** + - Additionally, you can choose **Full control**, **Modify**, and/or **Write** permissions with your selected audit combination. + + + > **Important:**  Before setting up auditing for files and folders, you must enable [object access auditing](basic-audit-object-access.md) by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.   ## Additional considerations diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md index 163c584492..2ca7cca35a 100644 --- a/windows/security/threat-protection/auditing/event-4612.md +++ b/windows/security/threat-protection/auditing/event-4612.md @@ -30,9 +30,9 @@ There is no example of this event in this document. ***Event Schema:*** -*Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. * +*Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.* -*Number of audit messages discarded: %1 * +*Number of audit messages discarded: %1* *This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk, or when the auditing system loses connectivity to the event log, such as when the event log service is stopped.* diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index be8925c8ba..9231f28b82 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -48,7 +48,7 @@ It appears that this event never occurs. *LPC Server Port Name:%6* -*Windows Local Security Authority (LSA) communicates with the Windows kernel using Local Procedure Call (LPC) ports. If you see this event, an application has inadvertently or intentionally accessed this port which is reserved exclusively for LSA’s use. The application (process) should be investigated to ensure that it is not attempting to tamper with this communications channel." * +*Windows Local Security Authority (LSA) communicates with the Windows kernel using Local Procedure Call (LPC) ports. If you see this event, an application has inadvertently or intentionally accessed this port which is reserved exclusively for LSA’s use. The application (process) should be investigated to ensure that it is not attempting to tamper with this communications channel."* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index f3c3ed088b..2ca7e8267c 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -138,7 +138,7 @@ This event generates when a logon session is created (on destination machine). I - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4672](event-4672.md)(S): Special privileges assigned to new logon.” -**Logon Information** \[Version 2\]**: ** +**Logon Information** \[Version 2\]**:** - **Logon Type** \[Version 0, 1, 2\] \[Type = UInt32\]**:** the type of logon which was performed. The table below contains the list of possible values for this field. diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index 95a2dfe34f..45dcd000c9 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -142,7 +142,7 @@ Before this event can generate, certain ACEs might need to be set in the object - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the object. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index 8e1fe42fab..94d84a85cf 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -151,7 +151,7 @@ This event generates every time a new process starts. - **New Process Name** \[Type = UnicodeString\]**:** full path and the name of the executable for the new process. -- **Token Elevation Type** \[Type = UnicodeString\]**: ** +- **Token Elevation Type** \[Type = UnicodeString\]**:** - **TokenElevationTypeDefault (1):** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC disabled by default), service account or local system account. diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index f9b06a7a3b..f78b83ef3c 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -99,7 +99,7 @@ You will see unique event for every user. - **Account Name** \[Type = SID\]: the SID of security principal for which user rights were assigned. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**New Right: ** +**New Right:** - **User Right** \[Type = UnicodeString\]: the list of assigned user rights. This event generates only for *user* rights, not logon rights. Here is the list of possible user rights: diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index d009b73786..09c240e026 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -99,7 +99,7 @@ You will see unique event for every user. - **Account Name** \[Type = SID\]: the SID of security principal for which user rights were removed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**Removed Right: ** +**Removed Right:** - **User Right** \[Type = UnicodeString\]: the list of removed user rights. This event generates only for *user* rights, not logon rights. Here is the list of possible user rights: diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 38d46d5ace..c51f51c999 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -100,7 +100,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - **New Security Descriptor** \[Type = UnicodeString\]**:** new Security Descriptor Definition Language (SDDL) value for the audit policy. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index f04223bd5b..13f2c744aa 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -99,7 +99,7 @@ You will see unique event for every user if logon user rights were granted to mu - **Account Name** \[Type = SID\]: the SID of the security principal for which logon right was granted. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**Access Granted: ** +**Access Granted:** - **Access Right** \[Type = UnicodeString\]: the name of granted logon right. This event generates only for [logon rights](https://technet.microsoft.com/library/cc728212(v=ws.10).aspx), which are as follows: diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index a86f9f5168..9bb398d835 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -99,7 +99,7 @@ You will see unique event for every user if logon user rights were removed for m - **Account Name** \[Type = SID\]: the SID of the security principal for which logon right was removed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**Access Removed: ** +**Access Removed:** - **Access Right** \[Type = UnicodeString\]: the name of removed logon right. This event generates only for [logon rights](https://technet.microsoft.com/library/cc728212(v=ws.10).aspx), which are as follows: diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 8597d956a6..faa3dcf853 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -266,7 +266,7 @@ For 4738(S): A user account was changed. |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Display Name**
    **User Principal Name**
    **Home Directory**
    **Home Drive**
    **Script Path**
    **Profile Path**
    **User Workstations**
    **Password Last Set**
    **Account Expires**
    **Primary Group ID
    Logon Hours** | We recommend monitoring all changes for these fields for critical domain and local accounts. | | **Primary Group ID** is not 513 | Typically, the **Primary Group** value is 513 for domain and local users. Other values should be monitored. | -| For user accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set> ** | If **AllowedToDelegateTo** is marked **<value not set>** on user accounts that previously had a services list (on the **Delegation** tab), it means the list was cleared. | +| For user accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set>** | If **AllowedToDelegateTo** is marked **<value not set>** on user accounts that previously had a services list (on the **Delegation** tab), it means the list was cleared. | | **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | - Consider whether to track the following user account control flags: diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index 22ae105d96..b39135ee00 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -276,7 +276,7 @@ For 4742(S): A computer account was changed. | **Display Name** is not -
    **User Principal Name** is not -
    **Home Directory** is not -
    **Home Drive** is not -
    **Script Path** is not -
    **Profile Path** is not -
    **User Workstations** is not -
    **Account Expires** is not -
    **Logon Hours** is not **-** | Typically these fields are **-** for computer accounts. Other values might indicate an anomaly and should be monitored. | | **Password Last Set** changes occur more often than usual | Changes that are more frequent than the default (typically once a month) might indicate an anomaly or attack. | | **Primary Group ID** is not 516, 521, or 515 | Typically, the **Primary Group ID** value is one of the following:
    **516** for domain controllers
    **521** for read only domain controllers (RODCs)
    **515** for servers and workstations (domain computers)
    Other values should be monitored. | -| For computer accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set> ** | If **AllowedToDelegateTo** is marked **<value not set>** on computers that previously had a services list (on the **Delegation** tab), it means the list was cleared. | +| For computer accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set>** | If **AllowedToDelegateTo** is marked **<value not set>** on computers that previously had a services list (on the **Delegation** tab), it means the list was cleared. | | **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | - Consider whether to track the following account control flags: diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index 74ffbb09b0..efdf01da8a 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -116,7 +116,7 @@ Separate events will be generated for “Registry” and “File system” polic | Job | Port | FilterConnectionPort | | | ALPC Port | Semaphore | Adapter | | -- **Object Name: ** +- **Object Name:** - Key – if “Registry” Global Object Access Auditing policy was changed. @@ -128,7 +128,7 @@ Separate events will be generated for “Registry” and “File system” polic - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the Global Object Access Auditing policy. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index e62c824d10..62ced88fe8 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -44,7 +44,7 @@ There is no example of this event in this document. *Security ID:%7* -*New Flags:%8 * +*New Flags:%8* ***Required Server Roles:*** Active Directory domain controller. diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index f74c140ce4..34454c6d14 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -159,7 +159,7 @@ This event doesn't generate for Active Directory objects. - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the object. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index cc73362f36..d385a72649 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -152,7 +152,7 @@ Resource attributes for file or folder can be changed, for example, using Window - **New Security Descriptor** \[Type = UnicodeString\]**:** the Security Descriptor Definition Language (SDDL) value for the new resource attributes. See more information in **Resource Attributes\\Original Security Descriptor** field section for this event. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index f8dcd9f29b..3be7e9bec3 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -156,7 +156,7 @@ This event always generates, regardless of the object’s [SACL](https://msdn.mi - **New Security Descriptor** \[Type = UnicodeString\]**:** the Security Descriptor Definition Language (SDDL) value for the new Central Policy ID (for the policy that has been applied to the object). See more information in **Central Policy ID\\Original Security Descriptor** field section for this event. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index 81e6052b16..c7f46521ae 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -141,7 +141,7 @@ This event generates every time network share object was modified. - **New SD** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for network share security descriptor. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 696faaadce..f5ec73669e 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -177,7 +177,7 @@ REQUESTED\_ACCESS: RESULT ACE\_WHICH\_ ALLOWED\_OR\_DENIED\_ACCESS. - ACE\_WHICH\_ ALLOWED\_OR\_DENIED\_ACCESS: the Security Descriptor Definition Language (SDDL) value for Access Control Entry (ACE), which granted or denied access. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **    Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index 4d84e4bb68..c1f8d98680 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -52,7 +52,7 @@ There is no example of this event in this document. > > *Layer Name:%9* > -> *Layer Run-Time ID:%10 * +> *Layer Run-Time ID:%10* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index 25faaeb212..699a093def 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -52,7 +52,7 @@ There is no example of this event in this document. > > *Layer Name:%9* > -> *Layer Run-Time ID:%10 * +> *Layer Run-Time ID:%10* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index d018fdee5e..7a379132bc 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -30,7 +30,7 @@ There is no example of this event in this document. *BranchCache: Received an incorrectly formatted response while discovering availability of content.* -*IP address of the client that sent this response:%1 * +*IP address of the client that sent this response:%1* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index 9f647bcec8..1ce4c083dd 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: Received invalid data from a peer. Data discarded. * +*BranchCache: Received invalid data from a peer. Data discarded.* *IP address of the client that sent this data:%1* diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index 5002d2167c..dde20455d3 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: The message to the hosted cache offering it data is incorrectly formatted. * +*BranchCache: The message to the hosted cache offering it data is incorrectly formatted.* *IP address of the client that sent this message: %1* diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index 29629cb6a7..e8020581ad 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: The hosted cache sent an incorrectly formatted response to the client’s message to offer it data. * +*BranchCache: The hosted cache sent an incorrectly formatted response to the client’s message to offer it data.* *Domain name of the hosted cache is:%1* diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index 0505b241b2..43228f26be 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. * +*BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.* *Domain name of the hosted cache:%1* diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md index 8f28ea3891..e1f76dbf69 100644 --- a/windows/security/threat-protection/auditing/event-6409.md +++ b/windows/security/threat-protection/auditing/event-6409.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: A service connection point object could not be parsed. * +*BranchCache: A service connection point object could not be parsed.* *SCP object GUID: %1* diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 05cbed96aa..97a809c8de 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -141,7 +141,7 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf **[Microsoft Threat Protection](microsoft-defender-atp/threat-protection-integration.md)**
    Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization. - [Conditional access](microsoft-defender-atp/conditional-access.md) -- [O365 ATP](microsoft-defender-atp/threat-protection-integration.md) +- [Office 365 ATP](microsoft-defender-atp/threat-protection-integration.md) - [Azure ATP](microsoft-defender-atp/threat-protection-integration.md) - [Azure Security Center](microsoft-defender-atp/threat-protection-integration.md) - [Skype for Business](microsoft-defender-atp/threat-protection-integration.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index a3455dcc67..0379951dbd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -58,10 +58,10 @@ The Windows Defender AV threat severity represents the absolute severity of the The Microsoft Defender ATP alert severity represents the severity of the detected behavior, the actual risk to the machine but more importantly the potential risk to the organization. So, for example: -- The severity of a Microsoft Defender ATP alert about a Windows Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage incurred. -- An alert about a commercial malware was detected while executing, but blocked and remediated by Windows Defender AV, is categorized as "Low" because it may have caused some damage to the individual machine but poses no organizational threat. -- An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High". -- Suspicious behavioral alerts which were not blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations. +- The severity of a Microsoft Defender ATP alert about a Windows Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage incurred. +- An alert about a commercial malware was detected while executing, but blocked and remediated by Windows Defender AV, is categorized as "Low" because it may have caused some damage to the individual machine but poses no organizational threat. +- An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High". +- Suspicious behavioral alerts which were not blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations. #### Understanding alert categories We've redefined the alert categories to align to the [enterprise attack tactics](https://attack.mitre.org/tactics/enterprise/) in the [MITRE ATT&CK matrix](https://attack.mitre.org/). New category names apply to all new alerts. Existing alerts will retain the previous category names. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md index d12bc037b7..bdc69b1a68 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md @@ -1,6 +1,8 @@ --- title: Configure managed security service provider support -description: Take the necessary steps to configure the MSSP integration with Microsoft Defender ATP + +description: Take the necessary steps to configure the MSSP integration with Windows Defender ATP + keywords: managed security service provider, mssp, configure, integration search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -21,9 +23,11 @@ ms.date: 09/03/2018 # Configure managed security service provider integration **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink) + [!include[Prerelease information](prerelease.md)] @@ -35,19 +39,23 @@ You'll need to take the following configuration steps to enable the managed secu > - MSSP customers: Organizations that engage the services of MSSPs. The integration will allow MSSPs to take the following actions: -- Get access to MSSP customer's Microsoft Defender Security Center portal + +- Get access to MSSP customer's Windows Defender Security Center portal - Get email notifications, and - Fetch alerts through security information and event management (SIEM) tools -Before MSSPs can take these actions, the MSSP customer will need to grant access to their Microsoft Defender ATP tenant so that the MSSP can access the portal. +Before MSSPs can take these actions, the MSSP customer will need to grant access to their Windows Defender ATP tenant so that the MSSP can access the portal. + Typically, MSSP customers take the initial configuration steps to grant MSSPs access to their Windows Defender Security Central tenant. After access is granted, other configuration steps can be done by either the MSSP customer or the MSSP. In general, the following configuration steps need to be taken: -- **Grant the MSSP access to Microsoft Defender Security Center**
    -This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Microsoft Defender ATP tenant. + +- **Grant the MSSP access to Windows Defender Security Center**
    +This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Windows Defender ATP tenant. + - **Configure alert notifications sent to MSSPs**
    This action can be taken by either the MSSP customer or MSSP. This lets the MSSPs know what alerts they need to address for the MSSP customer. @@ -61,31 +69,36 @@ This action is taken by the MSSP. It allows MSSPs to fetch alerts using APIs. ## Grant the MSSP access to the portal ->[!NOTE] + +>[!NOTE] > These set of steps are directed towards the MSSP customer.
    > Access to the portal can only be done by the MSSP customer. -As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Microsoft Defender Security Center. +As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Windows Defender Security Center. + Authentication and authorization of the MSSP user is built on top of Azure Active Directory (Azure AD) B2B functionality. You'll need to take the following 2 steps: - Add MSSP user to your tenant as a guest user -- Grant MSSP user access to Microsoft Defender Security Center + +- Grant MSSP user access to Windows Defender Security Center + ### Add MSSP user to your tenant as a guest user Add a user who is a member of the MSSP tenant to your tenant as a guest user. To grant portal access to the MSSP, you must add the MSSP user to your Azure AD as a guest user. For more information, see [Add Azure Active Directory B2B collaboration users in the Azure portal](https://docs.microsoft.com/azure/active-directory/b2b/add-users-administrator). - -### Grant MSSP user access to Microsoft Defender Security Center -Grant the guest user access and permissions to your Microsoft Defender Security Center tenant. + +### Grant MSSP user access to Windows Defender Security Center +Grant the guest user access and permissions to your Windows Defender Security Center tenant. Granting access to guest user is done the same way as granting access to a user who is a member of your tenant. If you're using basic permissions to access the portal, the guest user must be assigned a Security Administrator role in **your** tenant. For more information, see [Use basic permissions to access the portal](basic-permissions.md). -If you're using role-based access control (RBAC), the guest user must be to added to the appropriate group or groups in **your** tenant. Fore more information on RBAC in Microsoft Defender ATP, see [Manage portal access using RBAC](rbac.md). +If you're using role-based access control (RBAC), the guest user must be to added to the appropriate group or groups in **your** tenant. Fore more information on RBAC in Windows Defender ATP, see [Manage portal access using RBAC](rbac.md). + >[!NOTE] >There is no difference between the Member user and Guest user roles from RBAC perspective. @@ -94,12 +107,14 @@ It is recommended that groups are created for MSSPs to make authorization access As a MSSP customer, you can always remove or modify the permissions granted to the MSSP by updating the Azure AD user groups. -## Access the Microsoft Defender Security Center MSSP customer portal + +## Access the Windows Defender Security Center MSSP customer portal ->[!NOTE] +>[!NOTE] >These set of steps are directed towards the MSSP. -By default, MSSP customers access their Microsoft Defender Security Center tenant through the following URL: `https://securitycenter.windows.com`. +By default, MSSP customers access their Windows Defender Security Center tenant through the following URL: `https://securitycenter.windows.com`. + MSSPs however, will need to use a tenant-specific URL in the following format: `https://securitycenter.windows.com?tid=customer_tenant_id` to access the MSSP customer portal. @@ -123,7 +138,9 @@ Use the following steps to obtain the MSSP customer tenant ID and then use the I After access the portal is granted, alert notification rules can to be created so that emails are sent to MSSPs when alerts associated with the tenant are created and set conditions are met. + For more information, see [Create rules for alert notifications](configure-email-notifications.md#create-rules-for-alert-notifications). + These check boxes must be checked: - **Include organization name** - The customer name will be added to email notifications @@ -141,46 +158,49 @@ To fetch alerts into your SIEM system you'll need to take the following steps: Step 1: Create a third-party application Step 2: Get access and refresh tokens from your customer's tenant - -Step 3: Whitelist your application on Microsoft Defender Security Center + +Step 3: Whitelist your application on Windows Defender Security Center + ### Step 1: Create an application in Azure Active Directory (Azure AD) -You'll need to create an application and grant it permissions to fetch alerts from your customer's Microsoft Defender ATP tenant. + +You'll need to create an application and grant it permissions to fetch alerts from your customer's Windows Defender ATP tenant. + 1. Sign in to the [Azure AD portal](https://aad.portal.azure.com/). 2. Select **Azure Active Directory** > **App registrations**. -3. Click **New application registration**. + +3. Click **New registration**. + 4. Specify the following values: - Name: \ SIEM MSSP Connector (replace Tenant_name with the tenant display name) - - Application type: Web app / API - - Sign-on URL: `https://SiemMsspConnector` + + - Supported account types: Account in this organizational directory only + - Redirect URI: Select Web and type `https:///SiemMsspConnector`(replace with the tenant name) -5. Click **Create**. The application is displayed in the list of applications you own. +5. Click **Register**. The application is displayed in the list of applications you own. -6. Select the application, then click **Settings** > **Properties**. +6. Select the application, then click **Overview**. -7. Copy the value from the **Application ID** field. +7. Copy the value from the **Application (client) ID** field to a safe place, you will need this in the next step. -8. Change the value in the **App ID URI** to: `https:///SiemMsspConnector` (replace \ with the tenant name. +8. Select **Certificate & secrets** in the new application panel. -9. Ensure that the **Multi-tenanted** field is set to **Yes**. +9. Click **New client secret**. -10. In the **Settings** panel, select **Reply URLs** and add the following URL: `https://localhost:44300/wdatpconnector`. - -11. Click **Save**. - -12. Select **Keys** and specify the following values: - Description: Enter a description for the key. - Expires: Select **In 1 year** -13. Click **Save**. Save the value is a safe place, you'll need this + +10. Click **Add**, copy the value of the client secret to a safe place, you will need this in the next step. + ### Step 2: Get access and refresh tokens from your customer's tenant This section guides you on how to use a PowerShell script to get the tokens from your customer's tenant. This script uses the application from the previous step to get the access and refresh tokens using the OAuth Authorization Code Flow. @@ -248,17 +268,20 @@ After providing your credentials, you'll need to grant consent to the applicatio `Set-ExecutionPolicy -ExecutionPolicy Bypass` 6. Enter the following commands: `.\MsspTokensAcquisition.ps1 -clientId -secret -tenantId ` - - - Replace \ with the Application ID you got from the previous step. - - Replace \ with the application key you created from the previous step. - - Replace \ with your customer's tenant ID. + + - Replace \ with the **Application (client) ID** you got from the previous step. + - Replace \ with the **Client Secret** you created from the previous step. + - Replace \ with your customer's **Tenant ID**. + 7. You'll be asked to provide your credentials and consent. Ignore the page redirect. 8. In the PowerShell window, you'll receive an access token and a refresh token. Save the refresh token to configure your SIEM connector. -### Step 3: Whitelist your application on Microsoft Defender Security Center -You'll need to whitelist the application you created in Microsoft Defender Security Center. + +### Step 3: Whitelist your application on Windows Defender Security Center +You'll need to whitelist the application you created in Windows Defender Security Center. + You'll need to have **Manage portal system settings** permission to whitelist the application. Otherwise, you'll need to request your customer to whitelist the application for you. @@ -272,12 +295,15 @@ You'll need to have **Manage portal system settings** permission to whitelist th 5. Click **Authorize application**. -You can now download the relevant configuration file for your SIEM and connect to the Microsoft Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem.md). + +You can now download the relevant configuration file for your SIEM and connect to the Windows Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem.md). + - In the ArcSight configuration file / Splunk Authentication Properties file – you will have to write your application key manually by settings the secret value. - Instead of acquiring a refresh token in the portal, use the script from the previous step to acquire a refresh token (or acquire it by other means). ## Fetch alerts from MSSP customer's tenant using APIs + For information on how to fetch alerts using REST API, see [Pull alerts using REST API](pull-alerts-using-rest-api.md). ## Related topics @@ -285,4 +311,5 @@ For information on how to fetch alerts using REST API, see [Pull alerts using RE - [Manage portal access using RBAC](rbac.md) - [Pull alerts to your SIEM tools](configure-siem.md) - [Pull alerts using REST API](pull-alerts-using-rest-api.md) + diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md index c100b9ddf2..f4a2b266d9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md @@ -61,7 +61,7 @@ machineId | String | Id of the machine on which the event was identified. **Requ severity | String | Severity of the alert. The property values are: 'Low', 'Medium' and 'High'. **Required**. title | String | Title for the alert. **Required**. description | String | Description of the alert. **Required**. -recommendedAction| String | Action that is recommended to be taken by security officer when analyzing the alert. +recommendedAction| String | Action that is recommended to be taken by security officer when analyzing the alert. **Required**. eventTime | DateTime(UTC) | The time of the event, as obtained from the advanced query. **Required**. reportId | String | The reportId, as obtained from the advanced query. **Required**. category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and 'General'. diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index 2848e2268b..a2e28ff082 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -62,29 +62,29 @@ This page explains how to create an AAD application, get an access token to Micr 4. Allow your Application to access Microsoft Defender ATP and assign it 'Read alerts' permission: - - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**. + - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**. - - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear. + - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear. - ![Image of API access and API selection](images/add-permission.png) + ![Image of API access and API selection](images/add-permission.png) - - Choose **Delegated permissions** > **Alert.Read** > Click on **Add permissions** + - Choose **Delegated permissions** > **Alert.Read** > Click on **Add permissions** - ![Image of API access and API selection](images/application-permissions-public-client.png) + ![Image of API access and API selection](images/application-permissions-public-client.png) - - **Important note**: You need to select the relevant permissions. 'Read alerts' is only an example! + - **Important note**: You need to select the relevant permissions. 'Read alerts' is only an example! - For instance, + For instance, - - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission - - To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission - - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. + - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission + - To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission + - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. - - Click **Grant consent** + - Click **Grant consent** - **Note**: Every time you add permission you must click on **Grant consent** for the new permission to take effect. + **Note**: Every time you add permission you must click on **Grant consent** for the new permission to take effect. - ![Image of Grant permissions](images/grant-consent.png) + ![Image of Grant permissions](images/grant-consent.png) 6. Write down your application ID and your tenant ID: @@ -102,42 +102,42 @@ For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.co - Copy/Paste the below class in your application. - Use **AcquireUserTokenAsync** method with the your application ID, tenant ID, user name and password to acquire a token. - ``` - namespace WindowsDefenderATP - { - using System.Net.Http; - using System.Text; - using System.Threading.Tasks; - using Newtonsoft.Json.Linq; + ```csharp + namespace WindowsDefenderATP + { + using System.Net.Http; + using System.Text; + using System.Threading.Tasks; + using Newtonsoft.Json.Linq; - public static class WindowsDefenderATPUtils - { - private const string Authority = "https://login.windows.net"; + public static class WindowsDefenderATPUtils + { + private const string Authority = "https://login.windows.net"; - private const string WdatpResourceId = "https://api.securitycenter.windows.com"; + private const string WdatpResourceId = "https://api.securitycenter.windows.com"; - public static async Task AcquireUserTokenAsync(string username, string password, string appId, string tenantId) - { - using (var httpClient = new HttpClient()) - { - var urlEncodedBody = $"resource={WdatpResourceId}&client_id={appId}&grant_type=password&username={username}&password={password}"; + public static async Task AcquireUserTokenAsync(string username, string password, string appId, string tenantId) + { + using (var httpClient = new HttpClient()) + { + var urlEncodedBody = $"resource={WdatpResourceId}&client_id={appId}&grant_type=password&username={username}&password={password}"; - var stringContent = new StringContent(urlEncodedBody, Encoding.UTF8, "application/x-www-form-urlencoded"); + var stringContent = new StringContent(urlEncodedBody, Encoding.UTF8, "application/x-www-form-urlencoded"); - using (var response = await httpClient.PostAsync($"{Authority}/{tenantId}/oauth2/token", stringContent).ConfigureAwait(false)) - { - response.EnsureSuccessStatusCode(); + using (var response = await httpClient.PostAsync($"{Authority}/{tenantId}/oauth2/token", stringContent).ConfigureAwait(false)) + { + response.EnsureSuccessStatusCode(); - var json = await response.Content.ReadAsStringAsync().ConfigureAwait(false); + var json = await response.Content.ReadAsStringAsync().ConfigureAwait(false); - var jObject = JObject.Parse(json); + var jObject = JObject.Parse(json); - return jObject["access_token"].Value(); - } - } - } - } - } + return jObject["access_token"].Value(); + } + } + } + } + } ``` ## Validate the token @@ -156,16 +156,17 @@ Sanity check to make sure you got a correct token: - The Expiration time of the token is 1 hour (you can send more then one request with the same token) - Example of sending a request to get a list of alerts **using C#** - ``` - var httpClient = new HttpClient(); - var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); + ```csharp + var httpClient = new HttpClient(); - request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); + var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); - var response = httpClient.SendAsync(request).GetAwaiter().GetResult(); + request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); - // Do something useful with the response + var response = httpClient.SendAsync(request).GetAwaiter().GetResult(); + + // Do something useful with the response ``` ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md index 2b5551a0bb..92bc4c7650 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md @@ -44,7 +44,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' GET /api/users/{id}/alerts ``` -**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve alerts for user1@contoso.com use /api/users/user1/alerts) ** +**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve alerts for user1@contoso.com use /api/users/user1/alerts)** ## Request headers diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md index 341c605bbb..ca042a7e99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md @@ -44,7 +44,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine GET /api/users/{id}/machines ``` -**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve machines for user1@contoso.com use /api/users/user1/machines) ** +**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve machines for user1@contoso.com use /api/users/user1/machines)** ## Request headers diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md index f0d6f3ad6c..dcc141f161 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md @@ -45,8 +45,8 @@ Sensitivity labels classify and help protect sensitive content. Sensitive information types in the Office 365 data loss prevention (DLP) implementation fall under two categories: -- Default -- Custom +- Default +- Custom Default sensitive information types include information such as bank account numbers, social security numbers, or national IDs. For more information, see [What the sensitive information type look for](https://docs.microsoft.com/office365/securitycompliance/what-the-sensitive-information-types-look-for). diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md index 095c078b1f..9747f2d0ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md @@ -61,8 +61,8 @@ Comment | String | Comment to associate with the action. **Required**. IsolationType | String | Type of the isolation. Allowed values are: 'Full' or 'Selective'. **IsolationType** controls the type of isolation to perform and can be one of the following: -- Full – Full isolation -- Selective – Restrict only limited set of applications from accessing the network (see [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) for more details) +- Full – Full isolation +- Selective – Restrict only limited set of applications from accessing the network (see [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) for more details) ## Response diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md index e73c682783..0d041b05e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md @@ -33,8 +33,8 @@ Topic | Description [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats. [Configure Secure score dashboard security controls](secure-score-dashboard.md) | Configure the security controls in Secure score to increase the security posture of your organization. [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts. -Configure Microsoft Threat Protection integration| Configure other solutions that integrate with Microsoft Defender ATP. -Management and API support| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. +[Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP. +[Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. [Configure Microsoft Defender Security Center settings](preferences-setup.md) | Configure portal related settings such as general settings, advanced features, enable the preview experience and others. diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md index 5771d8afef..dcaa31ea84 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md @@ -21,7 +21,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->[!NOTE] +>[!NOTE] > Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md). The secure score page will be available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page. The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines. @@ -79,11 +79,11 @@ Within the tile, you can click on each control to see the recommended optimizati Clicking the link under the **Misconfigured machines** column opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. -## Related topic +## Related topic - [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) -- [Configuration score](configuration-score.md) +- [Configuration score](configuration-score.md) - [Security recommendations](tvm-security-recommendation.md) - [Remediation](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 230e57d75e..3f4ceec2f5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -63,7 +63,7 @@ This action takes effect on machines with Windows 10, version 1703 or later, whe 1. Select the file you want to stop and quarantine. You can select a file from any of the following views or use the Search box: - **Alerts** - click the corresponding links from the Description or Details in the Artifact timeline - - **Search box** - select File from the drop–down menu and enter the file name + - **Search box** - select **File** from the drop–down menu and enter the file name 2. Go to the top bar and select **Stop and Quarantine File**. @@ -98,7 +98,7 @@ You can roll back and remove a file from quarantine if you’ve determined that 1. Open an elevated command–line prompt on the machine: - a. Go to **Start** and type cmd. + a. Go to **Start** and type _cmd_. b. Right–click **Command prompt** and select **Run as administrator**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md index 5bb659b44e..d9cfb97c3f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md @@ -96,7 +96,7 @@ The package contains the following folders: |:---|:---------| |Autoruns | Contains a set of files that each represent the content of the registry of a known auto start entry point (ASEP) to help identify attacker’s persistency on the machine.

    NOTE: If the registry key is not found, the file will contain the following message: “ERROR: The system was unable to find the specified registry key or value.” | |Installed programs | This .CSV file contains the list of installed programs that can help identify what is currently installed on the machine. For more information, see [Win32_Product class](https://go.microsoft.com/fwlink/?linkid=841509). | -|Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections.

    - ActiveNetConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process.

    - Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces.

    ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack.

    - DnsCache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections.

    - IpConfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.

    - FirewassExecutionLog.txt and pfirewall.log | +|Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections.

    - ActiveNetConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process.

    - Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces.

    ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack.

    - DnsCache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections.

    - IpConfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.

    - FirewassExecutionLog.txt and pfirewall.log | | Prefetch files| Windows Prefetch files are designed to speed up the application startup process. It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list.

    - Prefetch folder – Contains a copy of the prefetch files from `%SystemRoot%\Prefetch`. NOTE: It is suggested to download a prefetch file viewer to view the prefetch files.

    - PrefetchFilesList.txt – Contains the list of all the copied files which can be used to track if there were any copy failures to the prefetch folder. | | Processes| Contains a .CSV file listing the running processes which provides the ability to identify current processes running on the machine. This can be useful when identifying a suspicious process and its state. | | Scheduled tasks| Contains a .CSV file listing the scheduled tasks which can be used to identify routines performed automatically on a chosen machine to look for suspicious code which was set to run automatically. | diff --git a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md index f7c9eff384..731963f220 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md @@ -75,7 +75,7 @@ The **Sensor health** tile provides information on the individual machine’s ab ![Sensor health tile](images/atp-tile-sensor-health.png) There are two status indicators that provide information on the number of machines that are not reporting properly to the service: -- **Misconfigured** – These machines might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected. +- **Misconfigured** – These machines might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected. - **Inactive** - Machines that have stopped reporting to the Microsoft Defender ATP service for more than seven days in the past month. diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index f981d9c12a..289a76f1c5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -296,8 +296,8 @@ You might also need to check the following: ## Licensing requirements Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: - - Windows 10 Enterprise E5 - - Windows 10 Education E5 + - Windows 10 Enterprise E5 + - Windows 10 Education E5 - Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md index f78005ca01..668831d19d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md @@ -34,31 +34,31 @@ The following steps guide you on how to create roles in Microsoft Defender Secur 3. Enter the role name, description, and permissions you'd like to assign to the role. - - **Role name** - - **Description** - - **Permissions** - - **View data** - Users can view information in the portal. - - **Alerts investigation** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline. - - **Active remediation actions** - Users can take response actions and approve or dismiss pending remediation actions. - - **Manage portal system settings** - Users can configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and machine groups. - - >[!NOTE] - >This setting is only available in the Microsoft Defender ATP administrator (default) role. + - **Role name** + - **Description** + - **Permissions** + - **View data** - Users can view information in the portal. + - **Alerts investigation** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline. + - **Active remediation actions** - Users can take response actions and approve or dismiss pending remediation actions. + - **Manage portal system settings** - Users can configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and machine groups. - - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, create and manage custom detections, manage folder exclusions for automation, onboard and offboard machines, and manage email notifications. + > [!NOTE] + > This setting is only available in the Microsoft Defender ATP administrator (default) role. - - **Live response capabilities** - Users can take basic or advanced live response commands.
    - - Basic commands allow users to: - - Start a live response session - - Run read only live response commands on a remote machine - - Advanced commands allow users to: - - Run basic actions - - Download a file from the remote machine - - View a script from the files library - - Run a script on the remote machine from the files library take read and write commands. - - For more information on the available commands, see [Investigate machines using Live response](live-response.md). - + - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, create and manage custom detections, manage folder exclusions for automation, onboard and offboard machines, and manage email notifications. + + - **Live response capabilities** - Users can take basic or advanced live response commands. + - Basic commands allow users to: + - Start a live response session + - Run read only live response commands on a remote machine + - Advanced commands allow users to: + - Run basic actions + - Download a file from the remote machine + - View a script from the files library + - Run a script on the remote machine from the files library take read and write commands. + + For more information on the available commands, see [Investigate machines using Live response](live-response.md). + 4. Click **Next** to assign the role to an Azure AD group. 5. Use the filter to select the Azure AD group that you'd like to add to this role. diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 994b79b7b6..b3c05cd9a2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -79,8 +79,8 @@ For more information preview features, see [Preview features](https://docs.micro Threat Analytics is a set of interactive reports published by the Microsoft Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. - New in Windows 10 version 1809, there are two new attack surface reduction rules: - - Block Adobe Reader from creating child processes - - Block Office communication application from creating child processes. + - Block Adobe Reader from creating child processes + - Block Office communication application from creating child processes. - [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/). @@ -95,8 +95,8 @@ Query data using Advanced hunting in Microsoft Defender ATP. - [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
    New attack surface reduction rules: - - Use advanced protection against ransomware - - Block credential stealing from the Windows local security authority subsystem (lsass.exe) + - Use advanced protection against ransomware + - Block credential stealing from the Windows local security authority subsystem (lsass.exe) - Block process creations originating from PSExec and WMI commands - Block untrusted and unsigned processes that run from USB - Block executable content from email client and webmail diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index c2c3f86318..7036973802 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -49,7 +49,7 @@ The Security Compliance Toolkit consists of: - Local Group Policy Object (LGPO) tool -You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more details about security baseline recommendations, see the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/). +You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more details about security baseline recommendations, see the [Microsoft Security Guidance blog](https://techcommunity.microsoft.com/t5/Microsoft-Security-Baselines/bg-p/Microsoft-Security-Baselines). ## What is the Policy Analyzer tool? diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md index 4fcca719b6..ef5a46869a 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md @@ -102,7 +102,7 @@ If the [Audit Kernel Object](../auditing/audit-kernel-object.md) setting is conf | 565 | Access was granted to an already existing object type. | | 567 | A permission associated with a handle was used.
    **Note:** A handle is created with certain granted permissions (Read, Write, and so on). When the handle is used, up to one audit is generated for each of the permissions that was used. | | 569 | The resource manager in Authorization Manager attempted to create a client context. | -| 570 | A client attempted to access an object.
    **Note: ** An event will be generated for every attempted operation on the object. | +| 570 | A client attempted to access an object.
    **Note:** An event will be generated for every attempted operation on the object. | ## Security considerations diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 44a4ae63d3..300f56c569 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -413,7 +413,7 @@ Here are the minimum steps for WEF to operate: ## Appendix E – Annotated baseline subscription event query -``` syntax +```xml @@ -578,8 +578,7 @@ Here are the minimum steps for WEF to operate: ## Appendix F – Annotated Suspect Subscription Event Query -``` syntax - +```xml diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md index a9991a6eef..0389c92dd6 100644 --- a/windows/security/threat-protection/windows-10-mobile-security-guide.md +++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md @@ -22,16 +22,16 @@ ms.date: 10/13/2017 Smartphones now serve as a primary productivity tool for business workers and, just like desktops or laptops, need to be secured against malware and data theft. Protecting these devices can be challenging due to the wide range of device operating systems and configurations and the fact that many employees use their own personal devices. IT needs to secure corporate assets on every device, but also ensure the privacy of the user’s personal apps and data. Windows 10 Mobile addresses these security concerns directly, whether workers are using personal or corporate-owned devices. It uses the same security technologies as the Windows 10 operating system to help protect against known and emerging security threats across the spectrum of attack vectors. These technologies include: -- **Windows Hello for Business** Enhanced identity and access control features ensure that only authorized users can access corporate data and resources. Windows Hello simplifies multifactor authentication (MFA) deployment and use, offering PIN, companion device, and biometric authentication methods. -- **Windows Information Protection** Automatic data separation keeps corporate information from being shared with personal data and apps. -- **Malware resistance** Multi-layered protections built into the device hardware, startup processes, and app platform help reduce the threat of malware that can compromise employee devices. +- **Windows Hello for Business** Enhanced identity and access control features ensure that only authorized users can access corporate data and resources. Windows Hello simplifies multifactor authentication (MFA) deployment and use, offering PIN, companion device, and biometric authentication methods. +- **Windows Information Protection** Automatic data separation keeps corporate information from being shared with personal data and apps. +- **Malware resistance** Multi-layered protections built into the device hardware, startup processes, and app platform help reduce the threat of malware that can compromise employee devices. This guide helps IT administrators better understand the security features in Windows 10 Mobile, which can be used to improve protection against unauthorized access, data leakage, and malware. **In this article:** -- Windows Hello for Business -- Windows Information Protection -- Malware resistance +- Windows Hello for Business +- Windows Information Protection +- Malware resistance ## Windows Hello @@ -56,9 +56,9 @@ To compromise Windows Hello credentials, an attacker would need access to the ph Biometrics help prevent credential theft and make it easier for users to login to their devices. Users always have their biometric identity with them – there is nothing to forget, lose, or leave behind. Attackers would need to have both access to the user’s device and be able to impersonate the user’s biometric identity to gain access to corporate resources, which is far more difficult than stealing a password. Windows Hello supports three biometric sensor scenarios: -- **Facial recognition** uses special IR cameras to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major manufacturers are already shipping laptops with integrated facial-recognition technology. Both Surface Pro 4 and Surface Book support this technology. -- **Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello. -- **Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology. +- **Facial recognition** uses special IR cameras to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major manufacturers are already shipping laptops with integrated facial-recognition technology. Both Surface Pro 4 and Surface Book support this technology. +- **Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello. +- **Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology. >Users must create an unlock PIN while they enroll a biometric gesture. The device uses this PIN as a fallback mechanism in situations where it cannot capture the biometric gesture. @@ -72,8 +72,6 @@ The biometric image collected at enrollment is converted into an algorithmic for A Windows Hello companion device enables a physical device, like a wearable, to serve as a factor for validating the user’s identity before granting them access to their credentials. For instance, when the user has physical possession of a companion device they can easily, possibly even automatically, unlock their PC and authenticate with apps and websites. This type of device can be useful for smartphones or tablets that don’t have integrated biometric sensors or for industries where users need a faster, more convenient sign-in experience, such as retail. -In some cases, the companion device for Windows Hello enables a physical device, like a phone, wearable, or other types of device to store all of the user’s credentials. Storage of the credentials on a mobile device makes it possible to use them on any supporting device, like a kiosk or family PC, and eliminates the need to enroll Windows Hello on each device. Companion devices also help enable organizations to meet regulatory requirements, such as Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS 140-2). - ### Standards-based approach The Fast Identity Online (FIDO) Alliance is a nonprofit organization that works to address the lack of interoperability among strong authentication devices and the problems users face in creating and remembering multiple user names and passwords. FIDO standards help reduce reliance on passwords to authenticate users of online services securely, allowing any business network, app, website, or cloud application to interface with a broad variety of existing and future FIDO-enabled devices and operating system platforms. @@ -87,12 +85,12 @@ Enterprises have seen huge growth in the convergence of personal and corporate d Inadvertent disclosure is rapidly becoming the biggest source of confidential data leakage as organizations allow personal devices to access corporate resources. It’s easy to imagine that an employee using work email on their personal phone could unintentionally save an attachment containing sensitive company information to personal cloud storage, which could be shared with unauthorized people. This accidental sharing of corporate data is just one example of the challenges common to using mobile devices in the workplace. To prevent this type of data leakage, most solutions require users to login with a separate username and password to a container that stores all corporate apps and data, an experience that degrades user productivity. Windows 10 Mobile includes Windows Information Protection to transparently keep corporate data secure and personal data private. Because corporate data is always protected, users cannot inadvertently copy it or share it with unauthorized users or apps. Key features include: -- Automatically tag personal and corporate data. -- Protect data while it’s at rest on local or removable storage. -- Control which apps can access corporate data. -- Control which apps can access a virtual private network (VPN) connection. -- Prevent users from copying corporate data to public locations. -- Help ensure business data is inaccessible when the device is in a locked state. +- Automatically tag personal and corporate data. +- Protect data while it’s at rest on local or removable storage. +- Control which apps can access corporate data. +- Control which apps can access a virtual private network (VPN) connection. +- Prevent users from copying corporate data to public locations. +- Help ensure business data is inaccessible when the device is in a locked state. ### Enlightened apps @@ -101,21 +99,21 @@ Third-party data loss protection solutions usually require developers to wrap th Windows Information Protection classifies apps into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on internal policies. Corporate data will be encrypted on the managed device and attempts to copy/paste or share this information with non-corporate apps or users will fail. Unenlightened apps, when marked as corporate-managed, consider all data corporate and encrypt everything by default. When you do not want all data encrypted by default – because it would create a poor user experience – developers should consider enlightening apps by adding code and compiling them using the Windows Information Protection application programming interfaces. The most likely candidates for enlightenment are apps that: -- Don’t use common controls for saving files. -- Don’t use common controls for text boxes. -- Work on personal and enterprise data simultaneously (e.g., contact apps that display personal and enterprise data in a single view or a browser that displays personal and enterprise web pages on tabs within a single instance). +- Don’t use common controls for saving files. +- Don’t use common controls for text boxes. +- Work on personal and enterprise data simultaneously (e.g., contact apps that display personal and enterprise data in a single view or a browser that displays personal and enterprise web pages on tabs within a single instance). In many cases, most apps don’t require enlightenment for them to use Windows Information Protection. Simply adding them to the allow list is the only step you need to take. Line-of-Business (LOB) apps are a good example of where this works well because they only handle corporate data. **When is app enlightenment required?** -- **Required** - - App needs to work with both personal and enterprise data. -- **Recommended** - - App handles only corporate data, but needs to modify a file (such as a configuration file) in order to launch, uninstall itself, update etc. Without enlightenment you wouldn’t be able to properly revoke these apps. - - App needs to access enterprise data, while protection under lock is activated. -- **Not required** - - App handles only corporate data - - App handles only personal data +- **Required** + - App needs to work with both personal and enterprise data. +- **Recommended** + - App handles only corporate data, but needs to modify a file (such as a configuration file) in order to launch, uninstall itself, update etc. Without enlightenment you wouldn’t be able to properly revoke these apps. + - App needs to access enterprise data, while protection under lock is activated. +- **Not required** + - App handles only corporate data + - App handles only personal data ### Data leakage control @@ -124,10 +122,10 @@ To configure Windows Information Protection in a Mobile Device Management (MDM) Windows Information Protection works seamlessly until users try to access enterprise data with or paste enterprise data into unauthorized apps or locations on the web. For example, copying enterprise data from an authorized app to another authorized app works as usual, but Window Information Protection can block users from copying enterprise data from an authorized app to an unauthorized app. Likewise, it will block users from using an unauthorized app to open a file that contains enterprise data. The extent to which users will be prevented from copying and pasting data from authorized apps to unauthorized apps or locations on the web depends on which protection level is set: -- **Block.** Windows Information Protection blocks users from completing the operation. -- **Override.** Windows Information Protection notifies users that the operation is inappropriate but allows them to override the policy, although it logs the operation in the audit log. -- **Audit.** Windows Information Protection does not block or notify users but logs the operation in the audit log. -- **Off.** Windows Information Protection does not block or notify users and does not log operations in the audit log. +- **Block.** Windows Information Protection blocks users from completing the operation. +- **Override.** Windows Information Protection notifies users that the operation is inappropriate but allows them to override the policy, although it logs the operation in the audit log. +- **Audit.** Windows Information Protection does not block or notify users but logs the operation in the audit log. +- **Off.** Windows Information Protection does not block or notify users and does not log operations in the audit log. ### Data separation @@ -140,11 +138,11 @@ Windows Information Protection provides data separation without requiring a cont Windows 10 Mobile uses device encryption, based on BitLocker technology, to encrypt all internal storage, including operating systems and data storage partitions. The user can activate device encryption, or the IT department can activate and enforce encryption for company-managed devices through MDM tools. When device encryption is turned on, all data stored on the phone is encrypted automatically. A Windows 10 Mobile device with encryption turned on helps protect the confidentiality of data stored – even if the device is lost or stolen. The combination of Windows Hello lock and data encryption makes it extremely difficult for an unauthorized party to retrieve sensitive information from the device. You can customize how device encryption works to meet your unique security requirements. Device encryption even enables you to define your own cipher suite. For example, you can specify the algorithm and key size that Windows 10 Mobile uses for data encryption, which Transport Layer Security (TLS) cipher suites are permitted, and whether Federal Information Processing Standard (FIPS) policy is enabled. The list below shows the policies you can change to customize device encryption on Windows 10 Mobile devices. -- Cryptography - - Allow FIPS Algorithm: This policy enables or disable the FIPS policy. A restart is needed to enforce this policy. The default value is disabled. - - TLS Cipher Suite: This policy contains a list of the cryptographic cipher algorithms allowed for Secure Sockets Layer connections. -- BitLocker - - Encryption Method: Configures the BitLocker Drive Encryption Method and cipher strength. The default value is AES-CBC 128-bit. If the device cannot use the value specified, it will use another one. +- Cryptography + - Allow FIPS Algorithm: This policy enables or disable the FIPS policy. A restart is needed to enforce this policy. The default value is disabled. + - TLS Cipher Suite: This policy contains a list of the cryptographic cipher algorithms allowed for Secure Sockets Layer connections. +- BitLocker + - Encryption Method: Configures the BitLocker Drive Encryption Method and cipher strength. The default value is AES-CBC 128-bit. If the device cannot use the value specified, it will use another one. To help make the device even more secured against outside interference, Windows 10 Mobile also now includes protection-under-lock. That means that encryption keys are removed from memory whenever a device is locked. Apps are unable to access sensitive data while the device is in a locked state, so hackers and malware have no way to find and co-opt keys. Everything is locked up tight with the TPM until the user unlocks the device with Windows Hello. @@ -230,9 +228,9 @@ A Trusted Platform Module (TPM) is a tamper-resistant cryptographic module that A proper implementation of a TPM as part of a trusted computing platform provides a hardware root of trust, meaning that the hardware behaves in a trusted way. For example, if you create a key in a TPM with the property that no one can export that key from the TPM, the key absolutely cannot leave the TPM. The close integration of a TPM with a platform increases the transparency of the boot process and supports device health scenarios by enabling a reliable report of the software used to start a platform. The following list describes key functionality that a TPM provides in Windows 10 Mobile: -- **Managing cryptographic keys.** A TPM can create, store, and permit the use of keys in defined ways. Windows 10 Mobile uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and various other keys. -- **Safeguarding and reporting integrity measurements.** Windows 10 Mobile uses the TPM to record and help protect integrity-related measurements of select hardware and Windows boot components for the Measured Boot feature. In this scenario, Measured Boot measures each component – from firmware up through the drivers – and then stores those measurements in the device’s TPM. From here, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 Mobile device. -- **Proving a TPM is really a TPM.** Managing cryptographic keys and measuring integrity are so central to protecting privacy and security that a TPM must differentiate itself from malware masquerading as a TPM. +- **Managing cryptographic keys.** A TPM can create, store, and permit the use of keys in defined ways. Windows 10 Mobile uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and various other keys. +- **Safeguarding and reporting integrity measurements.** Windows 10 Mobile uses the TPM to record and help protect integrity-related measurements of select hardware and Windows boot components for the Measured Boot feature. In this scenario, Measured Boot measures each component – from firmware up through the drivers – and then stores those measurements in the device’s TPM. From here, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 Mobile device. +- **Proving a TPM is really a TPM.** Managing cryptographic keys and measuring integrity are so central to protecting privacy and security that a TPM must differentiate itself from malware masquerading as a TPM. Windows 10 Mobile supports TPM implementations that comply with the 2.0 standard. The TPM 2.0 standard includes several improvements that make it superior to the 1.2 standard, the most notable of which is cryptographic agility. TPM 1.2 is restricted to a fixed set of encryption and hash algorithms. When the TPM 1.2 standard appeared in the early 2000s, the security community considered these algorithms cryptographically strong. Since then, advances in cryptographic algorithms and cryptanalysis attacks have increased expectations for stronger cryptography. TPM 2.0 supports additional algorithms that offer stronger cryptographic protection, as well as the ability to plug-in algorithms that certain geographies or industries may prefer. It also opens the possibility for inclusion of future algorithms without changing the TPM component itself. @@ -241,9 +239,9 @@ Many assume that original equipment manufacturers (OEMs) must implant a TPM in h >Microsoft requires TPM 2.0 on devices running any version of Windows 10 Mobile. For more information, see [minimum hardware requirements](https://technet.microsoft.com/library/dn915086.aspx) Several Windows 10 Mobile security features require TPM: -- Virtual smart cards -- Measured Boot -- Health attestation (requires TPM 2.0 or later) +- Virtual smart cards +- Measured Boot +- Health attestation (requires TPM 2.0 or later) Still other features will use the TPM if it is available. For example, Windows Hello does not require TPM but uses it if it’s available. Organizations can configure policy to require TPM for Windows Hello. @@ -312,9 +310,9 @@ Malware depends on its ability to insert a malicious payload into memory with th The heap is a location in memory that Windows uses to store dynamic application data. Microsoft continues to improve on earlier Windows heap designs by further mitigating the risk of heap exploits that an attacker could use. Windows 10 Mobile has made several important improvements to the security of the heap over previous versions of Windows: -- Internal data structures that the heap uses are better protected against memory corruption. -- Heap memory allocations have randomized locations and sizes, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 Mobile adds a random offset to the address of a newly allocated heap, making the allocation much less predictable. -- Windows 10 Mobile uses “guard pages” before and after blocks of memory as tripwires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 Mobile responds by instantly terminating the app. +- Internal data structures that the heap uses are better protected against memory corruption. +- Heap memory allocations have randomized locations and sizes, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 Mobile adds a random offset to the address of a newly allocated heap, making the allocation much less predictable. +- Windows 10 Mobile uses “guard pages” before and after blocks of memory as tripwires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 Mobile responds by instantly terminating the app. ### Memory reservations @@ -342,9 +340,9 @@ The security policy of a specific AppContainer defines the operating system capa A set of default permissions are granted to all AppContainers, including access to a unique, isolated storage location. Access to other capabilities can be declared within the app code itself. Unlike traditional desktop applications, access to additional capabilities and privileges cannot be requested at run time. The AppContainer concept is advantageous because it provides: -- **Attack surface reduction.** Apps can access only those capabilities that are declared in the application code and needed to perform their functions. -- **User consent and control.** Capabilities that apps use are automatically published to the app details page in the Microsoft Store. App access to capabilities that may expose sensitive information automatically prompt the user to acknowledge and provide consent. -- **App isolation.** Communication between Windows apps is tightly controlled. Apps are isolated from one another and can communicate only by using predefined communication channels and data types. +- **Attack surface reduction.** Apps can access only those capabilities that are declared in the application code and needed to perform their functions. +- **User consent and control.** Capabilities that apps use are automatically published to the app details page in the Microsoft Store. App access to capabilities that may expose sensitive information automatically prompt the user to acknowledge and provide consent. +- **App isolation.** Communication between Windows apps is tightly controlled. Apps are isolated from one another and can communicate only by using predefined communication channels and data types. Apps receive the minimal privileges they need to perform their legitimate tasks. This means that even if a malicious attacker exploits an app, the potential damage is limited because the app cannot elevate its privileges and is contained within its AppContainer. Microsoft Store displays the permissions that the app requires along with the app’s age rating and publisher. @@ -355,9 +353,9 @@ The combination of Device Guard and AppContainer help to prevent unauthorized ap The web browser is a critical component of any security strategy. It is the user’s interface to the Internet, an environment teeming with malicious sites and potentially dangerous content. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the number one pathway from which malicious hackers initiate their attacks. Windows 10 Mobile includes Microsoft Edge, an entirely new web browser that goes beyond browsing with features like Reading View. Microsoft Edge is more secure than previous Microsoft web browsers in several ways: -- **Microsoft Edge on Windows 10 Mobile does not support extensions.** Microsoft Edge has built-in PDF viewing capability. -- **Microsoft Edge is designed as a UWP app.** It is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps. -- **Microsoft Edge simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, fewer security settings are required. In addition, Microsoft established Microsoft Edge default settings that align with security best practices, making it more secure by design. +- **Microsoft Edge on Windows 10 Mobile does not support extensions.** Microsoft Edge has built-in PDF viewing capability. +- **Microsoft Edge is designed as a UWP app.** It is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps. +- **Microsoft Edge simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, fewer security settings are required. In addition, Microsoft established Microsoft Edge default settings that align with security best practices, making it more secure by design. ## Summary diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index 4f08806147..39bb11b2f0 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -51,13 +51,14 @@ As a cloud service, it is required that computers have access to the internet an | **Service**| **Description** |**URL** | | :--: | :-- | :-- | -| *Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)*|Used by Windows Defender Antivirus to provide cloud-delivered protection|*.wdcp.microsoft.com *.wdcpalt.microsoft.com *.wd.microsoft.com| -| *Microsoft Update Service (MU)*| Security intelligence and product updates |*.update.microsoft.com| -| *Security intelligence updates Alternate Download Location (ADL)*| Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| *.download.microsoft.com| -| *Malware submission storage *|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | ussus1eastprod.blob.core.windows.net ussus1westprod.blob.core.windows.net usseu1northprod.blob.core.windows.net usseu1westprod.blob.core.windows.net ussuk1southprod.blob.core.windows.net ussuk1westprod.blob.core.windows.net ussas1eastprod.blob.core.windows.net ussas1southeastprod.blob.core.windows.net ussau1eastprod.blob.core.windows.net ussau1southeastprod.blob.core.windows.net | -| *Certificate Revocation List (CRL)* |Used by Windows when creating the SSL connection to MAPS for updating the CRL | http://www.microsoft.com/pkiops/crl/ http://www.microsoft.com/pkiops/certs http://crl.microsoft.com/pki/crl/products http://www.microsoft.com/pki/certs | -| *Symbol Store *|Used by Windows Defender Antivirus to restore certain critical files during remediation flows | https://msdl.microsoft.com/download/symbols | -| *Universal Telemetry Client* | Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: vortex-win.data.microsoft.com settings-win.data.microsoft.com| +| *Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)*|Used by Windows Defender Antivirus to provide cloud-delivered protection|\*.wdcp.microsoft.com \*.wdcpalt.microsoft.com \*.wd.microsoft.com| +| *Microsoft Update Service (MU)*| Security intelligence and product updates |\*.update.microsoft.com| +| *Security intelligence updates Alternate Download Location (ADL)*| Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| \*.download.microsoft.com| +| *Malware submission storage*|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | ussus1eastprod.blob.core.windows.net ussus1westprod.blob.core.windows.net usseu1northprod.blob.core.windows.net usseu1westprod.blob.core.windows.net ussuk1southprod.blob.core.windows.net ussuk1westprod.blob.core.windows.net ussas1eastprod.blob.core.windows.net ussas1southeastprod.blob.core.windows.net ussau1eastprod.blob.core.windows.net ussau1southeastprod.blob.core.windows.net | +| *Certificate Revocation List (CRL)*|Used by Windows when creating the SSL connection to MAPS for updating the CRL | http://www.microsoft.com/pkiops/crl/ http://www.microsoft.com/pkiops/certs http://crl.microsoft.com/pki/crl/products http://www.microsoft.com/pki/certs | +| *Symbol Store*|Used by Windows Defender Antivirus to restore certain critical files during remediation flows | https://msdl.microsoft.com/download/symbols | +| *Universal Telemetry Client*| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: vortex-win.data.microsoft.com settings-win.data.microsoft.com| + ## Validate connections between your network and the cloud diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index 7ee34ff838..575ad0d393 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -41,6 +41,6 @@ You can also manually merge AppLocker policies. For the procedure to do this, se Gets the local AppLocker policy, and then merges the policy with the existing AppLocker policy in the GPO specified in the LDAP path. -``` syntax +```powershell C:\PS>Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C044FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge ``` diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index 6fa4d92a72..a3834e3625 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -50,11 +50,11 @@ The following table contains information about the events that you can use to de | 8000 | Error| Application Identity Policy conversion failed. Status *<%1> *| Indicates that the policy was not applied correctly to the computer. The status message is provided for troubleshooting purposes.| | 8001 | Information| The AppLocker policy was applied successfully to this computer.| Indicates that the AppLocker policy was successfully applied to the computer.| | 8002 | Information| *<File name> * was allowed to run.| Specifies that the .exe or .dll file is allowed by an AppLocker rule.| -| 8003 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only ** enforcement mode is enabled. Specifies that the .exe or .dll file would be blocked if the **Enforce rules ** enforcement mode were enabled. | -| 8004 | Error| *<File name> * was not allowed to run.| Access to *<file name> * is restricted by the administrator. Applied only when the **Enforce rules ** enforcement mode is set either directly or indirectly through Group Policy inheritance. The .exe or .dll file cannot run.| +| 8003 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only** enforcement mode is enabled. Specifies that the .exe or .dll file would be blocked if the **Enforce rules** enforcement mode were enabled. | +| 8004 | Error| *<File name> * was not allowed to run.| Access to *<file name>* is restricted by the administrator. Applied only when the **Enforce rules** enforcement mode is set either directly or indirectly through Group Policy inheritance. The .exe or .dll file cannot run.| | 8005| Information| *<File name> * was allowed to run.| Specifies that the script or .msi file is allowed by an AppLocker rule.| -| 8006 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only ** enforcement mode is enabled. Specifies that the script or .msi file would be blocked if the **Enforce rules ** enforcement mode were enabled. | -| 8007 | Error| *<File name> * was not allowed to run.| Access to *<file name> * is restricted by the administrator. Applied only when the **Enforce rules ** enforcement mode is set either directly or indirectly through Group Policy inheritance. The script or .msi file cannot run.| +| 8006 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only** enforcement mode is enabled. Specifies that the script or .msi file would be blocked if the **Enforce rules** enforcement mode were enabled. | +| 8007 | Error| *<File name> * was not allowed to run.| Access to *<file name>* is restricted by the administrator. Applied only when the **Enforce rules** enforcement mode is set either directly or indirectly through Group Policy inheritance. The script or .msi file cannot run.| | 8008| Error| AppLocker disabled on the SKU.| Added in Windows Server 2012 and Windows 8.| | 8020| Information| Packaged app allowed.| Added in Windows Server 2012 and Windows 8.| | 8021| Information| Packaged app audited.| Added in Windows Server 2012 and Windows 8.| diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md index 8e77d3e330..d3c403d633 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md @@ -30,7 +30,7 @@ This topic for IT professionals provides links to procedural topics about creati | Topic | Description | | - | - | | [Configure the Application Identity service](configure-the-application-identity-service.md) | This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.| -| [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) | This topic for IT professionals describes how to set AppLocker policies to **Audit only ** within your IT environment by using AppLocker.| +| [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) | This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.| | [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md) | This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.| | [Display a custom URL message when users try to run a blocked app](display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md) | This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.| | [Export an AppLocker policy from a GPO](export-an-applocker-policy-from-a-gpo.md) | This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.| diff --git a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md index 105f6a46bb..babbce2e0b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md @@ -52,10 +52,10 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD - Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe) - One or the other, not both at the same time - Does not support wildcard in the middle (ex. C:\\*\foo.exe) - - Examples: - - %WINDIR%\\... - - %SYSTEM32%\\... - - %OSDRIVE%\\... +- Supported Macros: + - %WINDIR%\\... + - %SYSTEM32%\\... + - %OSDRIVE%\\... - Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index ab584cebd9..530d8659f9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -111,15 +111,16 @@ They could also choose to create a catalog that captures information about the u Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. -- New-CIPolicy parameters +- New-CIPolicy parameter - FilePath: create path rules under path \ for anything not user-writeable (at the individual file level) ```powershell - New-CIPolicy -f .\mypolicy.xml -l FilePath -s -u + New-CIPolicy -FilePath .\mypolicy.xml -Level FileName -ScanPath -UserPEs ``` Optionally, add -UserWriteablePaths to ignore user writeability - + +- New-CIPolicyRule parameter - FilePathRule: create a rule where filepath string is directly set to value of \ ```powershell @@ -134,7 +135,7 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD $rules = New-CIPolicyRule … $rules += New-CIPolicyRule … … - New-CIPolicyRule -f .\mypolicy.xml -u + New-CIPolicy -FilePath .\mypolicy.xml -Rules $rules -UserPEs ``` - Wildcards supported @@ -149,6 +150,6 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD - Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: ```powershell - Set-RuleOption -o 18 .\policy.xml + Set-RuleOption -Option 18 .\policy.xml ``` diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index 9617e485b3..3605322e2c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -18,7 +18,7 @@ ms.date: 01/08/2019 **Applies to:** -- Windows 10 +- Windows 10 Enterprise - Windows Server 2016 - Windows Server 2019 @@ -40,8 +40,8 @@ WDAC policies also block unsigned scripts and MSIs, and Windows PowerShell runs ## WDAC System Requirements -WDAC policies can only be created on computers beginning with Windows 10 Enterprise or Professional editions or Windows Server 2016. -They can be applied to computers running any edition of Windows 10 or Windows Server 2016 and optionally managed via Mobile Device Management (MDM), such as Microsoft Intune. +WDAC policies can only be created on computers beginning with Windows 10 Enterprise or Windows Server 2016 and above. +They can be applied to computers running Windows 10 Enterprise or Windows Server 2016 and above and optionally managed via Mobile Device Management (MDM), such as Microsoft Intune. Group Policy or Intune can be used to distribute WDAC policies. ## New and changed functionality diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index fb335353dc..c129bb0353 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -29,11 +29,13 @@ These settings, located at **Computer Configuration\Administrative Templates\Net >You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. -| Policy name | Supported versions | Description | -|-------------------------------------------------|--------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Private network ranges for apps | At least Windows Server 2012, Windows 8, or Windows RT | A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. | -| Enterprise resource domains hosted in the cloud | At least Windows Server 2012, Windows 8, or Windows RT | A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. | -| Domains categorized as both work and personal | At least Windows Server 2012, Windows 8, or Windows RT | A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. | + +|Policy name|Supported versions|Description| +|-----------|------------------|-----------| +|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| +|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) If you want to specify a complete domain, include a full domain name (for example "**contoso.com**") in the configuration. 2) You may optionally use "." as a previous wildcard character to automatically trust all subdomains (when there is more than one subdomain). Configuring "**.constoso.com**" will automatically trust "**subdomain1.contoso.com**", "**subdomain2.contoso.com**", etc. 3) To trust a subdomain, precede your domain with two dots, for example "**..contoso.com**". | +|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.| + ## Application-specific settings These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard. diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 8a0d017824..1d5756d650 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -103,3 +103,11 @@ Answering frequently asked questions about Windows Defender Application Guard (A | **A:** | To trust a subdomain, you must precede your domain with two dots, for example: ..contoso.com. |
    + +| | | +|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? | +| **A:** | When using Windows Pro and Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). | + +
    + diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md index 3f889598d3..dc6820bd94 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md @@ -19,29 +19,12 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ## Review system requirements - + +See [System requirements for Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard) to review the hardware and software installation requirements for Windows Defender Application Guard. >[!NOTE] >Windows Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. -### Hardware requirements -Your environment needs the following hardware to run Windows Defender Application Guard. -|Hardware|Description| -|--------|-----------| -|64-bit CPU|A 64-bit computer with minimum 4 cores is required for the hypervisor. For more info about Hyper-V, see [Hyper-V on Windows Server 2016](https://docs.microsoft.com/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](https://docs.microsoft.com/virtualization/hyper-v-on-windows/reference/tlfs).| -|CPU virtualization extensions|Extended page tables, also called _Second Level Address Translation (SLAT)_

    **-AND-**

    One of the following virtualization extensions for VBS:

    VT-x (Intel)

    **-OR-**

    AMD-V| -|Hardware memory|Microsoft requires a minimum of 8GB RAM| -|Hard disk|5 GB free space, solid state disk (SSD) recommended| -|Input/Output Memory Management Unit (IOMMU) support|Not required, but strongly recommended| - -### Software requirements -Your environment needs the following software to run Windows Defender Application Guard. - -|Software|Description| -|--------|-----------| -|Operating system|Windows 10 Enterprise edition, version 1709 or higher
    Windows 10 Professional edition, version 1803| -|Browser|Microsoft Edge and Internet Explorer| -|Management system
    (only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)

    **-OR-**

    [System Center Configuration Manager](https://docs.microsoft.com/sccm/)

    **-OR-**

    [Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)

    **-OR-**

    Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.| ## Prepare for Windows Defender Application Guard diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index 4aadf6d205..00c7bfddf4 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -39,69 +39,12 @@ Application Guard has been created to target several types of systems: ## Frequently Asked Questions -| | | -|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Can I enable Application Guard on machines equipped with 4GB RAM? | -| **A:** | We recommend 8GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. | -| | HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount - Default is 4 cores. | -| | HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB - Default is 8GB. | -| | HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB - Default is 5GB. | - -
    - - -| | | -|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Can employees download documents from the Application Guard Edge session onto host devices? | -| **A:** | In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This is managed by policy.

    In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. | - -
    - - -| | | -|--------|------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Can employees copy and paste between the host device and the Application Guard Edge session? | -| **A:** | Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container. | - -
    - - -| | | -|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Why don't employees see their Favorites in the Application Guard Edge session? | -| **A:** | To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. | - -
    - - -| | | -|--------|---------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Why aren’t employees able to see their Extensions in the Application Guard Edge session? | -| **A:** | Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. | - -
    - - -| | | -|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | How do I configure WDAG to work with my network proxy (IP-Literal Addresses)? | -| **A:** | WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher. | - -
    - - -| | | -|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? | -| **A:** | This feature is currently experimental-only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, please contact Microsoft and we’ll work with you to enable the feature. | - -
    - +Please see [Frequently asked questions - Windows Defender Application Guard](faq-wd-app-guard.md) for common user-submitted questions. | | | |--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | What is the WDAGUtilityAccount local account? | -| **A:** | This account is part of Application Guard beginning with Windows 10 version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware. | +| **Q:** | Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? | +| **A:** | When using Windows Pro and Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). |
    diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index 29ed15335f..7ed8ec4621 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -53,6 +53,8 @@ For more information about disabling local list merging, see [Prevent or allow u >If controlled folder access is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Security app after a restart of the device. >If the feature is set to **Audit mode** with any of those tools, the Windows Security app will show the state as **Off**. +>If you are protecting user profile data, we recommend that the user profile should be on the default Windows installation drive. + ## Intune 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md index 0f4d7ee1dc..07172573b3 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -183,7 +183,7 @@ Windows 10 and Windows Server 2016 have a WMI class for related properties and f > The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10. > [!NOTE] -> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1709. +> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803. The output of this command provides details of the available hardware-based security features as well as those features that are currently enabled. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md index 61220879a8..4d7e28279c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md @@ -88,7 +88,7 @@ Where: For example, to enable Arbitrary Code Guard (ACG) in audit mode for an app named *testing.exe*, run the following command: ```PowerShell -Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode +Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode ``` You can disable audit mode by replacing `-Enable` with `-Disable`. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index dc0bab469f..875fd5bfae 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -56,7 +56,9 @@ This can only be done in Group Policy. > >You must have Windows 10, version 1903. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +1. Download the latest [Administrative Templates (.admx) for Windows 10, v1809](https://www.microsoft.com/download/details.aspx?id=57576). + +2. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. 3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. @@ -86,7 +88,18 @@ This can only be done in Group Policy. 6. Open the **Hide all notifications** setting and set it to **Enabled**. Click **OK**. -7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx). +7. Use the following registry key and DWORD value to **Hide all notifications**. + + **[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]** + **"DisableNotifications"=dword:00000001** + +8. Use the following registry key and DWORD value to **Hide not-critical notifications** + + **[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]** + **"DisableEnhancedNotifications"=dword:00000001** + +9. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx). + ## Notifications @@ -136,3 +149,4 @@ This can only be done in Group Policy. | Dynamic lock on, bluetooth on, but unable to detect device | | | No | | NoPa or federated no hello | | | No | | NoPa or federated hello broken | | | No | + diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md index 8de4021830..bf20974a75 100644 --- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md +++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md @@ -123,8 +123,8 @@ Default is Any address. [Learn more](https://aka.ms/intunefirewallremotaddressrule) -## Edge traversal (coming soon) -Indicates whether edge traversal is enabled or disabled for this rule. The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. New rules have the EdgeTraversal property disabled by default. +## Edge traversal (UI coming soon) +Indicates whether edge traversal is enabled or disabled for this rule. The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. New rules have the EdgeTraversal property disabled by default. This setting can only be configured via Intune Graph at this time. [Learn more](https://aka.ms/intunefirewalledgetraversal) diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md index 9c6966b525..5ded02bd51 100644 --- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md +++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md @@ -80,7 +80,7 @@ This script does the following: Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints. -``` syntax +```powershell # Create a Security Group for the computers that will get the policy $pathname = (Get-ADDomain).distinguishedname New-ADGroup -name "IPsec client and servers" -SamAccountName "IPsec client and servers" ` @@ -120,7 +120,7 @@ Use a Windows PowerShell script similar to the following to create a local IPsec Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints. -``` syntax +```powershell #Set up the certificate $certprop = New-NetIPsecAuthProposal -machine -cert -Authority "DC=com, DC=contoso, DC=corp, CN=corp-APP1-CA" $myauth = New-NetIPsecPhase1AuthSet -DisplayName "IKEv2TestPhase1AuthSet" -proposal $certprop @@ -173,7 +173,7 @@ Follow these procedures to verify and troubleshoot your IKEv2 IPsec connections: 6. Open the wfpdiag.xml file with your an XML viewer program or Notepad, and then examine the contents. There will be a lot of data in this file. One way to narrow down where to start looking is to search the last “errorFrequencyTable” at the end of the file. There might be many instances of this table, so make sure that you look at the last table in the file. For example, if you have a certificate problem, you might see the following entry in the last table at the end of the file: - ``` syntax + ```xml ERROR_IPSEC_IKE_NO_CERT 32 diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md index 79ee3e58bd..4daaa5d367 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md @@ -67,7 +67,7 @@ netsh advfirewall set allprofiles state on **Windows PowerShell** -``` syntax +```powershell Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True ``` @@ -88,7 +88,7 @@ netsh advfirewall set allprofiles logging filename %SystemRoot%\System32\LogFile Windows PowerShell -``` syntax +```powershell Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow –NotifyOnListen True -AllowUnicastResponseToMulticast True –LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log ``` @@ -140,7 +140,7 @@ netsh advfirewall firewall add rule name="Allow Inbound Telnet" dir=in program= Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow ``` @@ -157,7 +157,7 @@ netsh advfirewall firewall add rule name="Block Outbound Telnet" dir=out program Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\tlntsvr.exe –Protocol TCP –LocalPort 23 -Action Block –PolicyStore domain.contoso.com\gpo_name ``` @@ -169,7 +169,7 @@ The following performs the same actions as the previous example (by adding a Tel Windows PowerShell -``` syntax +```powershell $gpo = Open-NetGPO –PolicyStore domain.contoso.com\gpo_name New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\telnet.exe –Protocol TCP –LocalPort 23 -Action Block –GPOSession $gpo Save-NetGPO –GPOSession $gpo @@ -191,7 +191,7 @@ netsh advfirewall firewall set rule name="Allow Web 80" new remoteip=192.168.0.2 Windows PowerShell -``` syntax +```powershell Set-NetFirewallRule –DisplayName “Allow Web 80” -RemoteAddress 192.168.0.2 ``` @@ -205,7 +205,7 @@ In the following example, we assume the query returns a single firewall rule, wh Windows PowerShell -``` syntax +```powershell Get-NetFirewallPortFilter | ?{$_.LocalPort -eq 80} | Get-NetFirewallRule | ?{ $_.Direction –eq “Inbound” -and $_.Action –eq “Allow”} | Set-NetFirewallRule -RemoteAddress 192.168.0.2 ``` @@ -213,7 +213,7 @@ You can also query for rules using the wildcard character. The following example Windows PowerShell -``` syntax +```powershell Get-NetFirewallApplicationFilter -Program "*svchost*" | Get-NetFirewallRule ``` @@ -223,7 +223,7 @@ In the following example, we add both inbound and outbound Telnet firewall rules Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow –Group “Telnet Management” New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow –Group “Telnet Management” ``` @@ -232,7 +232,7 @@ If the group is not specified at rule creation time, the rule can be added to th Windows PowerShell -``` syntax +```powershell $rule = Get-NetFirewallRule -DisplayName “Allow Inbound Telnet” $rule.Group = “Telnet Management” $rule | Set-NetFirewallRule @@ -250,7 +250,7 @@ netsh advfirewall firewall set rule group="Windows Defender Firewall remote mana Windows PowerShell -``` syntax +```powershell Set-NetFirewallRule -DisplayGroup “Windows Defender Firewall Remote Management” –Enabled True ``` @@ -258,7 +258,7 @@ There is also a separate `Enable-NetFirewallRule` cmdlet for enabling rules by g Windows PowerShell -``` syntax +```powershell Enable-NetFirewallRule -DisplayGroup “Windows Defender Firewall Remote Management” -Verbose ``` @@ -276,7 +276,7 @@ netsh advfirewall firewall delete rule name=“Allow Web 80” Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Allow Web 80” ``` @@ -284,7 +284,7 @@ Like with other cmdlets, you can also query for rules to be removed. Here, all b Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –Action Block ``` @@ -292,7 +292,7 @@ Note that it may be safer to query the rules with the **Get** command and save i Windows PowerShell -``` syntax +```powershell $x = Get-NetFirewallRule –Action Block $x $x[0-3] | Remove-NetFirewallRule @@ -306,7 +306,7 @@ The following example returns all firewall rules of the persistent store on a de Windows PowerShell -``` syntax +```powershell Get-NetFirewallRule –CimSession RemoteDevice ``` @@ -314,7 +314,7 @@ We can perform any modifications or view rules on remote devices by simply usin Windows PowerShell -``` syntax +```powershell $RemoteSession = New-CimSession –ComputerName RemoteDevice Remove-NetFirewallRule –DisplayName “AllowWeb80” –CimSession $RemoteSession -Confirm ``` @@ -342,7 +342,7 @@ netsh advfirewall consec add rule name="Require Inbound Authentication" endpoint Windows PowerShell -``` syntax +```powershell New-NetIPsecRule -DisplayName “Require Inbound Authentication” -PolicyStore domain.contoso.com\gpo_name ``` @@ -365,7 +365,7 @@ netsh advfirewall consec add rule name="Require Outbound Authentication" endpoin Windows PowerShell -``` syntax +```powershell $AHandESPQM = New-NetIPsecQuickModeCryptoProposal -Encapsulation AH,ESP –AHHash SHA1 -ESPHash SHA1 -Encryption DES3 $QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “ah:sha1+esp:sha1-des3” -Proposal $AHandESPQM –PolicyStore domain.contoso.com\gpo_name New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request -QuickModeCryptoSet $QMCryptoSet.Name –PolicyStore domain.contoso.com\gpo_name @@ -379,7 +379,7 @@ You can leverage IKEv2 capabilities in Windows Server 2012 by simply specifying Windows PowerShell -``` syntax +```powershell New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request –Phase1AuthSet MyCertAuthSet -KeyModule IKEv2 –RemoteAddress $nonWindowsGateway ``` @@ -395,7 +395,7 @@ Copying individual rules is a task that is not possible through the Netsh interf Windows PowerShell -``` syntax +```powershell $Rule = Get-NetIPsecRule –DisplayName “Require Inbound Authentication” $Rule | Copy-NetIPsecRule –NewPolicyStore domain.costoso.com\new_gpo_name $Rule | Copy-NetPhase1AuthSet –NewPolicyStore domain.costoso.com\new_gpo_name @@ -407,7 +407,7 @@ To handle errors in your Windows PowerShell scripts, you can use the *–ErrorAc Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98” –ErrorAction SilentlyContinue ``` @@ -415,7 +415,7 @@ Note that the use of wildcards can also suppress errors, but they could potentia Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” ``` @@ -423,7 +423,7 @@ When using wildcards, if you want to double-check the set of rules that is match Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –WhatIf ``` @@ -431,7 +431,7 @@ If you only want to delete some of the matched rules, you can use the *–Confir Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –Confirm ``` @@ -439,7 +439,7 @@ You can also just perform the whole operation, displaying the name of each rule Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –Verbose ``` @@ -457,7 +457,7 @@ netsh advfirewall consec show rule name=all Windows PowerShell -``` syntax +```powershell Show-NetIPsecRule –PolicyStore ActiveStore ``` @@ -473,7 +473,7 @@ netsh advfirewall monitor show mmsa all Windows PowerShell -``` syntax +```powershell Get-NetIPsecMainModeSA ``` @@ -485,7 +485,7 @@ For objects that come from a GPO (the *–PolicyStoreSourceType* parameter is sp Windows PowerShell -``` syntax +```powershell Get-NetIPsecRule –DisplayName “Require Inbound Authentication” –TracePolicyStore ``` @@ -506,7 +506,7 @@ netsh advfirewall consec add rule name=“Basic Domain Isolation Policy” profi Windows PowerShell -``` syntax +```powershell $kerbprop = New-NetIPsecAuthProposal –Machine –Kerberos $Phase1AuthSet = New-NetIPsecPhase1AuthSet -DisplayName "Kerberos Auth Phase1" -Proposal $kerbprop –PolicyStore domain.contoso.com\domain_isolation New-NetIPsecRule –DisplayName “Basic Domain Isolation Policy” –Profile Domain –Phase1AuthSet $Phase1AuthSet.Name –InboundSecurity Require –OutboundSecurity Request –PolicyStore domain.contoso.com\domain_isolation @@ -524,7 +524,7 @@ netsh advfirewall consec add rule name="Tunnel from 192.168.0.0/16 to 192.157.0. Windows PowerShell -``` syntax +```powershell $QMProposal = New-NetIPsecQuickModeCryptoProposal -Encapsulation ESP -ESPHash SHA1 -Encryption DES3 $QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “esp:sha1-des3” -Proposal $QMProposal New-NetIPSecRule -DisplayName “Tunnel from HQ to Dallas Branch” -Mode Tunnel -LocalAddress 192.168.0.0/16 -RemoteAddress 192.157.0.0/16 -LocalTunnelEndpoint 1.1.1.1 -RemoteTunnelEndpoint 2.2.2.2 -InboundSecurity Require -OutboundSecurity Require -QuickModeCryptoSet $QMCryptoSet.Name @@ -548,7 +548,7 @@ netsh advfirewall firewall add rule name="Allow Authenticated Telnet" dir=in pro Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Allow Authenticated Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -Authentication Required -Action Allow ``` @@ -562,7 +562,7 @@ netsh advfirewall consec add rule name="Authenticate Both Computer and User" end Windows PowerShell -``` syntax +```powershell $mkerbauthprop = New-NetIPsecAuthProposal -Machine –Kerberos $mntlmauthprop = New-NetIPsecAuthProposal -Machine -NTLM $P1Auth = New-NetIPsecPhase1AuthSet -DisplayName “Machine Auth” –Proposal $mkerbauthprop,$mntlmauthprop @@ -593,7 +593,7 @@ The following example shows you how to create an SDDL string that represents sec Windows PowerShell -``` syntax +```powershell $user = new-object System.Security.Principal.NTAccount (“corp.contoso.com\Administrators”) $SIDofSecureUserGroup = $user.Translate([System.Security.Principal.SecurityIdentifier]).Value $secureUserGroup = "D:(A;;CC;;;$SIDofSecureUserGroup)" @@ -603,7 +603,7 @@ By using the previous scriptlet, you can also get the SDDL string for a secure c Windows PowerShell -``` syntax +```powershell $secureMachineGroup = "D:(A;;CC;;;$SIDofSecureMachineGroup)" ``` @@ -622,7 +622,7 @@ netsh advfirewall firewall add rule name=“Allow Encrypted Inbound Telnet to Gr Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName "Allow Encrypted Inbound Telnet to Group Members Only" -Program %SystemRoot%\System32\tlntsvr.exe -Protocol TCP -Direction Inbound -Action Allow -LocalPort 23 -Authentication Required -Encryption Required –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\Server_Isolation ``` @@ -634,7 +634,7 @@ In this example, we set the global IPsec setting to only allow transport mode tr Windows PowerShell -``` syntax +```powershell Set-NetFirewallSetting -RemoteMachineTransportAuthorizationList $secureMachineGroup ``` @@ -653,7 +653,7 @@ netsh advfirewall firewall add rule name="Inbound Secure Bypass Rule" dir=in sec Windows PowerShell -``` syntax +```powershell New-NetFirewallRule –DisplayName “Inbound Secure Bypass Rule" –Direction Inbound –Authentication Required –OverrideBlockRules $true -RemoteMachine $secureMachineGroup –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\domain_isolation ``` From 322141ece849ed39eb6b17aaefe7f17e53e7869b Mon Sep 17 00:00:00 2001 From: Nandaa Date: Tue, 13 Aug 2019 12:01:48 +0300 Subject: [PATCH 11/53] fix: formatting of the important notice This commit formats the "important" notice so that it looks consistently with the other documentations e.g. the "important" on this[1] page. [1] https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-symbols --- ...ity-mode-in-compatibility-administrator.md | 183 +++++++++--------- 1 file changed, 90 insertions(+), 93 deletions(-) diff --git a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md index f1f6931c75..3ef9625772 100644 --- a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md @@ -1,93 +1,90 @@ ---- -title: Creating a Custom Compatibility Mode in Compatibility Administrator (Windows 10) -description: Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. -ms.assetid: 661a1c0d-267f-4a79-8445-62a9a98d09b0 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Creating a Custom Compatibility Mode in Compatibility Administrator - - -**Applies to** - -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 - -Windows® provides several *compatibility modes*, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases. - -## What Is a Compatibility Mode? - - -A compatibility mode is a group of compatibility fixes. A compatibility fix, previously known as a shim, is a small piece of code that intercepts API calls from applications. The fix transforms the API calls so that the current version of the operating system supports the application in the same way as previous versions of the operating system. This can be anything from disabling a new feature in Windows to emulating a particular behavior of an older version of the Windows API. - -## Searching for Existing Compatibility Modes - - -The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new compatibility mode, you can search for an existing application and then copy and paste the known fixes into your custom database. - -**Important** -Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications. - - - -**To search for an existing application** - -1. In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name. - -2. Click the application name to view the preloaded compatibility modes, compatibility fixes, or AppHelp messages. - -## Creating a New Compatibility Mode - - -If you are unable to find a preloaded compatibility mode for your application, you can create a new one for use by your custom database. - -**Important** -A compatibility mode includes a set of compatibility fixes and must be deployed as a group. Therefore, you should include only fixes that you intend to deploy together to the database. - - - -**To create a new compatibility mode** - -1. In the left-side pane of Compatibility Administrator, underneath the **Custom Databases** heading, right-click the name of the database to which you will apply the compatibility mode, click **Create New**, and then click **Compatibility Mode**. - -2. Type the name of your custom-compatibility mode into the **Name of the compatibility mode** text box. - -3. Select each of the available compatibility fixes to include in your custom-compatibility mode and then click **>**. - - **Important** - If you are unsure which compatibility fixes to add, you can click **Copy Mode**. The **Select Compatibility Mode** dialog box appears and enables you to select from the preloaded compatibility modes. After you select a compatibility mode and click **OK**, any compatibility fixes that are included in the preloaded compatibility mode will be automatically added to your custom-compatibility mode. - - - -~~~ -If you have any compatibility fixes that require additional parameters, you can select the fix, and then click **Parameters**. The **Options for <Compatibility\_Fix\_Name>** dialog box appears, enabling you to update the parameter fields. -~~~ - -4. After you are done selecting the compatibility fixes to include, click **OK**. - - The compatibility mode is added to your custom database. - -## Related topics -[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) - - - - - - - - - +--- +title: Creating a Custom Compatibility Mode in Compatibility Administrator (Windows 10) +description: Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues. +ms.assetid: 661a1c0d-267f-4a79-8445-62a9a98d09b0 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: plan +ms.pagetype: appcompat +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Creating a Custom Compatibility Mode in Compatibility Administrator + + +**Applies to** + +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 + +Windows® provides several *compatibility modes*, groups of compatibility fixes found to resolve many common application-compatibility issues. While working with Compatibility Administrator, you might decide to group some of your individual compatibility fixes into a custom-compatibility mode, which you can then deploy and use on any of your compatibility databases. + +## What Is a Compatibility Mode? + + +A compatibility mode is a group of compatibility fixes. A compatibility fix, previously known as a shim, is a small piece of code that intercepts API calls from applications. The fix transforms the API calls so that the current version of the operating system supports the application in the same way as previous versions of the operating system. This can be anything from disabling a new feature in Windows to emulating a particular behavior of an older version of the Windows API. + +## Searching for Existing Compatibility Modes + + +The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new compatibility mode, you can search for an existing application and then copy and paste the known fixes into your custom database. + +**Important** +Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications. + + + +**To search for an existing application** + +1. In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name. + +2. Click the application name to view the preloaded compatibility modes, compatibility fixes, or AppHelp messages. + +## Creating a New Compatibility Mode + + +If you are unable to find a preloaded compatibility mode for your application, you can create a new one for use by your custom database. + +**Important** +A compatibility mode includes a set of compatibility fixes and must be deployed as a group. Therefore, you should include only fixes that you intend to deploy together to the database. + + + +**To create a new compatibility mode** + +1. In the left-side pane of Compatibility Administrator, underneath the **Custom Databases** heading, right-click the name of the database to which you will apply the compatibility mode, click **Create New**, and then click **Compatibility Mode**. + +2. Type the name of your custom-compatibility mode into the **Name of the compatibility mode** text box. + +3. Select each of the available compatibility fixes to include in your custom-compatibility mode and then click **>**. + +> [!IMPORTANT] +> If you are unsure which compatibility fixes to add, you can click **Copy Mode**. The **Select Compatibility Mode** dialog box appears and enables you to select from the preloaded compatibility modes. After you select a compatibility mode and click **OK**, any compatibility fixes that are included in the preloaded compatibility mode will be automatically added to your custom-compatibility mode. +> If you have any compatibility fixes that require additional parameters, you can select the fix, and then click **Parameters**. The **Options for <Compatibility\_Fix\_Name>** dialog box appears, enabling you to update the parameter fields. +``` + +4. After you are done selecting the compatibility fixes to include, click **OK**. + + The compatibility mode is added to your custom database. + +## Related topics +[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) + + + + + + + + + From d01d157209e7dcade01c4a7d7f144095c002cbd6 Mon Sep 17 00:00:00 2001 From: Nandaa Date: Tue, 13 Aug 2019 20:50:18 +0300 Subject: [PATCH 12/53] fix: remove unnecessary back-ticks --- ...om-compatibility-mode-in-compatibility-administrator.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md index 3ef9625772..a34c87220b 100644 --- a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md @@ -68,10 +68,9 @@ A compatibility mode includes a set of compatibility fixes and must be deployed 3. Select each of the available compatibility fixes to include in your custom-compatibility mode and then click **>**. -> [!IMPORTANT] -> If you are unsure which compatibility fixes to add, you can click **Copy Mode**. The **Select Compatibility Mode** dialog box appears and enables you to select from the preloaded compatibility modes. After you select a compatibility mode and click **OK**, any compatibility fixes that are included in the preloaded compatibility mode will be automatically added to your custom-compatibility mode. -> If you have any compatibility fixes that require additional parameters, you can select the fix, and then click **Parameters**. The **Options for <Compatibility\_Fix\_Name>** dialog box appears, enabling you to update the parameter fields. -``` + > [!IMPORTANT] + > If you are unsure which compatibility fixes to add, you can click **Copy Mode**. The **Select Compatibility Mode** dialog box appears and enables you to select from the preloaded compatibility modes. After you select a compatibility mode and click **OK**, any compatibility fixes that are included in the preloaded compatibility mode will be automatically added to your custom-compatibility mode. + > If you have any compatibility fixes that require additional parameters, you can select the fix, and then click **Parameters**. The **Options for <Compatibility\_Fix\_Name>** dialog box appears, enabling you to update the parameter fields. 4. After you are done selecting the compatibility fixes to include, click **OK**. From 5ab6e75842c017b6b6ceeab6c0954cc052522539 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 13 Aug 2019 15:39:08 -0700 Subject: [PATCH 13/53] removed references to CB, CBB --- .../manage-windows-updates-for-surface-hub.md | 3 +-- devices/surface/ltsb-for-surface.md | 13 ++++++------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md index 01c378c14a..4535bd1f1b 100644 --- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md +++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md @@ -10,7 +10,6 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 06/20/2019 ms.localizationpriority: medium --- @@ -69,7 +68,7 @@ This table gives examples of deployment rings. | Deployment ring | Ring size | Servicing branch | Deferral for feature updates | Deferral for quality updates (security fixes, drivers, and other updates) | Validation step | | --------- | --------- | --------- | --------- | --------- | --------- | -| Preview (e.g. non-critical or test devices) | Small | Semi-annual channel (Targeted) | None. | None. | Manually test and evaluate new functionality. Pause updates if there are issues. | +| Preview (e.g. non-critical or test devices) | Small | Windows Insider Preview | None. | None. | Manually test and evaluate new functionality. Pause updates if there are issues. | | Release (e.g. devices used by select teams) | Medium | Semi-annual channel | None. | None. | Monitor device usage and user feedback. Pause updates if there are issues. | | Broad deployment (e.g. most of the devices in your organization) | Large | Semi-annual channel | 120 days after release. | 7-14 days after release. | Monitor device usage and user feedback. Pause updates if there are issues. | | Mission critical (e.g. devices in executive boardrooms) | Small | Semi-annual channel | 180 days after release (maximum deferral for feature updates). | 30 days after release (maximum deferral for quality updates). | Monitor device usage and user feedback. | diff --git a/devices/surface/ltsb-for-surface.md b/devices/surface/ltsb-for-surface.md index d7e5bdc7d7..225135d993 100644 --- a/devices/surface/ltsb-for-surface.md +++ b/devices/surface/ltsb-for-surface.md @@ -1,5 +1,5 @@ --- -title: Long-Term Servicing Branch for Surface devices (Surface) +title: Long-Term Servicing Channel for Surface devices (Surface) description: LTSB is not supported for general-purpose Surface devices and should be used for specialized devices only. ms.prod: w10 ms.mktglfcycl: manage @@ -8,26 +8,25 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 04/25/2017 ms.reviewer: manager: dansimp --- -# Long-Term Servicing Branch (LTSB) for Surface devices +# Long-Term Servicing Channel (LTSC) for Surface devices >[!WARNING] >For updated information on this topic, see [Surface device compatibility with Windows 10 Long-Term Servicing Channel](surface-device-compatibility-with-windows-10-ltsc.md). For additional information on this update, see the [Documentation Updates for Surface and Windows 10 LTSB Compatibility](https://blogs.technet.microsoft.com/surface/2017/04/11/documentation-updates-for-surface-and-windows-10-ltsb-compatibility) post on the Surface Blog for IT Pros. -General-purpose Surface devices running Long-Term Servicing Branch (LTSB) are not supported. As a general guideline, if a Surface device runs productivity software, such as Microsoft Office, it is a general-purpose device that does not qualify for LTSB and should instead run Current Branch (CB) or Current Branch for Business (CBB). +General-purpose Surface devices in the Long-Term Servicing Channel (LTSC) are not supported. As a general guideline, if a Surface device runs productivity software, such as Microsoft Office, it is a general-purpose device that does not qualify for LTSC and should instead be on the Semi-Annual Channel. >[!NOTE] >For more information about the servicing branches, see [Overview of Windows as a service](https://technet.microsoft.com/itpro/windows/manage/waas-overview). -LTSB prevents Surface devices from receiving critical Windows 10 feature updates and certain non-security servicing updates. Customers with poor experiences using Surface devices in the LTSB configuration will be instructed to upgrade to CB or CBB. Furthermore, the Windows 10 Enterprise LTSB edition removes core features of Surface devices, including seamless inking and touch-friendly applications. It does not contain key in-box applications including Microsoft Edge, OneNote, Calendar or Camera. Therefore, productivity is impacted and functionality is limited. LTSB is not supported as a suitable servicing solution for general-purpose Surface devices. +LTSC prevents Surface devices from receiving critical Windows 10 feature updates and certain non-security servicing updates. Customers with poor experiences using Surface devices in the LTSC configuration will be instructed to switch to the Semi-Annual Channel. Furthermore, the Windows 10 Enterprise LTSB edition removes core features of Surface devices, including seamless inking and touch-friendly applications. It does not contain key in-box applications including Microsoft Edge, OneNote, Calendar or Camera. Therefore, productivity is impacted and functionality is limited. LTSC is not supported as a suitable servicing solution for general-purpose Surface devices. -General-purpose Surface devices are intended to run CB or CBB to receive full servicing and firmware updates and forward compatibility with the introduction of new Surface features. With CB, feature updates are available as soon as Microsoft releases them. Customers in the CBB servicing model receive the same build of Windows 10 as those in CB, at a later date. +General-purpose Surface devices are intended to run on the Semi-Annual Channel to receive full servicing and firmware updates and forward compatibility with the introduction of new Surface features. In the Semi-Annual Channel, feature updates are available as soon as Microsoft releases them. -Surface devices in specialized scenarios–such as PCs that control medical equipment, point-of-sale systems, and ATMs–may consider the use of LTSB. These special-purpose systems typically perform a single task and do not require feature updates as frequently as other devices in the organization. +Surface devices in specialized scenarios–such as PCs that control medical equipment, point-of-sale systems, and ATMs–might consider the use of LTSC. These special-purpose systems typically perform a single task and do not require feature updates as frequently as other devices in the organization. From 38853d107bba1b85dfbf5baa5a60fec77d66688a Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Tue, 13 Aug 2019 19:16:43 -0700 Subject: [PATCH 14/53] CAT Auto Publish for Windows Release Messages - CAT_AutoPublish Windows Release Changes - CAT_AutoPublish_2019081317494921 (#897) (#898) --- .../resolved-issues-windows-10-1507.yml | 8 ++----- .../resolved-issues-windows-10-1607.yml | 21 +++++++++++++------ .../resolved-issues-windows-10-1703.yml | 19 +++++++++++------ .../resolved-issues-windows-10-1709.yml | 19 +++++++++++------ .../resolved-issues-windows-10-1803.yml | 19 +++++++++++------ ...indows-10-1809-and-windows-server-2019.yml | 19 +++++++++++------ .../resolved-issues-windows-10-1903.yml | 4 ++-- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 10 +++++---- ...windows-8.1-and-windows-server-2012-r2.yml | 8 +++---- ...esolved-issues-windows-server-2008-sp2.yml | 6 ++---- .../resolved-issues-windows-server-2012.yml | 6 ++---- .../status-windows-10-1507.yml | 4 ++-- ...indows-10-1607-and-windows-server-2016.yml | 14 ++++++------- .../status-windows-10-1703.yml | 10 ++++----- .../status-windows-10-1709.yml | 10 ++++----- .../status-windows-10-1803.yml | 10 ++++----- ...indows-10-1809-and-windows-server-2019.yml | 10 ++++----- .../status-windows-10-1903.yml | 20 +++++++----------- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 12 +++++++---- ...windows-8.1-and-windows-server-2012-r2.yml | 8 +++---- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- .../windows-message-center.yml | 5 +++++ 23 files changed, 142 insertions(+), 108 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml index ab7065d60a..798d3fa659 100644 --- a/windows/release-information/resolved-issues-windows-10-1507.yml +++ b/windows/release-information/resolved-issues-windows-10-1507.yml @@ -32,17 +32,15 @@ sections: - type: markdown text: " - + - -
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved
    KB4507458    		July 09, 2019
    10:00 AM PT
    Unable to access some gov.uk websites
    gov.uk websites that don’t support “HSTS” may not be accessible

    See details >    		OS Build 10240.18215

    May 14, 2019
    KB4499154    		Resolved
    KB4505051    		May 19, 2019
    02:00 PM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    See details >    		OS Build 10240.18132

    February 12, 2019
    KB4487018    		Resolved
    KB4493475    		April 09, 2019
    10:00 AM PT
    Unable to access hotspots with third-party applications
    Third-party applications may have difficulty authenticating hotspots.

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Resolved
    KB4487018    		February 12, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Resolved
    KB4493475    		April 09, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    Users may receive \"Error 1309\" while installing or uninstalling certain types of MSI and MSP files.

    See details >    		OS Build 10240.18132

    February 12, 2019
    KB4487018    		Resolved
    KB4489872    		March 12, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		OS Build 10240.18132

    February 12, 2019
    KB4487018    		Resolved
    KB4491101    		February 21, 2019
    02:00 PM PT
    First character of Japanese era name not recognized
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		OS Build 10240.18132

    February 12, 2019
    KB4487018    		Resolved
    KB4489872    		March 12, 2019
    10:00 AM PT
    Custom URI schemes may not start corresponding application
    Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

    See details >    		OS Build 10240.18158

    March 12, 2019
    KB4489872    		Resolved
    KB4493475    		April 09, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Resolved
    KB4487018    		February 12, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		OS Build 10240.18132

    February 12, 2019
    KB4487018    		Resolved
    KB4489872    		March 12, 2019
    10:00 AM PT
    " @@ -59,7 +57,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -108,8 +106,6 @@ sections: - type: markdown text: " - -
    DetailsOriginating updateStatusHistory
    Unable to access hotspots with third-party applications
    After installing KB4480962, third-party applications may have difficulty authenticating hotspots.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4487018.

    Back to top    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Resolved
    KB4487018    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    After installing KB4480962, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4493475.

    Back to top    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Resolved
    KB4493475    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, \"Unrecognized Database Format\".

    Affected platforms:
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487018.

    Back to top    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Resolved
    KB4487018    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index 2c0de867c7..e8b0598941 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,7 +32,9 @@ sections: - type: markdown text: " - + + + @@ -52,10 +54,8 @@ sections: - -
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    SCVMM cannot enumerate and manage logical switches deployed on the host
    For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

    See details >    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Resolved
    KB4507459    		July 16, 2019
    10:00 AM PT
    Some applications may fail to run as expected on clients of AD FS 2016
    Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

    See details >    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Resolved
    KB4507459    		July 16, 2019
    10:00 AM PT
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

    See details >    		OS Build 14393.2969

    May 14, 2019
    KB4494440    		Resolved
    KB4507460    		July 09, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		OS Build 14393.2791

    February 12, 2019
    KB4487026    		Resolved
    KB4487006    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		OS Build 14393.2759

    January 17, 2019
    KB4480977    		Resolved
    KB4487006    		February 19, 2019
    02:00 PM PT
    Custom URI schemes may not start corresponding application
    Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

    See details >    		OS Build 14393.2848

    March 12, 2019
    KB4489882    		Resolved
    KB4493473    		April 25, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >    		OS Build 14393.2724

    January 08, 2019
    KB4480961    		Resolved
    KB4487026    		February 12, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		OS Build 14393.2791

    February 12, 2019
    KB4487026    		Resolved
    KB4487006    		February 19, 2019
    02:00 PM PT
    Issue hosting multiple terminal server sessions and a user logs off on Windows Server
    In some cases, Windows Server will stop working and restart when hosting multiple terminal server sessions and a user logs off.

    See details >    		OS Build 14393.2828

    February 19, 2019
    KB4487006    		Resolved
    KB4489882    		March 12, 2019
    10:00 AM PT
    Instant search in Microsoft Outlook fails on Windows Server 2016
    Instant search in Microsoft Outlook clients fail with the error, \"Outlook cannot perform the search\" on Windows Server 2016.

    See details >    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Resolved
    KB4487026    		February 12, 2019
    10:00 AM PT
    " @@ -71,7 +71,18 @@ sections: - type: markdown text: " - + +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    + " + +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512517. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

    Affected platforms:
    • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4512517.

    Back to top    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 26, 2019
    04:58 PM PT
    " @@ -140,7 +151,6 @@ sections:
    Internet Explorer 11 authentication issue with multiple concurrent logons
    After installing KB4480961, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
    • Cache size and location show zero or empty.
    • Keyboard shortcuts may not work properly.
    • Webpages may intermittently fail to load or render correctly.
    • Issues with credential prompts.
    • Issues when downloading files.
    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: This issue was resolved in KB4493470.

    Back to topOS Build 14393.2724

    January 08, 2019
    KB4480961Resolved
    KB4493470Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    After installing KB4480961, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4493470.

    Back to topOS Build 14393.2724

    January 08, 2019
    KB4480961Resolved
    KB4493470Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480977, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487006.

    Back to topOS Build 14393.2759

    January 17, 2019
    KB4480977Resolved
    KB4487006Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 17, 2019
    02:00 PM PT -
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

    Affected platforms:
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4487026.

    Back to topOS Build 14393.2724

    January 08, 2019
    KB4480961Resolved
    KB4487026Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT " @@ -150,6 +160,5 @@ sections: text: " -
    DetailsOriginating updateStatusHistory
    SCVMM cannot enumerate and manage logical switches deployed on the host
    For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host after installing KB4467684.

    Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts.

    Affected platforms:
    • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4507459.

    Back to top    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Resolved
    KB4507459    		Resolved:
    July 16, 2019
    10:00 AM PT

    Opened:
    November 27, 2018
    10:00 AM PT
    Instant search in Microsoft Outlook fails on Windows Server 2016
    After installing KB4467684 on Windows Server 2016, instant search in Microsoft Outlook clients fail with the error, \"Outlook cannot perform the search\".

    Affected platforms:
    • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server 2016
    Resolution: This issue is resolved in KB4487026.

    Back to top    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Resolved
    KB4487026    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    November 27, 2018
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index 3401b26fdf..0786837bf2 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -46,9 +47,7 @@ sections: - -
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

    See details >    		OS Build 15063.1805

    May 14, 2019
    KB4499181    		Resolved
    KB4507450    		July 09, 2019
    10:00 AM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 15063.1839

    May 28, 2019
    KB4499162    		Resolved
    KB4509476    		June 26, 2019
    04:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved
    KB4503289    		June 18, 2019
    02:00 PM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		OS Build 15063.1631

    February 12, 2019
    KB4487020    		Resolved
    KB4487011    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		OS Build 15063.1596

    January 15, 2019
    KB4480959    		Resolved
    KB4487011    		February 19, 2019
    02:00 PM PT
    Custom URI schemes may not start corresponding application
    Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

    See details >    		OS Build 15063.1689

    March 12, 2019
    KB4489871    		Resolved
    KB4493436    		April 25, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Resolved
    KB4487020    		February 12, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		OS Build 15063.1631

    February 12, 2019
    KB4487020    		Resolved
    KB4487011    		February 19, 2019
    02:00 PM PT
    Webpages become unresponsive in Microsoft Edge
    Microsoft Edge users report difficulty browsing and loading webpages.

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Resolved
    KB4487020    		February 12, 2019
    10:00 AM PT
    " @@ -64,7 +63,17 @@ sections: - type: markdown text: " - + +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    + " + +- title: July 2019 +- items: + - type: markdown + text: " + +
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512507. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    " @@ -119,7 +128,5 @@ sections: - -
    DetailsOriginating updateStatusHistory
    MSXML6 may cause applications to stop responding
    After installing KB4480973, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4493474.

    Back to top    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Resolved
    KB4493474    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480959, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487011.

    Back to top    		OS Build 15063.1596

    January 15, 2019
    KB4480959    		Resolved
    KB4487011    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 15, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

    Affected platforms:
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487020.

    Back to top    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Resolved
    KB4487020    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    After installing KB4480973, some Microsoft Edge users report that they:
    • Cannot load web pages using a local IP address.
    • Cannot load web pages on the Internet using a VPN connection.
    Browsing fails or the web page may become unresponsive.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
    Resolution: This issue is resolved in KB4486996

    Back to top    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Resolved
    KB4487020    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index d2b59916e7..36039dceaa 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -46,9 +47,7 @@ sections: - -
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 16299.1182

    May 28, 2019
    KB4499147    		Resolved
    KB4509477    		June 26, 2019
    04:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved
    KB4503281    		June 18, 2019
    02:00 PM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    See details >    		OS Build 16299.1182

    May 28, 2019
    KB4499147    		Resolved
    KB4503284    		June 11, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    Users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

    See details >    		OS Build 16299.967

    February 12, 2019
    KB4486996    		Resolved
    KB4489886    		March 12, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		OS Build 16299.967

    February 12, 2019
    KB4486996    		Resolved
    KB4487021    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		OS Build 16299.936

    January 15, 2019
    KB4480967    		Resolved
    KB4487021    		February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Resolved
    KB4486996    		February 12, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		OS Build 16299.967

    February 12, 2019
    KB4486996    		Resolved
    KB4487021    		February 19, 2019
    02:00 PM PT
    Webpages become unresponsive in Microsoft Edge
    Microsoft Edge users report difficulty browsing and loading webpages.

    See details >    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Resolved
    KB4486996    		February 12, 2019
    10:00 AM PT
    Stop error when attempting to start SSH from WSL
    A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

    See details >    		OS Build 16299.1029

    March 12, 2019
    KB4489886    		Resolved
    KB4493441    		April 09, 2019
    10:00 AM PT
    " @@ -65,7 +64,17 @@ sections: - type: markdown text: " - + +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    + " + +- title: July 2019 +- items: + - type: markdown + text: " + +
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512516. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    " @@ -129,7 +138,5 @@ sections: - -
    DetailsOriginating updateStatusHistory
    MSXML6 causes applications to stop responding if an exception was thrown
    After installing KB4480978, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4493441.

    Back to top    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Resolved
    KB4493441    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480967, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487021.

    Back to top    		OS Build 16299.936

    January 15, 2019
    KB4480967    		Resolved
    KB4487021    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 15, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format.”

    Affected platforms:
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4486996.

    Back to top    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Resolved
    KB4486996    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    After installing KB4480978, some Microsoft Edge users report that they:
    • Cannot load web pages using a local IP address. 
    • Cannot load web pages on the Internet using a VPN connection.  
    Browsing fails or the web page may become unresponsive. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
    Resolution: This issue is resolved in KB4486996.

    Back to top    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Resolved
    KB4486996    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index 24ad1254f2..c94998225d 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -46,9 +47,7 @@ sections: - -
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 17134.799

    May 21, 2019
    KB4499183    		Resolved
    KB4509478    		June 26, 2019
    04:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved
    KB4503288    		June 18, 2019
    02:00 PM PT
    Opening Internet Explorer 11 may fail
    Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

    See details >    		OS Build 17134.799

    May 21, 2019
    KB4499183    		Resolved
    KB4503286    		June 11, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		OS Build 17134.590

    February 12, 2019
    KB4487017    		Resolved
    KB4487029    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		OS Build 17134.556

    January 15, 2019
    KB4480976    		Resolved
    KB4487029    		February 19, 2019
    02:00 PM PT
    Custom URI schemes may not start corresponding application
    Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

    See details >    		OS Build 17134.648

    March 12, 2019
    KB4489868    		Resolved
    KB4493437    		April 25, 2019
    02:00 PM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Resolved
    KB4487017    		February 12, 2019
    10:00 AM PT
    Cannot pin a web link on the Start menu or the taskbar
    Some users cannot pin a web link on the Start menu or the taskbar.

    See details >    		OS Build 17134.471

    December 11, 2018
    KB4471324    		Resolved
    KB4487029    		February 19, 2019
    02:00 PM PT
    Webpages become unresponsive in Microsoft Edge
    Microsoft Edge users report difficulty browsing and loading webpages.

    See details >    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Resolved
    KB4487017    		February 12, 2019
    10:00 AM PT
    Stop error when attempting to start SSH from WSL
    A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

    See details >    		OS Build 17134.648

    March 12, 2019
    KB4489868    		Resolved
    KB4493464    		April 09, 2019
    10:00 AM PT
    " @@ -65,7 +64,17 @@ sections: - type: markdown text: " - + +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    + " + +- title: July 2019 +- items: + - type: markdown + text: " + +
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512501. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    " @@ -128,8 +137,6 @@ sections: - -
    DetailsOriginating updateStatusHistory
    MSXML6 may cause applications to stop responding
    After installing KB4480966, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4493464

    Back to top    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Resolved
    KB4493464    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized
    After installing KB4480976, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487029

    Back to top    		OS Build 17134.556

    January 15, 2019
    KB4480976    		Resolved
    KB4487029    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487017.

    Back to top    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Resolved
    KB4487017    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    After installing KB4480966, some Microsoft Edge users report that they: 
    • Cannot load web pages using a local IP address. 
    • Cannot load web pages on the Internet using a VPN connection.  
    Browsing fails or the web page may become unresponsive. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
    Resolution: This issue is resolved in KB4487017

    Back to top    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Resolved
    KB4487017    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index f2dc569ffb..2dd93de94b 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -55,13 +56,11 @@ sections: - -
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 17763.529

    May 21, 2019
    KB4497934    		Resolved
    KB4509479    		June 26, 2019
    04:00 PM PT
    Devices with Realtek Bluetooth radios drivers may not pair or connect as expected
    Devices with some Realtek Bluetooth radios drivers, in some circumstances, may have issues pairing or connecting to devices.

    See details >    		OS Build 17763.503

    May 14, 2019
    KB4494441    		Resolved
    KB4501371    		June 18, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved
    KB4501371    		June 18, 2019
    02:00 PM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		OS Build 17763.316

    February 12, 2019
    KB4487044    		Resolved
    KB4482887    		March 01, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		OS Build 17763.316

    February 12, 2019
    KB4487044    		Resolved
    KB4482887    		March 01, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 9 file format may randomly stop working.

    See details >    		OS Build 17763.316

    February 12, 2019
    KB4487044    		Resolved
    KB4482887    		March 01, 2019
    10:00 AM PT
    Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
    Upgrade block: Devices utilizing AMD Radeon HD2000 or HD4000 series video cards may experience issues with the lock screen and Microsoft Edge tabs.

    See details >    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4487044    		February 12, 2019
    10:00 AM PT
    Shared albums may not sync with iCloud for Windows
    Upgrade block: Apple has identified an incompatibility with iCloud for Windows (version 7.7.0.27) where users may experience issues updating or synching Shared Albums.

    See details >    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		March 01, 2019
    10:00 AM PT
    Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
    Upgrade block: Users may see an Intel Audio Display (intcdaud.sys) notification during setup for devices with certain Intel Display Audio Drivers.

    See details >    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		March 01, 2019
    10:00 AM PT
    F5 VPN clients losing network connectivity
    Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

    See details >    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		March 01, 2019
    10:00 AM PT
    Global DNS outage affects Windows Update customers
    Windows Update customers were recently affected by a network infrastructure event caused by an external DNS service provider's global outage.

    See details >    		N/A

    		Resolved
    		March 08, 2019
    11:15 AM PT
    Apps may stop working after selecting an audio output device other than the default
    Users with multiple audio devices that select an audio output device different from the \"Default Audio Device\" may find certain applications stop working unexpectedly.

    See details >    		OS Build 17763.348

    March 01, 2019
    KB4482887    		Resolved
    KB4490481    		April 02, 2019
    10:00 AM PT
    Webpages become unresponsive in Microsoft Edge
    Microsoft Edge users report difficulty browsing and loading webpages.

    See details >    		OS Build 17763.253

    January 08, 2019
    KB4480116    		Resolved
    KB4487044    		February 12, 2019
    10:00 AM PT
    " @@ -77,7 +76,17 @@ sections: - type: markdown text: " - + +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    + " + +- title: July 2019 +- items: + - type: markdown + text: " + +
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4511553. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    " @@ -149,7 +158,6 @@ sections:
    Internet Explorer 11 authentication issue with multiple concurrent logons
    After installing KB4480116, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to: 
    • Cache size and location show zero or empty. 
    • Keyboard shortcuts may not work properly. 
    • Webpages may intermittently fail to load or render correctly. 
    • Issues with credential prompts. 
    • Issues when downloading files. 
    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: This issue was resolved in KB4493509

    Back to topOS Build 17763.253

    January 08, 2019
    KB4480116Resolved
    KB4493509Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    After installing KB4480116, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
     
    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4493509

    Back to topOS Build 17763.253

    January 08, 2019
    KB4480116Resolved
    KB4493509Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Global DNS outage affects Windows Update customers
    Windows Update customers were affected by a network infrastructure event on January 29, 2019 (21:00 UTC), caused by an external DNS service provider's global outage. A software update to the external provider's DNS servers resulted in the distribution of corrupted DNS records that affected connectivity to the Windows Update service. The DNS records were restored by January 30, 2019 (00:10 UTC), and the majority of local Internet Service Providers (ISP) have refreshed their DNS servers and customer services have been restored. 
     
    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    While this was not an issue with Microsoft's services, we take any service disruption for our customers seriously. We will work with partners to better understand this so we can provide higher quality service in the future even across diverse global network providers. 
     
    If you are still unable to connect to Windows Update services due to this problem, please contact your local ISP or network administrator. You can also refer to our new KB4493784 for more information to determine if your network is affected, and to provide your local ISP or network administrator with additional information to assist you. 

    Back to topN/A

    Resolved
    Resolved:
    March 08, 2019
    11:15 AM PT

    Opened:
    January 29, 2019
    02:00 PM PT -
    Webpages become unresponsive in Microsoft Edge
    After installing KB4480116, some Microsoft Edge users report that they:
    • Cannot load web pages using a local IP address. 
    • Cannot load web pages on the Internet using a VPN connection.
    Browsing fails or the web page may become unresponsive.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
    Resolution: This issue is resolved in KB4487020

    Back to topOS Build 17763.253

    January 08, 2019
    KB4480116Resolved
    KB4487044Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT " @@ -159,7 +167,6 @@ sections: text: " - diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index ad7c9065b6..46128ad713 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: "
    DetailsOriginating updateStatusHistory
    Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
    Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
     
    As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.
    Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019 
    Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article.

    Resolution: Microsoft has removed the safeguard hold.



    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    		Resolved:
    May 21, 2019
    07:42 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
    Note: AMD no longer supports Radeon HD2000 and HD4000 series graphic processor units (GPUs).
     
    Upgrade block: After updating to Windows 10, version 1809, Microsoft Edge tabs may stop working when a device is configured with AMD Radeon HD2000 or HD4000 series video cards. Customers may get the following error code: \"INVALID_POINTER_READ_c0000005_atidxx64.dll\". 
     
    Some users may also experience performance issues with the lock screen or the ShellExperienceHost. (The lock screen hosts widgets, and the ShellExperienceHost is responsible for assorted shell functionality.) 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Resolution: This issue was resolved in KB4487044, and the block was removed.

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4487044    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    Shared albums may not sync with iCloud for Windows
    Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Windows 10, version 1809 until this issue has been resolved. 

    We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. 
     
    Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283.

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		Resolved:
    March 01, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
    Upgrade block: Microsoft and Intel have identified a compatibility issue with a range of Intel Display Audio device drivers (intcdaud.sys, versions 10.25.0.3 - 10.25.0.8) that may result in excessive processor demand and reduced battery life. As a result, the update process to the Windows 10 October 2018 Update (Windows 10, version 1809) will fail and affected devices will automatically revert to the previous working configuration. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    If you see a \"What needs your attention\" notification during installation of the October 2018 Update, you have one of these affected drivers on your system. On the notification, click Back to remain on your current version of Windows 10. 
     
    To ensure a seamless experience, we are blocking devices from being offered the October 2018 Update until updated Intel device drivers are installed on your current operating system. We recommend that you do not attempt to manually update to Windows 10, version 1809, using the Update Now button or the Media Creation Tool from the Microsoft Software Download Center until newer Intel device drivers are available with the update. You can either wait for newer drivers to be installed automatically through Windows Update or check with your computer manufacturer for the latest device driver software availability and installation procedures. For more information about this issue, see Intel's customer support guidance.
     
    Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		Resolved:
    March 01, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    F5 VPN clients losing network connectivity
    Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

    Back to top    		OS Build 17763.134

    November 13, 2018
    KB4467708    		Resolved
    KB4482887    		Resolved:
    March 01, 2019
    10:00 AM PT

    Opened:
    November 13, 2018
    10:00 AM PT
    - + @@ -58,7 +58,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Display brightness may not respond to adjustments
    Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4505903    		July 26, 2019
    02:00 PM PT
    RASMAN service may stop working and result in the error “0xc0000005”
    The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Resolved
    KB4505903    		July 26, 2019
    02:00 PM PT
    Loss of functionality in Dynabook Smartphone Link app
    After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

    See details >    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Resolved
    		July 11, 2019
    01:54 PM PT
    - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 33a6733fd2..56fbefcd4d 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,7 +32,9 @@ sections: - type: markdown text: " - + + + @@ -48,7 +50,6 @@ sections: -
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    04:25 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    10:06 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499164    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503292    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    Unable to access some gov.uk websites
    gov.uk websites that don’t support “HSTS” may not be accessible

    See details >    		May 14, 2019
    KB4499164    		Resolved
    KB4505050    		May 18, 2019
    02:00 PM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		February 12, 2019
    KB4486563    		Resolved
    KB4486565    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		January 17, 2019
    KB4480955    		Resolved
    KB4486565    		February 19, 2019
    02:00 PM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

    See details >    		January 08, 2019
    KB4480970    		Resolved
    KB4493472    		April 09, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >    		January 08, 2019
    KB4480970    		Resolved
    KB4486563    		February 12, 2019
    10:00 AM PT
    Event Viewer may not show some event descriptions for network interface cards
    The Event Viewer may not show some event descriptions for network interface cards (NIC).

    See details >    		October 18, 2018
    KB4462927    		Resolved
    KB4489878    		March 12, 2019
    10:00 AM PT
    Virtual machines fail to restore
    Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

    See details >    		January 08, 2019
    KB4480970    		Resolved
    KB4490511    		February 19, 2019
    02:00 PM PT
    @@ -66,7 +67,8 @@ sections: - type: markdown text: " - + +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -94,6 +96,7 @@ sections: - type: markdown text: " + @@ -130,7 +133,6 @@ sections:
    DetailsOriginating updateStatusHistory
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

    Back to top    		April 09, 2019
    KB4493472    		Resolved External
    		Last updated:
    August 13, 2019
    10:06 AM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart if ArcaBit antivirus software installed
    Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

    Back to top    		April 09, 2019
    KB4493472    		Resolved
    		Resolved:
    May 14, 2019
    01:23 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

    Back to top    		April 09, 2019
    KB4493472    		Resolved
    		Resolved:
    May 14, 2019
    01:22 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

    Back to top    		April 09, 2019
    KB4493472    		Resolved
    		Resolved:
    May 14, 2019
    01:21 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    -
    DetailsOriginating updateStatusHistory
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480955, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4486565.

    Back to top    		January 17, 2019
    KB4480955    		Resolved
    KB4486565    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 17, 2019
    10:00 AM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    After installing KB4480970, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
    • Cache size and location show zero or empty.
    • Keyboard shortcuts may not work properly.
    • Webpages may intermittently fail to load or render correctly.
    • Issues with credential prompts.
    • Issues when downloading files.
    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: This issue is resolved in KB4493472.

    Back to top    		January 08, 2019
    KB4480970    		Resolved
    KB4493472    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

    Affected Platforms:
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 

    Resolution: This issue is resolved in KB4486563.

    Back to top    		January 08, 2019
    KB4480970    		Resolved
    KB4486563    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Virtual machines fail to restore
    After installing KB4480970, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490511.

    Back to top    		January 08, 2019
    KB4480970    		Resolved
    KB4490511    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index 9bf1ac9d82..dbb57e0e0b 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -51,7 +52,6 @@ sections: -
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    04:25 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    10:06 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499151    		Resolved
    KB4503283    		June 20, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503276    		Resolved
    KB4503283    		June 20, 2019
    02:00 PM PT
    Issue using PXE to start a device from WDS
    There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

    See details >    		March 12, 2019
    KB4489881    		Resolved
    KB4503276    		June 11, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding.
    MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >    		January 08, 2019
    KB4480963    		Resolved
    KB4493446    		April 09, 2019
    10:00 AM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

    See details >    		January 08, 2019
    KB4480963    		Resolved
    KB4493446    		April 09, 2019
    10:00 AM PT
    Virtual machines fail to restore
    Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

    See details >    		January 08, 2019
    KB4480963    		Resolved
    KB4490512    		February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >    		January 08, 2019
    KB4480963    		Resolved
    KB4487000    		February 12, 2019
    10:00 AM PT
    " @@ -67,7 +67,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -96,6 +96,7 @@ sections: - type: markdown text: " + @@ -134,6 +135,5 @@ sections: -
    DetailsOriginating updateStatusHistory
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

    Back to top    		April 09, 2019
    KB4493446    		Resolved External
    		Last updated:
    August 13, 2019
    10:06 AM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart if ArcaBit antivirus software installed
    Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

    Back to top    		April 09, 2019
    KB4493446    		Resolved
    		Resolved:
    May 14, 2019
    01:22 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

    Back to top    		April 09, 2019
    KB4493446    		Resolved
    		Resolved:
    May 14, 2019
    01:22 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

    Back to top    		April 09, 2019
    KB4493446    		Resolved
    		Resolved:
    May 14, 2019
    01:21 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding.
    After installing KB4480963, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4493446.

    Back to top    		January 08, 2019
    KB4480963    		Resolved
    KB4493446    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    After installing KB4480963, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
    • Cache size and location show zero or empty.
    • Keyboard shortcuts may not work properly.
    • Webpages may intermittently fail to load or render correctly.
    • Issues with credential prompts.
    • Issues when downloading files.
    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: This issue is resolved in KB4493446.

    Back to top    		January 08, 2019
    KB4480963    		Resolved
    KB4493446    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Virtual machines fail to restore
    After installing KB4480963, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490512.

    Back to top    		January 08, 2019
    KB4480963    		Resolved
    KB4490512    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

    Affected platforms: 
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4487000.

    Back to top    		January 08, 2019
    KB4480963    		Resolved
    KB4487000    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index aeb08c2fd5..b83e9cc1e7 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -42,7 +42,6 @@ sections: -
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4503271    		June 20, 2019
    02:00 PM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493471    		Resolved
    		May 14, 2019
    01:21 PM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Devices with Avira antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493471    		Resolved
    		May 14, 2019
    01:19 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		January 17, 2019
    KB4480974    		Resolved
    KB4489880    		March 12, 2019
    10:00 AM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    See details >    		February 12, 2019
    KB4487023    		Resolved
    KB4493471    		April 09, 2019
    10:00 AM PT
    Virtual machines fail to restore
    Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

    See details >    		January 08, 2019
    KB4480968    		Resolved
    KB4490514    		February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >    		January 08, 2019
    KB4480968    		Resolved
    KB4487023    		February 12, 2019
    10:00 AM PT
    " @@ -58,7 +57,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -108,6 +107,5 @@ sections: -
    DetailsOriginating updateStatusHistory
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480974, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4489880.

    Back to top    		January 17, 2019
    KB4480974    		Resolved
    KB4489880    		Resolved:
    March 12, 2019
    10:00 AM PT

    Opened:
    January 17, 2019
    10:00 AM PT
    Virtual machines fail to restore
    After installing KB4480968, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490514.

    Back to top    		January 08, 2019
    KB4480968    		Resolved
    KB4490514    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

    Affected platforms: 
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487023.

    Back to top    		January 08, 2019
    KB4480968    		Resolved
    KB4487023    		Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 532b8144c8..9a3dd8d77a 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -48,7 +48,6 @@ sections: -
    SummaryOriginating updateStatusDate resolved
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Some devices and generation 2 Hyper-V VMs may have issues installing updates
    Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499171    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4503295    		June 20, 2019
    02:00 PM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

    See details >    		January 08, 2019
    KB4480975    		Resolved
    KB4493451    		April 09, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >    		January 08, 2019
    KB4480975    		Resolved
    KB4493451    		April 09, 2019
    10:00 AM PT
    Virtual machines fail to restore
    Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

    See details >    		January 08, 2019
    KB4480975    		Resolved
    KB4490516    		February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

    See details >    		January 08, 2019
    KB4480975    		Resolved
    KB4487025    		February 12, 2019
    10:00 AM PT
    Event Viewer may not show some event descriptions for network interface cards
    The Event Viewer may not show some event descriptions for network interface cards (NIC).

    See details >    		September 11, 2018
    KB4457135    		Resolved
    KB4489891    		March 12, 2019
    10:00 AM PT
    " @@ -65,7 +64,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -129,7 +128,6 @@ sections:
    Internet Explorer 11 authentication issue with multiple concurrent logons
    After installing KB4480975, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
    • Cache size and location show zero or empty.
    • Keyboard shortcuts may not work properly.
    • Webpages may intermittently fail to load or render correctly.
    • Issues with credential prompts.
    • Issues when downloading files.
    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: This issue is resolved in KB4493451.

    Back to topJanuary 08, 2019
    KB4480975Resolved
    KB4493451Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    After installing KB4480975, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4493451.

    Back to topJanuary 08, 2019
    KB4480975Resolved
    KB4493451Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Virtual machines fail to restore
    After installing KB4480975, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, \"Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).\"

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490516.

    Back to topJanuary 08, 2019
    KB4480975Resolved
    KB4490516Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT -
    Applications using Microsoft Jet database fail to open
    Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, \"Unrecognized Database Format\".

    Affected platforms: 
    • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487025.

    Back to topJanuary 08, 2019
    KB4480975Resolved
    KB4487025Resolved:
    February 12, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT " diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 010cb9d55b..55d16a4b23 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Mitigated
    		April 25, 2019
    02:00 PM PT
    " @@ -77,7 +77,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index a554e88e9e..407e511420 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - + + + - @@ -85,7 +85,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Investigating
    		August 08, 2019
    07:18 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Investigating
    		August 01, 2019
    05:00 PM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Mitigated
    		July 26, 2019
    04:58 PM PT
    SCVMM cannot enumerate and manage logical switches deployed on the host
    For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

    See details >    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Resolved
    KB4507459    		July 16, 2019
    10:00 AM PT
    Some applications may fail to run as expected on clients of AD FS 2016
    Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

    See details >    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Resolved
    KB4507459    		July 16, 2019
    10:00 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    " @@ -95,9 +95,9 @@ sections: - type: markdown text: " - - + +
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Investigating
    		Last updated:
    August 08, 2019
    07:18 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

    Affected platforms:
    • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Workaround: To mitigate this issue, you need to Enable Script Debugging using one of the following ways.

    You can configure the below registry key:
    Registry setting: HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main
    Value: Disable Script Debugger
    Type: REG_SZ
    Data: no

    Or you can Enable Script Debugging in Internet Settings. You can open Internet Setting by either typing Internet Settings into the search box on Windows or by selecting Internet Options in Internet Explorer. Once open, select Advanced then Browsing and finally, select Enable Script Debugging.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Mitigated
    		Last updated:
    July 26, 2019
    04:58 PM PT

    Opened:
    July 26, 2019
    04:58 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512517. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

    Affected platforms:
    • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4512517.

    Back to top    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 26, 2019
    04:58 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 58b6047c36..895bd3c1db 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,8 +60,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - + +
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Investigating
    		August 08, 2019
    07:18 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Mitigated
    		April 25, 2019
    02:00 PM PT
    " @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -87,8 +87,8 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Investigating
    		Last updated:
    August 08, 2019
    07:18 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512507. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 279e20ebd2..930121e60e 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,8 +60,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - + +
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Investigating
    		August 08, 2019
    07:18 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -79,7 +79,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -88,8 +88,8 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Investigating
    		Last updated:
    August 08, 2019
    07:18 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512516. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index ab543899da..0d6c3bc4dd 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,8 +65,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - + + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Investigating
    		August 08, 2019
    07:18 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Startup to a black screen after installing updates
    Your device may startup to a black screen during the first logon after installing updates.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		June 14, 2019
    04:41 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Mitigated
    		April 25, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -94,8 +94,8 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Investigating
    		Last updated:
    August 08, 2019
    07:18 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512501. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index d67d705cf0..a6f1d702b4 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,8 +64,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - + + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Investigating
    		August 08, 2019
    07:18 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		August 01, 2019
    05:00 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Startup to a black screen after installing updates
    Your device may startup to a black screen during the first logon after installing updates.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Mitigated
    		June 14, 2019
    04:41 PM PT
    - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    " @@ -96,8 +96,8 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Investigating
    		Last updated:
    August 08, 2019
    07:18 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4511553. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 1eff433b4f..3ea2e03409 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,18 +65,15 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - - + + + - - - @@ -97,7 +94,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    04:25 PM PT
    Issues updating when certain versions of Intel storage drivers are installed
    Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		August 09, 2019
    02:20 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 08, 2019
    07:18 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 13, 2019
    05:24 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Issues updating when certain versions of Intel storage drivers are installed
    Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		August 09, 2019
    07:03 PM PT
    Intermittent loss of Wi-Fi connectivity
    Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated External
    		August 01, 2019
    08:44 PM PT
    Gamma ramps, color profiles, and night light settings do not apply in some cases
    Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		August 01, 2019
    06:27 PM PT
    Display brightness may not respond to adjustments
    Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4505903    		July 26, 2019
    02:00 PM PT
    RASMAN service may stop working and result in the error “0xc0000005”
    The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Resolved
    KB4505903    		July 26, 2019
    02:00 PM PT
    The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
    Some apps or games that needs to perform graphics intensive operations may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		July 16, 2019
    09:04 AM PT
    Initiating a Remote Desktop connection may result in black screen
    When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		July 12, 2019
    04:42 PM PT
    Loss of functionality in Dynabook Smartphone Link app
    After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

    See details >    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Resolved
    		July 11, 2019
    01:54 PM PT
    Error attempting to update with external USB device or memory card attached
    PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		July 11, 2019
    01:53 PM PT
    Audio not working with Dolby Atmos headphones and home theater
    Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		July 11, 2019
    01:53 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Windows Sandbox may fail to start with error code “0x80070002”
    Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language was changed between updates

    See details >    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Investigating
    		June 10, 2019
    06:06 PM PT
    Unable to discover or connect to Bluetooth devices
    Microsoft has identified compatibility issues with some versions of Realtek and Qualcomm Bluetooth radio drivers.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		May 21, 2019
    04:48 PM PT
    - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -106,9 +103,9 @@ sections: - type: markdown text: " - - + + @@ -132,9 +129,6 @@ sections: - - - diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 88c5129963..f55dd568c1 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,11 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    DetailsOriginating updateStatusHistory
    Issues updating when certain versions of Intel storage drivers are installed
    Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

    To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

    Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Workaround: To mitigate this issue before the resolution is released, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

    Next Steps: We are working on a resolution and estimate a solution will be available in late August.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		Last updated:
    August 09, 2019
    02:20 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 08, 2019
    07:18 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in late August.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 13, 2019
    05:24 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Issues updating when certain versions of Intel storage drivers are installed
    Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

    To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

    Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Workaround: To mitigate this issue before the resolution is released, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

    Next Steps: We are working on a resolution and estimate a solution will be available in late August.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
    Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

    To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    July 16, 2019
    09:04 AM PT

    Opened:
    July 12, 2019
    04:20 PM PT
    Initiating a Remote Desktop connection may result in black screen
    When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Next steps: We are working on a resolution that will be made available in upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    July 12, 2019
    04:42 PM PT

    Opened:
    July 12, 2019
    04:42 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503293 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Intermittent loss of Wi-Fi connectivity
    Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

    To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: Before updating to Windows 10, version 1903, you will need to download and install an updated Wi-Fi driver from your device manufacturer (OEM).
     
    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated External
    		Last updated:
    August 01, 2019
    08:44 PM PT

    Opened:
    May 21, 2019
    07:13 AM PT
    Gamma ramps, color profiles, and night light settings do not apply in some cases
    Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

    Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
    • Connecting to (or disconnecting from) an external monitor, dock, or projector
    • Rotating the screen
    • Updating display drivers or making other display mode changes
    • Closing full screen applications
    • Applying custom color profiles
    • Running applications that rely on custom gamma ramps
    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		Last updated:
    August 01, 2019
    06:27 PM PT

    Opened:
    May 21, 2019
    07:28 AM PT
    Display brightness may not respond to adjustments
    Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

    To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    KB4505903    		Resolved:
    July 26, 2019
    02:00 PM PT

    Opened:
    May 21, 2019
    07:56 AM PT
    Loss of functionality in Dynabook Smartphone Link app
    Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

    To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Back to top    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Resolved
    		Resolved:
    July 11, 2019
    01:54 PM PT

    Opened:
    May 24, 2019
    03:10 PM PT
    Error attempting to update with external USB device or memory card attached
    If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

    Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

    Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

    To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		Resolved:
    July 11, 2019
    01:53 PM PT

    Opened:
    May 21, 2019
    07:38 AM PT
    Audio not working with Dolby Atmos headphones and home theater
    After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
     
    This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
     
    To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Resolved
    		Resolved:
    July 11, 2019
    01:53 PM PT

    Opened:
    May 21, 2019
    07:16 AM PT
    Windows Sandbox may fail to start with error code “0x80070002”
    Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

    Affected platforms:
    • Client: Windows 10, version 1903
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.116

    May 20, 2019
    KB4505057    		Investigating
    		Last updated:
    June 10, 2019
    06:06 PM PT

    Opened:
    May 24, 2019
    04:20 PM PT
    Unable to discover or connect to Bluetooth devices
    Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek and Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek or Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it.

    • For Qualcomm drivers, you will need to install a driver version greater than 10.0.1.11.
    • For Realtek drivers, you will need to install a driver version greater than 1.5.1011.0.
    Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

    Next steps: Microsoft is working with Realtek and Qualcomm to release new drivers for all affected system via Windows Update.  


    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		Last updated:
    May 21, 2019
    04:48 PM PT

    Opened:
    May 21, 2019
    07:29 AM PT
    Intel Audio displays an intcdaud.sys notification
    Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
      
    To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809
    Workaround:
    On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration.

    For more information, see Intel's customer support guidance and the Microsoft knowledge base article KB4465877.

    Note We recommend you do not attempt to update your devices until newer device drivers are installed.

    Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures.

    Back to top    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated
    		Last updated:
    May 21, 2019
    04:47 PM PT

    Opened:
    May 21, 2019
    07:22 AM PT
    - + + + + -
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    04:25 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 13, 2019
    10:05 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    10:06 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Mitigated
    		July 10, 2019
    02:59 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Mitigated
    		April 25, 2019
    02:00 PM PT
    " @@ -78,7 +80,9 @@ sections: - type: markdown text: " - + + +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 13, 2019
    10:05 AM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -96,6 +100,6 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client:  Windows 8.1; Windows 7 SP1
    • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Workaround: Guidance for McAfee customers can be found in the following McAfee support articles: 
    Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information.

    Back to top    		April 09, 2019
    KB4493472    		Mitigated
    		Last updated:
    April 25, 2019
    02:00 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

    Back to top    		April 09, 2019
    KB4493472    		Resolved External
    		Last updated:
    August 13, 2019
    10:06 AM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index a15ed55837..202c053f79 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + + -
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    04:25 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    10:06 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493443    		Mitigated
    		May 15, 2019
    05:53 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Mitigated
    		April 18, 2019
    05:00 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

    See details >    		January 08, 2019
    KB4480963    		Mitigated
    		April 25, 2019
    02:00 PM PT
    " @@ -80,7 +80,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -107,7 +107,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client:  Windows 8.1; Windows 7 SP1
    • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Workaround: Guidance for McAfee customers can be found in the following McAfee support articles:  
    Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information. 

    Back to top    		April 09, 2019
    KB4493446    		Mitigated
    		Last updated:
    April 18, 2019
    05:00 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

    Back to top    		April 09, 2019
    KB4493446    		Resolved External
    		Last updated:
    August 13, 2019
    10:06 AM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 7e730c134a..89a7335b26 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Mitigated
    		July 10, 2019
    02:59 PM PT
    " @@ -77,7 +77,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index ed7deea5f4..5d1e15e515 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493462    		Mitigated
    		May 15, 2019
    05:53 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

    See details >    		January 08, 2019
    KB4480975    		Mitigated
    		April 25, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    04:25 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index c7a8b5e2d7..85c3bf144d 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,11 @@ sections: text: " + + + + + From 23916339f96fb243b59fd3466457e4a09d859c38 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 14 Aug 2019 09:49:22 +0500 Subject: [PATCH 15/53] Update virus-and-threat-protection.png --- .../images/virus-and-threat-protection.png | Bin 248019 -> 207742 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/whats-new/images/virus-and-threat-protection.png b/windows/whats-new/images/virus-and-threat-protection.png index f5fd5287bc0bbef109d366d7b876a0a814367f06..f289d2253184aacd95114dab3c96da5f75742d95 100644 GIT binary patch literal 207742 zcmb@ud03M98b4g)8J$j{Gt*+JNsUd`n4y`O3sB>fIhEL$nYoZlQfiT+nXHvFI%P#= zxuimlmE{61sks2-n7JXOhN!8OiU^`4tL!hG-#O=P&inrLUhj3m#q~VE^W1#D_xia% zH`fCL`~d&7`RB4_%K-j|e)?tEvM-M>TlNL#D|6Es5G8!KNnE z@4^@UN4S7i@flFdSh3(s(B(G%!iTGPs8I$rPG&%6Gj_VGW=4F01Po+(aF@fW8KmbARN03j3(fMHki1xuUAO3c05cb1L zs_-^M^<_q%#nk3gdctTKZnT4K)Un~-##b=is}5_zqBWUiWe(Rofuk3@$+~W<_`bj0 zvS5sv^Bik`JA>o7cix|aYSy;n@INZ1APZAF@v~X@S!qg=4aDYYKyg(0@(&JIJ!rzC zWmn^|OId^^%RPTvv(7EDb8nmM7uM&q9D|W6m$j<&NAd5!f+bJ#K?HRNiXLXkQ0IU%bfwDYF4n&v}U>H%~P~QWo?_~qEH9&7Q zO%zP^!YTHd4FT16flW)-KugyK|CH8Kaq}Z%``NsGb(h!24p9~EaGAR!Evg)+q3?Vj z_Z}*_MLqEGSBX>P;*A7%`L{ep1TVE};dA|ze(da=M8-K2cPw!CaXQtwO5VrC0ycJr zmXcX6bCCOKB7=Pom<5^z`S$10J^hqcBWU`7vU6b#7h#u|p<-0=m*8?91mnB=K zk{53xip*<;lt~Nxdy4?Gqjd1~_>_hRpodAa7jf>_}oy__kO&HFIO%V zKkt+rr)?agUj4zRK(tjE@f^HA{>{UMI9I!3U;>%9`G>qB*@__e+CV@?kXe^`i+P#( zALNfK$QQk`${-3K=zx`P?{l{;3#XRI+6%#EQz&4&$Jl(u*VFQ!=K4NPJ3`fyw~*K= zzL0da9y8~KJ>T~E&#m=&>l03{q=_t^T~Gxo@K(n$U!>sI@LUEvm&z96T=t1q3`_+* zPEL@|s#hGPbe-S1ydo>FC*YWf1!&q$UKKSAH3CmU?>l9N#(XHvX z(Y{0Y@SZy%Y>$kDX94p16^&@n-^_$hpWMtq&3#}tMa45qM0$RbM6Oowqq2d6Xcmf8 z$0PsU+gX`idZclA&9%M!BPXZf?_SkMJ|-dRKvt_rM-;)!Wmz?Uw}texBaZ)1r;GdX z|3}~X|JkYAr*R|FXtE?CW~{@gH5wS!X=6#99o{@O>+oR5Ib=3 zFQ*j0R|&9D@JQxZC;kQ*$9L<7QP7)d7c^(eT7KB`?nNF5hkJ9N`B|i5B%8fQ7Cmz) z4_tWizMH|Aq8W{Sv|O;`j`I`*bXc4*N1@hM`y zKbg=_4b>dfZisS#a7hH~? zb%{d$7WF&l;?&+pkNh;A%qw7?`KFN@Id!;tXN~8M=k`n9e(6=7*klrZo_`)*}r?eUo3(d`m9H z`Nm*^id=kKZ1d{LR0wH-A4`%YbZ4|3-kM?(`nfmbPwEyMN{E0Ux+lG`)g(1|e(I zFNoN>t2j&h-nGKs=Z+9zMgN9*0WKesBJ4y->NrM)`8_2%P2z*@t__2eqCvO}w zAc(o{E_YpXFN5--$2Ai-8V3~yLj583B5#Cjs`F6!*@g-Mx{ z<%o-RvmnI&W1)6i!^C7c`t%gAgYSk~=bgG&G+!lOS0tdlhlk@&C@JkD`YUz8q~zDG z5dVs$Y9khe|B?nn8U7i4vuE?97OX@AJV zxkf6Ku0Xi^d}q6lZ_CO_lxemmA1OxF4wtgU8TiO{@t6F9Y{~=J@v^cE zr*bC8(B*^H(@9Urs)vdFK-6i?yA0>?U{6=Qqo0wo9NW8sD`b{oW|_PKGA0C@64!|S zqwZAZV0D>e#l{pAhbvAS9bt8_Pw}h$Fujo5O+^)j$X)PDcUa>83OGyi`$Wkl@ z&|Rq4!auje(1o+_PrGlq?z#Ki$Gc#HodpoE^C@-tL0_UcHshA($2%Uj=lWhMb*qkw zVw9_s->}2;T@wM!+xn{;BmB$?C;yBq+3QOwu=Y!@T!A>8SdU;RR^eHkb4Po~Na-xB zC*g@;W&2;0`jhv)dC3kDs$S19_rM9=-G9I#K_1_P@c7@?MUmz{jDcekzIMzMql*=R zK)F(Fr@zfDM%K@eiVVq2QboZ(Xu%6Bin-$Te&iSOKjSvaQYhxN0-~mu`n7JBAy*uQJ);OcUK<6j?3HXlMG-juZcgwEKo*EYEt;lMw4 z*)7W!HGDPmh_i2rzbl_bg&-L6c_E@I@lo2&rwKpR93yZnTI!a^>w8>fM|wg?ERF)oJ z1yns-R{$Y+*~yq%Fwapq{UHYAM@zZIpUUY&yZnzu{?<93%8e+K1Qz=OYTNwG{<;4C zUKj&A>YHeG>;FUq`L?G^BO#C+olWi*K%C9q{)n}O=SO?<=#bg(B92ov;toV%x-05& zFX`xxo&rNSN!*b$f2@iU^ZMjS_N_?-rMogso;n`k>!kqn+(=rO2$d_Y>1Ky}b0&JM zBCMt7*fTp|&5y`bj;qzvh1t2HanZxsIG*|r;5NeY<56NP_Y1mg6~5!%P~~0rEf#+k zQZncH`bnK%s!;kH&UEL&()>vTTzy2EQxVw}X?v-;BAO=y^JLN&pF365Sk#hB761So zaA#iGe8BgPr?`vv(10Sm@K{<#b9;AlI{_RJhGQ{bm4yX1TDV;j|gb@Y3`Og zdoYsIB92vwyFlP_Z`?gm^<7R;4L|;kts<1dngwrdXcj9H;78whmN{)5Pulm;p7V1a z#Q50pbnkY!ia;kgD-`3Y7C6W=%jwxuvx3ydr^YehJjVj3ig|sXVP94Sk^d^qfUBGs z&knl(U34_{txy!ooV*)pQ zTbVXhY}S!dtd#j5PhP+z@0zVRa4F(FHK5)FCu^K8rpGE*K)E?|o0JpWLm|8q>B2uj zg=_0bI08()H_vS3Mo=f6J}TQh{!Rlz;Hz}%A&=Vr2Uf&-hVk>#D~z9n#Jqb)!A&!k z-`n4A7rRBU?2pX@kJ~a&4#c0`gG${R^>VpE-8OMW!19)~=Avevn|EbynXX)+HFxT; z?MPv~7EvIWYB}ej*PFf~#r3IFSOI><`I4mu9Z{99nHJp~eU0PeXBeQQp+il-rUsBj~JC^*Wn+FNS)gNLGr$oRS3as2N&7|&(qgxiw_Xb(+ z8n5)fbb%OZH8@0yprx?f?B&Oht3PRNyIx{k0lWN{|K~OQ*p9T_r(J$^X{{zEcD7lp zariH^YTJ%M)Eo8A5UC#;|2SWova?fMoOpV->OEq=<^9Gb`J*&SWbr>;7d$y=K9+>2N6q`+Rb&xLke74z0vek_&n%B4_5q0^JxO6z35O2vuWE41R&o+()4Ubt9T8Pb;(sZ+HmYPVmy|!uX!bKVFNy!#uqNL0EJO z;FU;TA1Y}bS9edaKc_mbp>}Qspxe>5w6>y-f`nTH*&YxfC=mHE~ zFxkY$Ezrz2oKEOlzqj`tzQ^1_;qtv+Ttce7J7o806Jgqyo6OpSyL&VMTvu^@5^!#| z+*{vFc;r3QD9EADbz7vU!-^|n*2X;V?EEL%u#IlBuB#$`v9Ih)Wje$5WWRMgi!jUg8HKj;o*j* zH7jei=h&~=q_?)VxO?`juB}@)Hk0cveXM&5Dd>CXdNH?Ae_sKz3>sjcQry4wVmg1C zi2W?$hhBJ)rhQ;E{|10A%E?@p*l{P3isn@8G{}rPC}ZgzL5qaT3Ot1u1FZQEnNiun zH^D}86l!0V^lhEb;81=4gKR3UCg)t87yBhT^|msWn;P*bMF#&-rJF^ruw`-pcCF1BF|WdAa$@6TaqVS)MNE&c=8;s?&FITofEC zUeU3dy!0x&MMBq}TD7z_OjddD_w3}ihf@_H>_h9qCgjhokLS>ewvmuEO5t4)PIZu= z9Em2WA7o94cG%0jPKoX#Cd#&1FTLZ!xZ&aY@}N}(^zdSTgm&@`t~Veq1Jy9uJ^OGr zNh}CIq7dHWY=h&j_R%9RzE}k1xm^z}Lus*NQ_{iu*;DH1g|^%1in8q$D+Gx&imTR1 zQkiF|JVDECv`dL4pz5BYlDa2aSd(3TqrAVVa-XzPEhfRGoKUYkou}@E6pRTW^VO&v#)lyZX?*uM_2TjH|PegQXTCOG+}mu@uaPA z2c3mFomon=FN1h$p|4X}2Sbhs#QY<9K+pLqp@lX-{g{1ow18G81C{t)%-k5tVF^yP63Tey?;Y) z6zbPV-Rm45{WgxB?jI2uH!|0xC?7|O;A$rVUmjZ?6>rK2#{RTBeLu$Xs7uyHlMUk_ zEa5#VpD0{eTe4wT@b&pf#92JwECMl5C?()ZnYi$|(Uo|cN?Mn@0M&ca= zeQySN|JY;ObzOGBF9y;NbvI%vAm{q~B8w0k(FoV~D>Y5fnIzg|QB`P8BthZ(UCYVl z=<*<>TOKXE8WeB@fqw>Vma8|}M%Yc2Fj9`OW=A_7LuY=7qr|@uz`?Z%PHFnEE{nRM zn{x(MaJcJ!V)DHdidEgg)c5XDb<<^z$Cx*ZAG6`&R`YvAQ|MC1kShAPwaD>wK`~cZ zXN5>Qk-}@fq(wh*!q52ga7Frc+30<^0Pphbe@UD*_;&sKi}*fQC| z(6)dKRfIWS^U@9K(v55t!Kh-yk=u)?P@vhKZdG7c*C&->^^80jt>j z$}G)wY=uX{)#9BD)N%3-s~LNK&28{;$J_2|Z3&1wtUY#t8oW3ALwh5(TXavcQmZMz zOv87SJJ5pzQb-N65&~4p_{?|pNhhrtOIsvoyG-!G*D;pg&6>iMeg^-SFMU+CJG&k%x~+^3rL?*g6;L zZ*X_v43Cg5>@5JkYhB2Eu3m?<(vJ8^wohjyPs17zg><)x9~eu@Sc36$gs-t@YGUzr zTI=BHlB*eKw)KDgD*n)ZFU-%1Lb|Xp0H{{=8vJ<4Yb^F0cf@Gld*JQ>hXLnpMAHaj z<{{y*zrcJ?oq4(#GgH)F8a?$4=@~O4y1BvaObW#h!5zyXx;cu4rvs0({kyJWiRne^ z*uxSZ?crRjj(>#VPS5lZ``l|DWWNwOuh2$I$u-+@=_M~w5EM}er?NN;_%bs%GhsVS z)j}Uw>zhY<+}QKrHj{A@;s!Iw!V}Sm3i|XcGK*QJiB0W6dJ5)>phZMFf173EvjC;? z82vfhN*vKHuK=PS$2b;aoa1ge`g~a7__rL{HferEuqj|=#%8Q*&-A=?gCq8$u{$yQ1x})&6hBbLCLa?wuVb^)Zwh+9M|EdY6-d~MPt}UUIF!( zs$=5TvP6!fAay?$bAP46|3)FbTL?q+bASa_-4voyC?jjkU*>8Q`!7`~&HJ`d5}1v; zE#>{-ofnk-xccek4A%IdG$1TBhtth!e3{&pN16_qNa4Kj+r@|$6@!M0?ouGrFKRnm z>AIdAf;QP6^_k|^j_oLet39y$+Rb<0cVS+^;WNJ>Ou}^62Llx-hyWGf8*GBD&AMZX z%{|-*5CC)_f*4wHd1XiMm-rE(P4yd(7X_Z;>_(f+qtXMoM-TZ4ydNPW71xCxR4U|d z3aDjWv-HUL{SRY$D~ZbrH{mhA(y$}*$4KjN zdxp74*hm1QN!l)6t7b+{J6T6)9=pe=qcs7H1v4n-Fl=xE%Sk;o5(xhN37J4v3%|$V zw@nmS-RtxkZz+HRUHQe};+UZyCVpH@z6!t8EdQIz|FsdYcIN%^OshV!~z83>|6K~@?ive0)6AsbL^ z_WQD{%vVk5k#b@9M8#wrQV~R7foqV4@)6g; zZWm<5nrRntC-4}&vnH`KT+ZK8;Sp2&uC7$l(3gu;4@~8Ij59sXKWao5D&bnuSoc3+6Lm z?M&0!g|nLmzAkMWZHhA62+byP0u@Ak4fK*t`JT5?-j=%#!Gw4D`!EKMpJMh9qCq_U z_DNaY%tSd5Lr;EPnLQ~hRA-}172Jw&Ur7}>x8nPan64rFPrkxAw}USD^;;up^6J+>`Q|l^x0N^Dg~eY zp1DSD{x$0Tw}5RnN7k1s7YWnv-dL#f>OPnc2*|hSK=bBLAa(uBpJ!(Fxz}bV^oJ_* zn@$z;_o?50<5%k_bHa;URFi_!UrFynBQl;R-<=eD$IO%zavv}mMVuOO$C@nZ87KT} zeunNl6Zjc48e&A}JQua~#4#3Wlfj}qFfv27g$Ezi(soi>p!a0i;|tE+d|^r&Es^i=2aF5QHG zQ;~XY2n2IHW`+vf{ivkE+-7EXtUoanF>@mYCHvdMXW?(# z%B~&~C}DVM4i)fV$zwKuaSNFR*t67g=KbBs3GsV3lck=G35HXut#ghUpYu5P9T8u-IPLtD(!Vngj@5%LT83vWjw@35R?cIL_Y}C zPu4-^>i$ndd~y&nKe#heGmsbAI(q=*HNucOF{G0YkV%J~hEcdSp-lGq+7SN_4*C4Y z_TMtsqCTGfy8lXyrCX8Uj)PIzb)h?^@9IAp=0}IHUjRDpc8+q6nW>qV1)+7=L3Su9 z@fctwpIAzRwEe38VknxnlCAVjmS>m2eZ zbhwk5Eq$YSn9F-;=B}L}_-*XTz`7`=YqGkACcbrohKA!uoM~_R46|*Z&_qFOjSSt3 zd%U-r?V~1FM9|U2H5VyHAygLEI4yMFX2r;oN{lAp5exzY4JJ;5?yn9Ly8ss6s^fzg zOKm`1Tec%)@w&As62l3L5<`n|;Ynx9zi1AN|LQ!e?wc43lc8+%PzM708WE12bi_|S z>HK`1da~iV$(+{qeSduL`xdaHQV#gZCVYJ?Ghdt%qGq*j0(jpLuBhJzWK>LYo&{V= z+QgS&#qCYu5Xu;&8|0rCNl(s2Dp{}7UONisx_|a-DC%u%Jo)m(?n4h#T_hcEL$d!t zj!nIhlfjHD!Q6VDKwMaC-NVERD9*(=#UKY2n;rcJj{6TU+TB5X?9AFQtQLhhZ1oZH zj4{F$kI>hDn|MMUnCK-yVbTL33HM+cmh+aoNc=N~Na^Kgf@ZOZ$UBi4(e`47G0PjB zxZx(`6GH(I48Ely=;220NYoFj0toL-?fJ>I)XN>`K5A0os#I&T+@G96#nRWEPEVPv zSJ>EA{@*UNkvvG%k@uvvCgiUM*uP=?T3Yf`#?7H_qBh>D_3Ew8(4 z*l3C2l-f?>Nc&BE>_~Of(8BnO68cCptk@y!1vf~wWog}E@=+_k=gh;!wmdvN;QvL; znYoV_UvJ_pQ@o?kzuOt99py&qMydMIju31|NI3S>8a?UcEa5pOz6!bZa=Y!sMH@=b z)H#mUm&X-d9|`;L9EKBZr${cX1?5SwxEG5(Cf<$w!72(@ggKwb@6VJZDeWbUf&VOJ z%x@+K^%r!FM_0bn%p->z{(HWzCHt;k!{%O-$?N?f#e!(ROgf>~dYKYn0@UUDNp zK1R7&(h3FC-YJ6B|A zl$|!|6H?!Og8N}g%72(zgjk@oHPHhNQ#U9{q8t7!RUq!bBG!2?433!|98s)siAMUjYEBk8vqFj;$-|92QPMYC;Xl!Jwjj-Y zt$icf$IRQ1=)uCBcs-Y(pDe?R$}Xhu)n1%A%#a_3!M-)ohm5*&SI##D@Dh3(b`ZB3 z+Mr7oj_Prqe%$dt?Ofv8fS|n0RREBS#Rh=WK(XzqE7bi5+KV2)^lUvukn=+*O2q?u z)YqD`sb=?*AGHPeuE~Z83fu}PcG5n2N1laF>bwU-i}eF{haSb}x^-ub_Yh{v$x@cj zBXYC!pn$TOx51iI=&rtls>x|9ThCl?C)==w0 zV#Kd~*MwCbg0oSZjhdRL3usBuuEIz`r0!Sy4i>4bO1oyBDup_#nfjnik`sh$8V5O8^y;u9wc z6uI=5HOYjf4d?3J$ZBTJ{3Yxv-ryC|5^hJ-?1fF^`;7fP?ektVxFVUedWemgkOdg~ z-y?Om7)j6nllFC*mz_K4`+Mdp^VNb(0KiS^m+@`Jjl`7BZu&_dsE>6eP=hY`{jP+$YK08sI9nz-HMeu(MbcL<9S`3(d6p2 zVYCt7)bhKm)kIOO9y_1t#f;|=e|>e zk1JcOhPVEPVWNK6e*%bgq&VV%hcEvzvQN{8#LJ${ z^mqSjO{psRb4Qlm&&=5JA9R!WJq4E)zqc&m{YAT?ccrjo+!jP+b>nPT zvip%QY&VA0RF`EZZvuOwzQp+!j-ZkhN8%crFQoPq_WkHO#M~Y?^P@o5Y!T>$+hb6# zv1M%|q~F-zFnMUtVK8?$d0FM9lnW19(2CQ9$EP}meC=YU2YT&B`{tHK;AYY|xVl&0 z%Q{|^yqtn)AHSpk>R^YF*h7MCnYR+Z1RD!HBHW{AZc(f_`*#%$KFIPJ%0#8tWf#-> zJ)z-7L!R~^uO00M)C#5?B&1Pn<;4ZJ1Mv+FRlwyhgc~&mDZ1a)lZ9y>U*+G z@7&SE`I-C% z&$A!Q8shIag7r6(cB&pPVJlG(e*DW+xnnPxrMO<&=vNzc(lDNVLS?pvaNlaOGDWF= zlDAS32);8Orj3qEq&+Tl8s%EQ>Pwgm0%TM4Tfj!)AcP!KiyU0C{g8PIwLv*6GcX~D=OJcf5=>FDkKBjqGXN(#L{?OtTC z8Gc8?3@gt-|JZ3<0z$hbOSdI^yWhw{2#OFgUHLu;st5wrH)hUNcIM;Yij8?6AFMPb z_=8mS=wNZF7vBK~cN%Y!D10W`t(LA>?ZsKlD(IGf=|6(2>&hx7(Zx`qi7uI9_>}r3 zxDHie9i5F6D>El>*5{ijX>gaRh&272{&#vfn~5ZFXiXrlnrq69Te#r+a1zQ)zoKQ> zz&a(Pk^6|xuNKjhu#BRq6OscT=kO|q*@C;iua*7p4d-8-wlto$Q3C92E;3P&{fPC$ z@4ryr2qH5j{AN09wx1B8x(=hWYB@4cg zaVoaVc~}}VSIHm+-U_wgulAL~tQE&65@o5?ON*Y$T>6(u{PSlH*H-k~*WG@Adwt(y z<7~5^>)a`2HT9q}nj?E5GNswnmfxafhodzErCurXbyxA0bNsKGBascFYtBytu&TqA z;Nsy8#Hq-e!8#wo>J(z8DI0V%zuSm8{jrdtE_75M11gR=ro+<>GBV-br*1y#o?zB# zxs(dAXamQRE?!=+$A97v3%&Psq*!e=PY3GzfjDUrRb>1`2BviM zsaogCk<9hIxTava;v3-NH)T-_d@m1|6v1sz5H-_sDPgeHi{_=7b(FG5z&9-mQ}2~0 zD1-an&Z#AOjB!F(M7&CCE92_QOUe_B?Sv&OaGzH_hUXnl&4pZT zGU#?ShJ6`F7gf+jYd{oL?=ADLe?tq>D<2ygY4gQtCVt1c5r(1)3GS9pzvCH{gAjFY zV=KQ{a=Ftx0ArXQlR0%V-El-^lk`|AekRnAe5Mf3FQ}NPW7`wewf)Zv;ERLQR)M&? z$uZksfDeERGzEBJ^NHFA@P=qs_d2+VTrwEf-}Qf~*NIWeN=jf`Kk9px2T~gLM0Z?9v&(?kXDIEHOAeZ`U3;!ZdAxL~sNP{qh)Fc99z>u-@4=dqkf6%eu>Id+q zw_}7z`5)HfxkaW%v~55-NqWC5Jbt3M3_O3%5l9!D#>}{p)6>z`DTx%GSLb24W*~>1 z0N0Kl?n`HJzVHxLvHxOh2rEE6Isllpc3>?I`w`5b3ZhDh)#8KN9Pt_ znQFOd6!yG`hZCTJc{Ji%ukQ|4rdI0D^OWby@=+3KLp<;~6(z|lJkY8wp`vhe*Y)Ld z<#d(q6W`gSWgyG-Ji1g}@k{^eJD>ys|ne@e6ca>T`gpI!$TPk}MMwgGEy)N8?H5Cmu)@Gr= zzm?5Xr1Q^TJ8&Gr_=(ipSWYR7o9bmvOg@6kwk+;VzqvdDsLpyA5w=)GYAxhKP@`dd z$-}_g(L&4*wZqtKq{M!2i*d3d6iSXRiOInr#vs-0I;A6h$d~)ge8p;cU7A4jD;StOF(n$v_D%y1KZQG$XX%7* zyYnEn`pT==+cazF{D*MZ;y#@oI;IwzQ0tu50wAF|RP&Vqhx=t0R?H&?rN@iMa(+)C zg-^Gu=pS>S>KtpH)R~u@-i(tU*20x%;Fs?CL1b=FS#sLkv+ ztO!{8jJ;@PwVPET%C{X`$JR5w6H24bK{(aTgjjdVVge@1g3S zox>-TTbhAgj3R;Pr1EQTTzQUUakMD=`*#_HHT^fsu(r2)mbevx9 zhTF!h1m_LiM6bIGGkawC#%vO(-&fl zLTM9di~=Fb^)>pyxAT8?-Ui^XYsNacfbsWPEfme6WL}VZUsUy_3wM4a8kdOBZn8m0 zhIBia7lr_G8FMZ4xh;TT>L1I8dAdS^YzuN7@JkOlW|JC4SYSsiOl(y3;s!HH-g|0} zH8_mtncly&yT0%%+n z8WIUh?RDoTJ?RwFG}7Q~ymFWhK|r?wdpa0C(o1?)j%YEemt3S+I!+y9346jo{AKX_ z7Sr<0M0^Sgegrb&ZB0euQYZls7Phu-k?{#5ZYZd0&XtJ^D7am~HC%iCR1j7>DRL9b z4(Ov6B7CWg@H#8z!~FWPoyKl4K%GVds5`vs(l#mw88#f@%?VT;we+?acfvk>?)zDp z!#g%whcM*Vi`19F9On?}-795vtA5nfOgEB+(>G-{(hv2)S?SAbE8Q;NHM=FYQ=~T|#;=aWV9eM}H7zFI%J)2`)lc?EohUTTYETw7>QI2X@oTg0ecJ z!UP&YyGgO6%e?T^@r9MzzEwL+P64XkLeO;*bf0Q@-;B;oMMyudPq)8iA)$T9;^Dhg zkk1D+jXSr2efhONU3e7f)%{<``cheXyz|4s_HQbPqj86A0#92WnJpr=uT=l#S*Yu{ z8*TfLnIGRTbiZ!yf}OeerLO!8PqgY1W^oWA3mtg}OgLFQQq{HdwPHj3nKGx&S0kx+ zY3mesXs2|Po^KS{%1#J>5v^*zQUqC@Ub|Sq8?g$7(4)mI7xoN?$#Wqtm^C33HGPL; z@n~0Of%mZR4-)6Qy2e+RaKdY>axQj2@Xj+rzb50HYE^=? zF_qSlC3yw@=z9Pt-w#aD)O-i@MQ%a{F730-Pb!W2Vd7tPnQGzkchVoi=M>@`o(zL$ z`x`#dF#IP>^F-hc*adv!SQt}EyP*VYx!vaS7H8&% zpR}1a^TKS`9R;2vaSP^~J4%o?Au)5d!X5{7nIqRGwX9oTGyS@HKzRYUS_BHb`> zb?0^>e1<6Gm3we=ETenx((PxZCGE_J#0Cwr&#vPQd+*A5?+mNio?y!cbb%{nwV&Q6 zhrhRsTpdO`s0he=ad9UM+*k&Bo#2Y9?HiMCv+wY$e@a*FxR)f3nn7aSn29vb zFx1G%cq9OJSXrE>5@`3c`&F&!^rh6yMI0VsQ=E^0gtag@a|mOIrH(_{jw;(=7Qc0{zrKJ zsry;`zb%X+frmNWxt1*Th{xU^A#Oz6N~x6GK=CeW378IpsT&(bz0nDrup_n~%rJYpgLpec_Uk;V8X$&fW%6O)do-7=7UH_Pa1we-Z1U*O*T zUnz$i;0;=-sTt8`)v>g#i8zmLmYn!V`!#x%j;=P96u)4!vzSPMRr|2*OK>18e`1G+ z>?i8xXHldNr2P**%vP-m){^=@4I=tM-(I>6NH7-budWO*yN>tP3)V+J9MB^e9(ruzl`hUX4*xFW;u9raNSrha2Wg#Qd6aI2Nz?$vSbwF~VsCe8@wO2vAD-gQTP6PHsri0~Tbq2W~G&&Z{F$@08rk zPPT6E)IwMs6Zbho*Oi<@ioFmx?A{k#tRp5**dB)+Y4FEWRSyRO5x>~_QSJO+?_aNe0Z}5)#utS>TrxAI4wxw5 zSN5}*nt!81R_%4DJDZzlp?Kht{OjK}0 zsRI_6rtEsq)(F)u@6aL~zCW_+9GSb5#G-SzKogW;)EiThwV!L6w25`iuf;7+w=#qg z&?Ro8*9kQOI@pNQGYwCXkogZcg%%o3elsgRWqzoYp}3)|!iKeFPP)c4lR`n5HQp%4 zy9CedwH|P*2GK@YSjs$x&B79Q+w^QGw`b(Yes6m!dA7UNO^4nD6}|J*;>1QRU7`)p z;;Thh|0uH%gaGWCKs;+q1<(`O#mDo`{yD3Vp|7-3c?jXTsjPdS6xjRUfXKVwfM2=qq7GP?s$~V^F@T+4R4*dESK4q@U1fJ&=KbHJPv(LO~$OM0bt4u1LlLJ9IFi({8 z)L>78fj8isGCqdke)hP~Njv#(51-{`8an7W#wsy8*I!cd6J~eoS*r%maL>PZ7k`Dj z&y)vbQ#n^2KU8PB-PoTxYR&x_UKO*jeWd3MoGzXhj@&hTg{fa+Yg6nFm4G)W+!DHe zV?|m(>d2+B)TgMGDdWJmZpIB^AkKcz)9hTDPd*psAt8guo7Q6IHqum2A@3G_q6$^) zCU8;9f~I_3n1Q2s6;~5sH9X_KE{%EYg4`>ByxqC})PCxTfqPEm(j8WZvMr~_e93C| z+;deVcZCsM{yLmZjSy`6xBM{%%b|dP#<4Lk!j3ApM zNzK?t7HczanEy&Ds$1xF5uFfLn6HXq0rDuS8XRnZgh^)6WUl;7l1Fa{juTRBo{B3n z+M%(UK{6g4&z}2n;_Np3T0o~{j(Bz)zDg0E5j7Ir?oZoDe!So?ZtNf|!i%O~B}h4N zJ*SK-w~LVV;cx1Gm^N*g`Fp=s$A6JRrc3j}IzmvFB`S`cATrFIWYh`B@k^vZ2ajeJ zUFjbi-cfOODxto9GBx3qqy5+2kzPv5hUU7%C0|}gC zLCz~LUN`_|&3zGpfq*xk8XqBKpBF_B)k(bKXhIY7ZUm;bz0seC>}h%m$0ST7Y?*U? zTYDpBY6^0vtqfy^U)VVE(7+mRTyX9x@Fu4WB1uua`o%^VP&$rNjhErvrG;;UxHnmc z%G(>ck4bUoF=#x$cS7-`ccO<4@l>dDI4lpKd+lAtk8vh}$B|C9xRqN96F?Ttj$Msz zw$fsJyw5MLZ_x7zaLg#?pPY|x{`@Pj=MLx2;sFx^CG^X)?{W-s%yi8B)qD@QZE2s3 zYt+D@{;EI0u0PfKoDtcFyFXT27~ccKv7d(1&;1#CvxM!3edQPauWp_*VGU0e%p%Hc zPd*5NYx+yICgh=YM&8UcP5yF9;-Pz{V>t1b^;FeczS-6Nw36}|uoa@z#H;^%g6PZBcXsT1L78S(sC`Xh_k7 zl@o*s7`if(&bbIM!C;1Qr-X2cmp<#CH6KY2x$oUCK9z*%9Z6eM9{t)BL*MWmcUelb zOAl9(;;d=j@VON`e;Ur1NDoKi=EA7+lIA(e;Lp(W%EWGYRZ5UOS5DBrNdLzBl zdm@Rt6hoP2dY*SiG*JdH8>cT_*r*@o3!vv^UebBy9t@;0j$L;!N%6qwN?06Jg&)De z^udCHEXv&8p6DDu{foO**n5+eY8$?Hh+&8c`&>RMgEa_Ij9lpC86Ap0AxP`3`{ zgOdq!+hOTF-X>&-8;SP0-1-54+{+q=_##zUzB`ima$aM6}=) z@J|gdOG(+MV&>2NQ2 zkH(f}wPYu`wI1zx;a3u4-UL>>WvuVj=j9m2-23|`oKqxfM^~Tzn~46Gs^w;Tc+qN*b5qCmD=EN{d?zpVC5AbBHp@O_HZY zgO_fd zfA$Op#i}jHbYiW|dq0ApI4u$rU1MtG#7&eUX?x$zb&QD6rR!@+gWl|=5tQo*m4gv0 z>t>)*cX%j&%%I>ywYU-&vj| zJ<%Ax4MNav2st8QN6*XrQtR%fC_7bqM({KFirZ@lYddl)xZ5LeS14Yw5^KmY`)R1` zakg&ouFMPgoM1E!+pG@26H|O>N`z5N2I~iOGLov*V*dHtGwEACNQ|HUKR_rP{qLBO z_D47U+ZMgxNKyug;XnURtX|#zoB6kUd;TxB-aM?Sb8X|Tn-+#OsTW?gdD%DtWn-M(@5R#o47>=4Z% z?S*wbB6jEN3eBsn0!|#V3MR_BL5ib?)=zoc3ko!g=fJWfi6J$6Td4EwOxS2wQI3y2 zb90+|S46_g%m7@2G}PYHK}qCh3bxrj%z~s|JVZ{Ro9d{~#(TSn|w62)}xa4m$;NJpd7fcl&A!KrjE>6*ffGS{}S$ z?9#K|R74c+Z<#1L`~{hPqqYOmPSMUslM5o1{jQ{PHG~oYr&4km{YJ!oM*K!@;E3G# zP|acdBX|sTKTZfKTQ>n#J$+Yu}$DslwSu=f~MjcoR@0Wma7&OH0f7^XPwL0Q` zdc!)8FOv*QZ~xSi0?xhi!@rPS+YR#|dB(>pL5lu=U452iJ9`Eum^{aUWVU9HCH`Vv zB{&{8?*>`fVs(2Aa>gDqdOx#tNKn%!JF&TC9~G;-xMz&vPHZ02A9Fg>)#bRb%ljr0 z_2Al~I5WmLH?rb|=CD-YU9K8>+qDaBoK2$q(HD*yM7_|*MGIPAb;m;m z+r{)D{<u3A?MDJ%UIw4^7W@?TXG<&%mmH!Y{pvtB+DZJT>0X?>9+g0cBzXT-qC#`5Z5Bt&r zRnmnrlGW%2X(%wa{=bdpGGM6UzM6C?sEqjd8D_09T$*>N$9Y?`RoL6eiKzSV@v-mW zQ3JV{gDzF6P8TCX)3%(03%)lDnib8r2Xhp6eQX8^ODrFnned*u(#xUM1uT+E+=D|+ zc)!BQhE1MA}gK?%pND#8vhM)QNysJYt{XF&T;(UL1ie2h=NGp*)Q9DGV z@#E}6$0i6OSoC>QqAGLIvSS$cc|gL<7R9fUbFEaKgJtNxY8>7OaD3bilwnJZipjuTIEq_|> zN&mR1#TGV515+dgxTyOnx+VAMF9McnnhSWZ<E zP|*j*z-MKmp$9SjCmRey{#vk)=_oZ^;eGOd)@xE-unUQS+94BJE=kw^x0eE3VSyL; zley?;r^0QP@gW|VTBz4>#*_2+@3H|2jqe=iu&04#12)vk)z2||Z-ro8^=+^E6^?}x zn|k+k*u%9le^4|cUD|+jw8gzQ9U^CW0Vs+ot9jN7;z=?b_skUR_#djs87c!H&#V2yU&-Rs{BNQ7^=W>-eI|aTc;l*3N9r}+!*RZ`-zg+jS~Mq zDsxc3=)(M>Hn)y5qV@6tIoz~Q{6miM0^i#BzYP^N2$ij|jm5DHW8boP&N7yh_Q`f& zCQ$@RVwc7wx-m*L&}GInwPHp(ongPyEDRlKN9h?f`<6_loM_p0aBq?Qz=796WY>pj z-C-Fy=?GP)$X#}@a(nrN8LKj`TyY-^=wIG-`BAg9)8Qa#VL>jqWNX-YKZG`&cO(a% zkQPCP$Ig{&fkUOhPw-g(lvKSP6RDD(9sZu#kNKQF2Do$XjCb+#$_($Ri^LW{pPU-u zicx#1DxSQqplDpbBWpWy_MR@!)$hR6w^y|0Z){0tS9+f_sgADQUAlDUzhv0oQ;vHY zY&1V)eynTFPahM2s`h3iz+MSxn%XLH0W5lT3`IG`@i-4q#O}fWiWyh~k=lyyt)5NE zD?P${^Zl^G@bL6#+&Hdp$up5=TbtK-c$1%gLDlbPu%i?$SDp>1c2x=djD<=Xvrf5y!o;~yQ&Fh{)r@w18tCH0-9M$&A2vAgt6O_r^zsFL z8*-qz%b9v_8vp*%OjxgCto`Pqf!I`gVInNQSeZy4FXp(B`m7NnEy$=Gs3$6iLk2Y>g}2!uZdFzVHz+Ra*VNM0+`D!^>E!-%(^)Bgc^q+zbB zKvd9A^4KGeC$9(y=+F2hf~%r{J!jzt>^2esN?>cKRlj!8+&`j9;PRDMe-kqK=vLFiHRKby$hVa72YUv|kmHt1^N7_j5jUW^AzV0H= zmb9t3XSI0k6bSzShX_L>54mcl-gx|>1iIiw(6TLlh%1~xNmd0_%cqcW@Zo0q{$n>E1Zh;6PU@G-;q@QP?bJiYzZ?saFUw+0WK!GNoEFmHG42J%} zkE`V2Yq1UsxeTRU%@B_X;X8G?^rZ%Oy^0&}LA~<|+(Vw*K}nq1&3@^XKy#}z>%3WU z8gN3prHO0)&7}m}oB3&SYd*Le(a%sJemYzJP_gg1lrTTXT1F3vXost`RRJ#Ef2f+B zTeb=f%?v??-x^O@oEg*vzOQ5I7AXD86lK6mndTSnGyBteLr~^vqPnQlw$b`elBBDp zHUE8FB5T@tp&jf$IezQvz)KD~2-S^NV*4l_;2!-ff*r2lwC01QH7nU`1^>2XS?yi9wTKC8D@MVzHHocd1}@c>4apf^0!&yzde4abWI@mPanFra(E5e}Zre^dh5j|B(mS6=rN7Tw-bU?&tAwWJzu-VA{ynOhl| zu}~UK+ndj3j^6_Pgf`2Xo{fStS73#G%`1nB}~#*pW3S4 zgm1tOb+$`#Ibj?xz4~sn2TNNDMo`21b5&9@Z!4Q6G!m-YkQH(oC4mG8BOlWlgnDFz zBQl{JJs0r=dv@f#EUtFCBl}gTy$fUc@3o3{TR!;b6|U>p8h!D$q3tJS|84M7V5jMO zW5TW5e)MD2;4G4O<;{=MD(Q!as(z$8&sO&nNqxlW4RgCOF1FM`{A(jxkm<&}ih@NK z26j-!elyVmE{%sR+akt5)mVoq=_bUfT1Lt%>)Cl#PYy^aC?ojL+}UdAJDc$+0Z1fz z>zz`;dl4v-0_>uN&ft4RD3Izs^%1lL|NDn?V+rFO$7|0l20ekaJA;?owN2M)?|#Eo zxa4@ISCVg5qwL`~d1+(hT*fG2BDgA6$6__bVau>9e&Gs$9dR6%Nl85W$3L&DpWxux z{p+v3-fv{Cypr)@zVVEP@m>XaA;-bL$8_ewZ`KQ3oi}DO^Ig=xmosgh}s7dmk}#f0%5_}1$c+UKxzCEINh`1@NC{1iQWEK4dIg0OX76R_8fvI1N)SZ^CKRX~MW?(|BcLmHuny%$7ox|Y1a#W@A3&s&N9_i!n4lc$vIlnxEz zQ$jk^r5UZh!pZ+EXx%KJ8I=($2aLW;HuV}$o5TE~*>_&NLVv-Hm=hKj7kL|`C)@Vl z-?Bl~eE|Rukt_Dxt0;{JRPf-k1VllaAR1fkIJ@_w&`tc2Lz=&OPRM7vfCpzqsk?<; z00-xS@%x#Yhr!B!r{kBxCo|v=0>`v{!(4LdCdCOvxAqcj!IO!OS{>&4sebjgdJvdVmngu%#_)K?4Z2~vN(3izTuFW4zr*v!Fgr@A4!iI<|f4)t$$NT zn#`pnzU{FUGBA^SPoIQl{k`1Mp?O8tPdq2tf4rRSr4Y292C18eXj_e}lQ()LWnL-# zhSg&knh`YH0f~O1&c!Sdvm9Z&J%v}`)xzO3y8?t!X2Ox0Axe%-LWR9P;2iFm(KuUK zE)6!he*7jt0s;>w6~Mn5Fpzd9FSa_QIQDh6*Qwc#W}|>ZB}3sLL9A6cXm;0P_&((^ z?D8#XSEmpQ02#!@v6ggrd|TbhT$WtP@)+Zv1C9kL#g!vbfU_vwB>mb zN^ge9TNfk`dEo>euuC4(ZD;j7!p!`na9AFV+ks5{C7s<%a*z8D3g7i?w{_o@C9gH! zJu~rPmb*Ww;wuC+H_7%Fw)D=v)Dx|y{kuqn%WyIRSqq-N3R|G%B*O)f>~tSyG^YB3 zhOHX(1_ZF4Z;%z*{g?^vTvy#;6j;37BJf!>^v``2O}h}7G&1R>k%PQkI_A;pT8$nd0p(U1UpnMqyQwGVOd z)y~X-(^c%KZWsErDU!kZNgw2vL@1cP+eBHU>q^mH(C9-& z4`V3cTq3K`wf}M_6U$Hk__zwNrK^?wzq#^<{U*hnm&};{@MmNd@}yeC`&T=N3*%cK z@8OB%-G|IH_lbIu032vJ*hpd zZO2!_`c{VsbY%2I+LY6>YkjLKc5Bv{CVZlF(H)lmUr47%7+nYR(oZdGT}#*eq)ZOn zW~ZDiVOX7I_@oq^933&^J}7lnWpd*N;*LVwrzY;<>j!6Qy1zK!Ch}(_gTq@b6yJv1 zF_ME-Idz)Fk*GzrG(|hml&#FIa;(5Dseo6O$-{@r`r=eCk4y8=A!fla&bbJXW36=w zyc%VI(W@TtrNI){>J)5$Y99Vc#8V+pTynG_S2N`#FqIe~)4IQpsA)iA=P~~p0)te+ z$_sX`dx-rCBz500U__=60CWV`>5#b@MsBu$e>d{}Z3{J>_cB_LS`>4NT2l z2D75S%tRP`-L+<0N%?keS2tAl1m`5X7kocj6?*@!_9YyK*_E7L0REGI;HL*EcI0fw z23vkw_dwpY1JN0+*1|%Gd0I?>uner@78hOMJ!Q``zi9A6E{#${co!rr+e_p5HFqik zT|t+ZDHk-8$I=*yp@}@d>(#F}j|YmiskWV`POqd_Ru@9DRy`VTD zvFJD#IDKM(l%!y-b&Lmf`R4;05rTI7$>F_PvIL^TC0el}9+JSVSyx0luIkJhL$ zOMtT$UDM&bJ8{6wqpv<0+rS|T#J<8G>pRTU1vS2+ZIZGh3PnM z_j^162;0agbAEGxW*4XHHoM}Q8iZ@0gt)-^R`npZ`@&T?rcQC}FcmMd*FEdx8l+ed zUSXo~k>!9~R19#Yh!QPZ;x16zu1=Hv!>qyBF(GaYIJ#9i2$Hph{NpF#aSr8wYX|ES z1tnh_gDegVQf%yMlQ$S{R&r0bBGtXNqIEyK%&Zs;8j_**KY;eh96!$o_h0$gLQV7) z82BZeS;wE)dk@_PQub$+Y88V$t-nwcr-{6?Y_>L(9yRSI5xhz(LPmg8TW;}_K%tOn zKf;6~iXXSYKUO=JowE>M+wn)(W!ea3@zGuOb1y1a{*5U>l5^S_;JMV6Qm_;ix79I+ z#@aluXtQ6%raeoMMIOdN1>5{o%}{)4;+!4bF_l9dp&9x)&0&T*A-dVD7#Za8Un{2B zr{I7c0JX-|X$Iv3E0-3%PH_VqMB|A|pXBuv#TST=U({W`aplVp^O(l{xo#$Pa?N>! z;(QLp$k2lYC^OIV7CBKU_vLyHWVCKv2k5q+&1ANGk{1PN`J<+FSB z9OR-~XK>pu1i9f}HeVEq&<>W9#-3)i0_UcWZOJ~|FX_QeG_Cq;G)i5SV>`HCS9IDz zG(*4otnQ4xaY<;p`e@Y-oNzIgG5xBzNw~h{9VK2t69#IG{#64Ex@EmQ>8$YJCWl*B-u!?z zxD|e(_eac4z2W9vCdpflGq9<9vO@rB1u5KAvl~g8N|$hQL7zdZ37k&G_ z;}(f4Lvflgeo}Y+dE=-#iDGEFB-oqd5yk>b9$0{F*-XdqL$Bj&jr(f(S_a3 z$k9&qscJvPc_RBF+&8+=XJH^@prvZyJ_U9AeQQ@9i2fQYu8Xc^AB#H=L9ay@#HxC# zY$=Ij)X9QjkOV@1J&XQfvuEn#wF`U|Xm#_M#0L?Ot_u%FzxPI0L*^+33F*QYw!)gj zbp1|{NFG9@oD#Oa!K9Wuk*#a+y=j3lOP@qLiOznYH4$53Unjm=ekyjxah(GIYoBZt z+o#w#UQf}_(VS#CXVnaaG=(tC@R-a__@ImtO@twEDXQ%9hkSTS@7>xL4kF8UqI|av=CIIE|=xG%Gn3 z4vCkbO^3;iOgZVd+Ib-a0Gf5jYf1yBv;=fK{50kx=93X(h`XHVKGqqG|8!?dFHGD8 z(B?p^T`%qALd>@@fC*)M-6|d~;UYl#51>T#atgq`p}u|vl{)Oz=TlYrsMYiky0V4} z(b2k!|M=uhb`Kc;1V2ZFEvn+)7=;zS7^uT`*7=jNTU~jH4_~f1mh?M#M?2fu6+Sw$ z{JB5W%V0z4rK5*bvonkpZJ(cVJ}au%^4n*nJZ-06dh#A(XK-&zVu!kOyxzPas(Yvv z!hgc^T)TrgIpkS2A)d;W;uWr!7v1^U9nBBwNL4Vdal4x*U1IL zUSD@XQg?n@DC`%#9(2!qo4#UP(YOz8MmgMr*Me4CDTM2P@!>@vbK?O0Czvvm=lQ|X zN}Vg`;YN8x(tLQF!zJtGs6$Sg;Z2fQ!^cdB z72>Zhe!^bqCltOJz=em!Cp4sxSMHHt$9J3~MOl#86i2RQ33TWqr_}J}C*nW;MZHl{ zt0%W7-pATx1c2Wvfs^d|Z_yu76OkjFyHN*wa+B_Z%YKG??ZFF^6O7UGmif;BxX{&Z z>@jk=o+#Tcw#VqUYRaxZEVdBzNM1E3j2S_Vla56KNF?OOQbO2!#|Gp?@Z}`;00Uju z9=P~|{kU9V=Z)^HPaNX9<)99rx~+(vN7%k+iP!+AL9 z(Jz@y!<@0MDVH)C!fikA9bH|4=?OXcnB1fzNxgshwcST^HNL_&3SLbiFM7X@Fy6jk zY$T-L!Caq+FZHJqqIuDB=hp|<6-d?y4IhqyU>^-&H-=hBi&nxhw|+*iX6kn+(%K2A zCGe_O%slb8Zn3NHm`f1_fl1<`MWlTK^;4Na+QrZ2i`Fe`wjo=gtu65m)@Ji_>B z52eR7rPG`xECi5w(BMvY3mBJZiA>p!$i|AlrW)4Au_LXxk>hOJ4S$C!d6CThM;KK$-ekP@i6j4vAlFvo zFb-y3arxymCXp>#cg`Z&NA5_;o!bl&{2ujmiV&1)AF(trzk8+kNL9rid>T9U0w6hg zz;E+GszXb8@(^LzpV0B-^Vxw7iPh)*+jwDZmkA6S&0H;gZ|ipeWQ8grEBcEgF53t( zwhaRl$X<@*Ydg?L%2%M;s7$Y_8|lFjSy44P_T$<{y%*4D#p4Zbgg(Z38?cmt;(}}Y zA{{rY^On~WkJry#ooP?(ieuZ)pxQz?957M*Ism_F8s{D>ymzQ`VrJ#1XSNGF4Lt!T z94I!S!6-5r(Rvtu@Zr)^znU_`3#9xFu#}s1cWmYEv2nkp+r7`lel)^=j7>T2dA-(T zrc&~|xS-|7mcitV#qGlmV-RNV8%f&|ngAFtf&-|;OG4~uK?_XYO^D-zR=01I&f@i* zM?UQ|n@H2$-lKs@kL&k6_rtPLSv}Tj;KjZ(IhR;zD3P7;-*$C8gDK? z5m&qSyDlwfpW^TuITc(CR|igveez@7bmFScA`>&XY#`pdO$!UM36R3rj9`8SL z;z?KN*7gbQCn|J}cblSD0NH>N2$ir0_vf3ZDq{bYO&GD1ZqX9O3eUu8&qc)!J6O_1 zc(xkpob(|IGPQ-{qOz*z+eR2qlK_n!q7zw9n!2?FU`F;(ak00kzh+>@%&bx{(whof~2zEdLQp0 zwa*ZBCq>O4}P0kaPf)6b-{XO8GqY{DiX(wuvXs&;f{2F<$Gg_=&X`Y5HFj|ro@uu)wS9bl+! zARi;cL=AH(6^V1(+pmL#5%vtoG2xu=sGEv)6!NyK*&Yv7`SNXaU9H!bx|uu^M>DWa zm8o7_rz*}3y9w$copOJf#Q}G4D2elF-G^cq8e4Oniv5qVp`GVBTx4LY`~{-#d(W8K z_pk@)^VZ9Z7e=){woE<&$3y<_QpeH(uFbz>#Z9f0mFv#^dE${<3stu$!8qM#?vVKF zU#f0gO2jtxPtZS9ZXeZcy${$Oyy>uY2ASjM;jF;BwqWD0G()!-L6eNh7pD>momHUk z)#%&x>XpRtto%giro>J9xZ6~!$&G8elv|(PdlJen^$hM0H`!qf*Q|OP>`UqdZi!UY zL&|N@eP?&#Djt=Aj5jy#3^l=-|D4E+!|_D!m`7YsIUn<2pt1(f4#Ml2rNDhCiVCZ`$4j5>EUKhwxRX^W*X(eYb_ zPGXcvTg2PQV{_KxsgVgjjAl`bKJ|kuS%dUx2}uZzXr&~ra#!Ur$Y|E0O@U>T#Tn2- zR6GG~%4@~`9?ER^@S)}ElZz8Qg~5HF6|ebx-JW$umPf6E*EtM^?p@)>Wm9jjYs>3o zG#~r@>iRzsAmdXVc8jw-eiZ2`HD@yIJ7fU_gw9Z1oN03oP=>R96F+lPbIdi*jT-o^ z_v30Kie6*WY)V;iCMC1J+*XE_V7FnoXDC+Bg0E_~f!w4E=#IOK+gE_1=yIv^Mlz0#Mpotn1H~$=W{R@1(9Xe`;s6OuCNzYxpgoFz2qjT#6R*OY|bm;fn z{7*LW0McR+#Z=gO#}?9!oVaNcIZ0iPnNWN*{Y(gLfX89~RO)ZIiC5ZQuRa)ca{jGp zF7UMw@<%+@_1k5^7_pHwg?j3hG+w&jN_iIFskh=`Oh4@?Pn#FCrk}~w5i<>gLY}F= zB1Tc(7xyKH5)V3AfhHsu&00NSQvxD>8b@LsK{CHj4FgXb($R&h@4y)cKhBFdVq@-3 z?jjlWwuN$P-AekBEc{~pBFxot{?N9^^tpR5Owx}AKOoH;5~Q-w?`7Qn3F8CguReBMlfgP?Ywo+x=0{|KR`!LQSRD4*kQ_NQO z#mEYzTj;`2+>6}={2yQ zA`9-iHk=>_o^BgGLAlc6LPE<-zcr>{52{xjf^Nd!ol<{U<)Ty-{~%pP%tXk0v2Y{x z=|0u3g%=uzRX9Q&Egfjhkr$h-ek3)T-QWme)4%J|B`fKj+{Q&g`Nij@%c{@cYKy*; zXX-`4Fr$a7b4)drWEh)W;N9CgX*=2}ro-3{DQvo7q$BSxco%@o-;_>Qny!4zSH^zs z{Q+UU*m*{Kj0YVr4lGTu*XzeuH93u#G4CvW@iBTvE9Dw&z6CnJBY*~)`YRix^=soV zAbe*d;O+Rp>w}d|b2c*5ooJ^W+)|SJnzNXKFO2q zFL>j(qQ{1#&1;pPF84=8XaZ|bU?f^Mlh2I2VWVx0au~A=T=mm+{3f_PWnz$-Y%+k& zBz`!)za@py`i-i`>HUrCuX`)+?A=KY>%ML1r&wsNU?%%+v(%n?`Az?4ma8$2c!QUQ z9x(!v(+s1j(##n(n1$N`IALqBicQICnFcZWx4+X-g!rW5{-N^VT zaSF}re{%+sG&#QLM`5f+xqaVN%AzvValhkd?vvyt?62dVG7hAOpP@v<4|ug~i|b2JF8{!VonWKt zd-2l@s(C6}XMCRSS&?$7beVvOqJJp0y)5+pY9byn$`Rurw0(Y%Q8PYkTfn8BeFi|8-_U3k`CA`*2Xf%J_>WfeH;Ia~%U zXE9FS+)BR=(#}eNIGA&bTmA=GTPKQc0zF4Q*vcN=pcjbpfvg4@VavGFBh;eok%1!N z6=iKAYa6H%^5HAE%R-L8$`A=9(G6Z2S;KuTzJ;#$Q2y1pw01K;s*Z1Jp46^19?k*X z{c%;lKG_%Q6>%ebTn?U7U)PZi$OH1B@2;KUc}v=^UL2~oO0J5&5$5u)&Of=xu#B-x zlXN_Fn*j%Un4fM?^4GrIGScqDbWE`hJ;l57tBsss_?(@f- z6>8$SOcH0<4JpFT+pKK)wNa=FJVLFqp1~C?Kf_FZ^**d0uZuA)A@D{kV}_8ci%PQykTf9yMTP-g@A$5M`F#Cxp;yA&sz+3YgW~y7 z2knDxLe!)2`6?^cBPK2OX#qBae8JVDf3oN(My(CKE*xkg`JC`yj#O?HwNGxZcm(zP zC9qc7Qh!$+W)FHW3%vCH??OkaN4|vX6Ml|Om{{8MwQTpm-(6A3e=YQTbTwDAa8_Eu%n0V6ZkH+rEn#{Cm zot%!bSeHf+AUQn8b^&O2FS#gFp-unA(#@&g(J~dz!E=}1WwCdqV4r(FET*##O&xAE zR4;xrqrpsKPa||;MMIv_yl-1kZC>=SK7N+ha?H@)NbVubNh8JkC3JzlqW1L&D@lOa@}=*FCitxq8xCC<|WKb10oHu6|Hd~{zY?wRecaFD9*>YE?f z^zCo0zP)5(FI}*ix?yNJ{)s8SLsSkfTw{rNNTv5@Wkz4@yYcy?CA%lfWhM-7LsnPW zszBESg*0i^MBw`kgJ;=6#jm3-pV$l&du$a-|9x*#241uk%3~B^h=?6@lw94#dkFYh z?;VNEt$BIvJY|g^WRQd9u9^$|;e0`5-IKt#x3A63vqE7ryHC6 zP9b!qtH6_79MOXW=-dAm2T$gAkR_jVR{scwBwSZt(Jk%%a2asti)~hoZ7qD?ylMXI z&;16*4tov0MOH=kobBr36<&TfOzUp;)FdAe+#p4sP2X*oP;j``{-&BVT#SzCf5iLQ zRJ}<4Lgy>bb*k=mZI8*yt8*s;X1sZj!sYTFW-%udTN8~DH$93;!~a*zZrly=8s`V#i>oTFY5c9>le@Mp?V*0#6a>z5clL6Ol;{a#u#Aiv#$=?}owfN~4b4{z& zXI0%F&N4#4z&s%7q2aC=Y1`#w|BQ>uExaHTVMW<@1w~eOEFHys0eaG6!Q@C;l z!+yem=Ltvyy3&!*lq-20(*|p&t|-GljKl)|V|Cszecr#o5hr}=4k^0Is*iR`gY$ma zENWmX`@e!Jf}V9!5<4@?#nqggy{+#7dXp?s9_SVbOmkrE;|yQc5seRK=C3;Y@B1@A zPOKj2#>UN6k9%pg=<&|UC^KP_3 z$@8o@cHBGoxClX}5oSl6wx%Gx=$SNRZ873d7ho%5vwZpqF(JrOXkYQj!26aw$WRXF z7m7GvAJ$C)mHT*}WQc<22)yK|OxfOwz&n48{S426$}Rg9XtsqNLsaUm_aR?@=S^(} z%_6bYRy)SGz=dNoj;M{O?&V^uY^xwnKWyeJp5MM&ezDWk8KTr{xV|B3vmYra6sLE@ z*GdojQ}5xR{4_~{g?@UpMp>^R5sTH=ig6LQqd@O~G% z6X$H1i*j+#%e#w!uiJfU?%KOSUT4|vWZ2c)5%j{Q1ySeOvH6e&Y&#&|qs@qO14g<| zrG%xmANr7kUmL?3s;kc7)RXwOZ0t^~L$q&TRv=86vCR0dZ~Aqd`QC#!uJl}7f0(`I zTy?Wi9%AFU(+4mOy9l>E>oWl74U5(dnmz9QM|4YJvON}n<+9$oi;ZbsnsDhfc`J4> zl?LP==8X9)pxxg+ZGC@FG7)C8#++~cvn z>upl{#Xq>xPPx)@+(yfcHQ{5|(k6XbTLN9+sS%aUiS$ctWj=uh z55iKn`$cU!hbwKGoTb&kVK`!^$Bbh;Xr3D}^JBeyojQD1qB_S^<}3b+^-+B96sFW) z(H%EHp)Piv8|j6C9w3%-6J{+#p6xMFNsDb2r`hN2RldsTo*a`MI0uniUEHb341}`6 zwgZu#hkDnWLjUg2YK8ralnM_2N3dJ4+IPakn@K}^%mwi&#l$Yw*#wv z@xgsJgE2TPW)?W0vX^hJ{wMSLd%*mAZT1%U)|F=woa-)!+3|fDPi}kaa~(uNKpOCK z=oq__+_jQyLloo-fm6Y0`pF)S11Zs@Txy3{+O>J%xUxQDU47pR-o%o96zwr21%vf}toVV72?qz*Fsf z0EyxtQq53SC;wh*JSHX^MG79sRsUUR{r&f`K)&^*vAM<12j5)TbsMZLf(Z?hsNuVq zu~xOOGU%=j%dOjgk5-6iy&!L%p|E|vz4EG>+ilgqJ}aUpmd#PTePzo%A2BCtV?Qs^ zI@Y3(!J?1o`Dr#lT3p;_H_YQI&j6%D)T=p8A08}rT%BA{^pXz#_D9qs=dbEteiPIg zeZ8tX@Ys${Nc7uzM>jOFx=37B7q-dm+Ag+&g@p;o87q zgtwm@9sjdM0w4T7n0S2Yv987ZVDA1~SJq$ZUejwe_w;e(j(HV(`#oJ33Y-+aE!t}6 zl_v(=X{Puld~*OmFxa)H!`m8j@bw22EcnbAdZ7SFCgem;cx#dM!Kn z>8!uQ^nl~+h}`aiXx4~FleHiyx^_m=$4wdeOVADI84CEx4d{wF6=Qyd#FL=C-xUN+A-_`}r?&rjGhtUN7C zw(_UXt@YG6z-uhOzcg?^Xi!R4(ELVC)99Lf$=REx#I&pMaa>6$M>`};n=EJZkt6cR z^l(+F&-ET3#jokRJH7W3c~9L%FE2&3-;4U)Q#~mzdOf$@uc1DLZob3D4616J4sL93{nk@zD?=d`48K!((-OG})%);5@WCSI zp1jyTP;d$H>0@;T-Cw)Sv?Ribb~ljKZS5;4t&Mi-^k9zw0d3uZkPPFx!IBEc8C{S> zpPhpH<#ZS3s4byi{~QpUW`@=D<K!TXF&w_nF>T$Q&DDJL5cA-o)WjKeuL`s`>>^K}6tF@xwgc}yRY zxKJ9v`D?|o5kTc5gD{wV9E<@xa!3!YFio34{E#Gg=i=B7lb-p^Rk5M&4ZjefIrP+>K z{Wl=g;r-7UBU)mqrztQ{FY|Nn%Mvv>hky%4OVRh{>9CHoCr?7q)Qr*MAm2IO3B9PV z^q#uV7HQvqPd?#?>&(N~cMvKd?MAHI?la9@FixRZ?dqY6$_VhA#!rukKVDe$`5>#Tndtf&Y}-zVr!3^C}|VA;re{KwFfzy-x0-Dg|G=u`gwlvVQ_5 zb6US=SuS1&BnYvGfK-_%A7jFq)6iBc&#RB9L!tuV6I*^p;I-Q4RA5tte3LSzYpzG# z#?g=BdbfmMrt&6BJ;`?Cr9l_rR5+BI%w|1^Vfjn~ahSgBGr==0T}eBnc0kMD2e6mY z+-2z5mv?tSm_b~QtAnoO56OaFBOC`>veyQvupZ z66cvWYobBMyVIpE6Du10sszzA@rC{Ccp!*6dWe=}HxB-IV;^aB+fI$ukG-2BSXLj4 z+{;BUDmM)NqcPNTR(uZ+Rs2f25n5_8l;b(h?yrT-5LHNoU_P*_8|}C=V9$_uisX}f z$Tbdbd|0(rTs(4-T%TE?1@?NX#g!^vQheK*TIuD|I`-_?PdWhmf}2K+VmYj*(WC_6 zjD$)%`LVKyUY`YiDcqG?T!3}B3@#Hn?&kc4fNwT?%)q^_jXp50CIk+nU)Wb)a53YI ziEkN+|KFD%Pa}}V8^1J}fS)1%&E@igj z6tJch%<61;PPWlz-E*W!!gwOlY+$-;T~67r+q}-|&&p>0fx#Q6BVIS-O^#l?rT!}> zfr=IEv1e$2Y^GNf)Ro@#20>}meV7`cdAfgVJ98vDBWpDh)PE}HX`OuqVK65+(3$SI z`}#nhYxO2Ud)-*CK6iuQ!#PGUJzVKkB@D|RC((ygCE~8}#G$k7D=q`v7YYNRD!=+( zY%K?dJJjY~5oQFdtr*XTDv6yAMy=r?zq$n^<|c|7Lp4B{Q|hJCx{Bh&)T9dyQ~7AU zbO@B!Fy|dT*=4OQu&bHFyyHLtq3DZ&_e;AO4fFkBx3Sy)d2$#Td7MdVFI_1kU?pkf z1n#gsTr$bjwmT!V(gQz<|ROS_rN^nK-~R>_6xvz$M>O%_0N zA6~6_rKxqlF>`r*$BZ7jdi&!1LdP^NJt_U#0Pnc?NrvYto z{3_6}UP?^^$fSHTn1%+!_{@=Rzl-c%b25p*Uf_bJERu0-A(qYhMDq$v6Itk`2z{p+ zUJYLrp_b&A#+`sL+Jey>ADEA6s}=uDnXJptA8?%&Msqq3&p03V*0&*yYxCli9Tlf> zh5jtF6TU2e!sPaMHJi>smFi=>EpxAC+k=LRmqTmi?V`s&)x7M5wl5c~o<-b86~-;1 zpI8Hah#RcvCD!6@#o|Pfg>pKGwt=is%eTr1u-g=xm zc*H6h*}7zrN-@=_|3NZFuRCFUnvnDcgr6GT2c1GBN;W4ZVbG zi~Ga(U%2vmB7E>-4H5BBafZsW#YcX9Hrt%MDg1R&^# z_nUOfnY$P2rH31$D5W=@=90R7^wJQH^Ymv3`lHoBv$wYVPMgh+5s*R)DGxNrZ`fRF zUF<#}k7o0>IGS)%PI{Z1knp87FVE|CycD9(?1K_ZlO`MC$Gq>;)U@$1He-4|*3K3K zmNN4kryuho<&;v>_Yn+{!!>~&klOOUm6`RZd5@y%8p>pT9jl@`p@T}u9kwBFiQc3I zqP-K}ku~P=he{g`dozMCQd%tC)&^sclQ-Mdq-zG=|Hluz3Dp2 zy}QjvTE0m#I{0+|{VN~e97=IW#CE)SKOsk`y!DSxEI>XgUVT4IBPq(#$f`VYeYU2} zs=z8``?1ytwQuW(40CAo#RC8eX){cj@NV9TKDfyBSG;MJ;+{rzWYS67;2N8Li1%7Y z``z$E4|5P{h=eT1609sR)uZ-!P3I>095RcllM|uO;jgcw>wRhV$hO`)=9+od=}=R; z>6rrS)ID)Hr;~Lv;$L(jP6Z1<#4$#3wtI5kfusE7D-@O81WO^d-wE!I4QFL3)aryXe+{;Fx9Fst;^HJ3O^096CQ zC<15cI~P@OJQG!Gnm`_plzMlnlJJ@lOk%=C7f4aqm%X=)fWV{E2jg!XdcF+@oBK-* zMLMbYW)*y8cQU!?CG}qudv?A&yXa%Y)-DR5JOg^U4A;STTWs zHyQqV<)<=U@G?V0g}<#@um z(~;W#{N)V_AA4HeQ|y8QVWJ7=dZugV`E845(+HOl;U}5Wrzr(W0Adt%2c8C9jml`n zD!7xJWToRO7Jo!JIqWBRd0OdXz_(c8=XmS|)XA9C1iVVN8w3PxCLV`Dz~ctHKo+Mv zPS|p)O3v%qKt}KGLmjs#*{U7=yXs_Jr^X@qRJeoIS7G636iS?KN_0grOxO#>u8ttG zx;V#7mjA!iNJ5OXkGWh*p;%kCWhMt0S2I>m07KCwPqKQ9vS#*e&s-Z``T`UKOuR8L zysEB3AGbECJk0$2KYRAdl_ld%l#<)IW74DxNw2}%h)b>J22S8rHiwDY1+TJ5v+clJM| zEueC{CmLP~#}Y=zR%ROENZ<~LY#K+Xc7x(AD({S!NvyX>_nBH#L`gtCUr$fv8sojb z#!i2crQ{*s^Ve5>xO@9ZQtBjZCKx(1`6B-(iE3uksK#2Ez!&^6*5c8jnvd!fE;sIaL3(T z5D^pw0oi}YdA~E?_x=6nKkCDI4(Hs@eP7r0p|W^XL>6;LDDZ_fc8feZ{po~vaYn^q zb_W09J=;bXlB{vR&>E34Vx_G=NScnAX^ulM#zAUS&HkmCw!apG*~6ldBARX|`&wPnKCuI?hbCA!$99A87@# z9ZM)F%n13=W-Vk{GKxca=7CKgh>-t2IFvi0^b#vJ9nim}H~NNe#6f<#^Hs!*T6mft zTwNPC0&bCgkwi-39&egb;b?-j2|Y8yRw#21vKux6EDT<=)cJSqCkJM6lxP9A{vP1S z_vcKjT!Qlm#u~{4g9RCT%d0Ih^WaC8UoAX#hdnMEJ4pD+_86RmBx6A%RdrDI(fd)m z9!zoin2a)eJS$}y+UJ8LCx zYM-EHV5DIl$hZAbvzzTMjl4$xA<(s>+q~zG8qzsGLHoE*Ok$&ct8_-hP$a{Z3%i)-sbWoO2}}Aa{z*40A4SyP&{|Ivftl7bqn3` zk1%7&80NiJF}rBbXsysOXE2-17~z9mv#eDVKy!6oP4 zH-Ym0AEo%SRW@U6U%T~%p+ciEoo(z`uh=`yr)NLk3-ZhgTWr11U}pzrW==dkdYBON z35jmgj7UYFAW1?ym~IKpJ`-ZcGcoZ{|Kf>5`By6ECd8jyL-mk z9BbMaCXZjvX^1-ytF)LoEm#j|N@2$YKyudvYFS)0A^cYGW5d;oS1&^CmCrTyblIyy zo$WyHJ97t?Q4mD~R51f3GnZD+k2G0&x{Tz({!~F-KyU7) z?t^a>W?xG5#fKP3Fjj8#kX!bUgqk1eAry2*2`a6Qa+dXh-8<#t zabo4g%mu+Amx?mLI&@N&LLs%dmZOv5l-U%Vv{$nAZq1O3SxC2AWAl>>&LgLS#WyQp z+cm3e#zVVB)#QGdAV<|J$8~;`)ckwJDLd$q zDE??y$I-6lqG@ZK%<@Qtjut~XD6zJ^YejSHcYK68-eDb=5sSC{%duMHIlvq8iXs(c zhZL@h8IkTPUwnri+435sel4+)Mvz(1sE1z%9{+UwR6prDF%m@hCX9yZw_7zF?Q#^= z>NM{$OJsg6$&(`~{LZI^gw0gfQ9e{Yj|-2ivD6sD%|+0-6mIQZdD{74Iz{w`;`A#Prj?yjBTk%g203NbQBK!6O%X-g3*PDQ2KSa0 z6B1QaN3bbH_3NBG?EwAY^dw9h=7SnOPNeFG9fN9{l18-*ZBseZt3zXsV#4lyTI*_o z!stn?%@A3Zsy=$o;>q0%^dSX;sI0xz&?U3czRgD0r{u5+4{RmWOz7F!S_fD)c}J0K zv40$IxpO!C46NRHLO_V+JLm9IrX?M+#R*>f`iALo0l-cuU-x8PWAM@`=2w5*9k$Kn zQ9+LJHxBu#pqK&)>L*%9(G_gqcvFBxU)`hMM{xYI|%w2|BuQmC3uW|d)@ z-|+*Khj1)%wgNLzh+nd9=j5rV=1%aXU4=LSOx2oTDtl#Wm81Tjvm2kUq$JQpRjL6F zPqQd$En%CfQ10F~RtQ(l`&0IISEP*DZ}d3S!;FB8>G$}DVoc&QpBKt4gkZ}66Voyw zK01VpWP?rTDh$tO!V+5E>x}mdK=;)R{445wo$D;r$;v(e|@e{XBNFj9r9`DAavf| zUDf=s#FQu{Aomw;M1&HUN4eJQ3vlunb1$(Z9TsH{o%xbZz1|Ndj3h7!p4th;nBKS& z%*%EHf#-P<4))OZ2uplUwqh*?04eCZq}N2A1fa!q&Qh|MmteP9JkU|`pVZm4u3t!@ z&Ej1kD$!d1+VQ!gp?AJSBiDalgM>xsU2gMkx&NB)yv4Uh>=R~f77O%jx^LS{HrdOcl#=|r_rQPGQ4Ax< zmf3}IAxYAtMOGaZ^9<-b8PzJ+CUWFDKYLV1c6s_c=s@@^X|Zlm(GogjG*)-^cZhu2 zzlUnmf3a*=F8|$?4)@pBPHb+rS@8&xVG6X^f@=ZNPWgk-jA~)4XSU5)9xsC}J2|@n z4c?Qe?yIL>KkY&h&-676VZ}55ewWuibLYK<@A|<3caGkiSgPL*tYc+4SrzqX0bj>t zK)MT{kDR}bDRb4>gKSAI@@z=Q%ntdHiIGPbqu#S`_=m@bUYPN=tNjp%7|#PjzzK)g z9XFwIfvi_}OpnF2LzyGGBB$ig_OK+HQHn?TloQPW)ZZawB%8y~0uR;?Kt5l@K{CPw=h^R$cgTiF zLE^k|i+ASeuraaL23B?g`5JopR#zUX|8dFrQQq{9xD`RKsKy|3{rm66I>s#WFF+;l z$=YDJWF;h(%;k?(>_T40^dyw?qsqH45?d~%9irGiUfhrmFWoz9C?1=T{Zd_AUDYR0 zZOPJNEl{5a5u{5&jB#vUyX9O=@pbcN46O%7oN9N=w(#$X02x01{}Z8hX<6-b-f^r; zFR_cUr_p`IIp(_tV4lp=D&X~6e98bCxr}uiXAZ-tyGhiHl`coSJPaEQ4ZUO;XX$9F znN_YBi<2!zy&;=*dcFO z?)WfhLCcks&;PR+u;HHnSb|&*?ceLhdJSZ2w`JN4WSQlZS25zU-*-X^x!H-ZjhM3D zNJj5PiW9Ur4}wEmkYK1j1`oGLnO(RN7(!(Wd~akPsm*pi@rcj=Q7{nEVSw-d|7LQm z;ZtGSyS|Jr)l;J%0uLeXpsE zEc{1j$dF0cFi4qLhCv;OJu;di`{fwC%eCJheuSO5#XR;f{l#-*teH8S%*2pqpvqCE zAQ#n)IS0i~1~7mj%v=~|GUtC zo3_>QYJu?tW_b@>B1|XAn-Nq+`X#%*)kNs>9$mgdhOe_RX&0QEUiow0;K=a@N535X zaN17m8PP%#aB?;iEuHQ4I@x6DzBgfyz9%av)xSx%*Xr1GLZ-t=oll1>`R@Et;cogZ$_=M1Ex30&m$ELn=nVDycBfkRJkBH|LY|qn zTGk@vyng@pu7{zA8@*ey zLu0KPJ9mhEfoNDer9l|$fvuJ0xq>vp=TDIX2eyaO8=d8Yx~}}8-gHpo9(^C^>)hE6 zGs%?zN~4qLQxi149Wi@2eEweFh#LoBk)!Kr9~DJBkGOLAIz*uj>xnn!S&0=zd=K)w zR;6F=wPX6OIP-kNeE#e5(FM}l8UvUqIYr~QW;3b<#%|{0nG;2hI-L1hfNej$)^uY9 z{-X}CKStQAgh50xM^t$rRcZoURg8v2OD!0ypAyK*zKO_T^e-!RBK`E?gapQF`hVohPsNlj zai#+F=9jW{fA(K~g$?hBK2v$L>wTH!Ch&mYxBY;<%ng9k30UYvJ-~fH=bUTdjvn2H zWcb|ZH!P`t5qV?6_J%(+%)E(;ZX>O`Mh(5UNZmseD`xhv@0kcPMS@l`M%u{BJ^8z# zSE_#)?|qG~2|AnppZ5{^&vbu2j6CT8G$?1W+Pm?KIJdny@m$_L}*7SVzLoSmT!D zio}%S+;{b}Ya(x|BEhJveSxuV<8C z&O4QcR5hm6)*w4aTLa94o>A5fJh8W0`VnTRoL@gAx|53x-L=vf7Pu5vr-=jxWXKS4 znju}dlhY2B1hkffH9gE2G7=Q0kHZu_(L5vB4|eHTS^QH}hVm^O#F@J9Ax$98I3~_B z+!tD93pT`#V$B|r9aV64Iiu8(ZWYREN%Wh{fWqa187T6U4#l&1XUnC^Pt1@b5!j^u z#t-R48`(7$KO5-Rlq|ZNM;sgJsQssI&)aC%LYO=L;rM68vL$sPG!_|d=LpMJ{e6l= zY!&7}l_hJ@@8yKuIk49dHHROuOjD(x2?w#AP)s`owHy757?s_AXwe(8@*Oj_;^?m? z5+qctTom15d8LIGFE2M=hqSvc`#r6`AW(2`diiLV9qo<;GKhE5Hb(~zRpfR)CxVh+>403>a<_?Zci z?lnW{oM-(ng3V80$u!&54|qMqzcIggf47X&YlW*V>ST@Q^=#t!jmsRS)QzxH^!(80 zvA1!BOM7`g!iuOI%ZdK>I4ZwZzGIVVyWk5FNaQ~L`p)VD-=K_VI)H~Ya|Qu-U}suG z?UFT&ScMwCZ?Ybl#0G#tOoRKWRpr~Xy5}YCchTX%!6!6esC}Vm|4K4wkt$y-4^Bbx zA*Jojmhm~EISRJp^9*cf)C@67lm!CI^SFf6@~DM&Yc!x75($4!9Q(bTV8!;%HQ2(& zSi9I6qQ#4xKOvxCbBT>^^Tb~(50R4oc^);DM)k2h6kj<0;o;zvG}$BT{s{{NVeedV z$$9_=CA?|fWSyemC2(wzY*I5o&L}v2owMI7VUHWVc^{P5{@>e7KZcI9YiSMM?Rx+f zxU>_y;gdU5$%0Woc)HgucSgV$1D_&cS>q0Bz)^cVJBo$V-m^0*`$>A)pNSd!l<0L?TiRw9N9XM}sqr?wB`VIa zND-xKi5r>d8ozy4Cd`AD7xJPwK+=q*f3AOhhc}d5?f>y$P_>k9VQV|R%5S_ znCd#O0Jo;=(7H)lvv%3ic42OsS-0;AtZ#~ zdKL6eT~1aZ0Ovde#rOXTlMR`DSofHkt>#hKlBsP7;#o z&kzH5VB(ky(jHfWVy`i9DABID*HknX1spb6r=`hS<#-_LBB}QXd}A|2umE9r=995( zSz8se-8DzgWnl_ILA|g|k?vx3*m`s3HAB2*4ODa2PH&Jo!ff2A8-3oL>@8PtN4^j4 zci_8s`n~pllXbHF3ZtJleC27tIXXH;IqFJ{JVLD*Gm_R&>9@kS67PcKx=_h8TG>eFW(D3eXW zyS*--wq)IEO710}Ztr+_%Pc^wktseP{&uV*Y_I&!ODb{eeBl|drhG1{tP=wSgOQPD z!mzmjI3Xm7<8!eLiS9t198P39t3vh#2Qp|jEtjCvIq1&AS4sYi^lWL}V&kP~pSWzVeL19(q##XOEUJ!Fay_QD|gqQrM&l|Z{xK@Dbs#{4>T@|Erz!c5! z+y5yD0CZ-oK9Ep>I{rRGCgvs6dy%)OcVK5DeU8Mu;G|F>*Wc2%5Bk^$nxE)4R898w zrIQKm{-vG6<%TriKIlz1Z@YNCk!~|n#Ke}#etfl^=#?lfaHRTbdIVz{sH;;v;rX6& zMl`|cX*JvW-HA3+7}&$SwtuOp@q|BJHD5LQ($sReD!y1dA1ecN?^d>xcZ^MxNwN#3 zmFAH}9-Ur=VRfcC<;L=nCw|YpW!4e=qoM`wHjW{{H~8l+SbI-Z{k2QW@>TsB(`b)9 zXl6R#+~hm6!QRgL^N)NRJ0{+*4_!bwsB+BwyY;&qh~6c1WUJYNbI0o9cS9Ak+$SMt zRnjnm+^^&0E#t!5oqL|w&=osN_USL3HX!;ncZ~RVRWnmdPRd%Zz_kl0(fTysX&94W zvMU}skX56H4~c*R(mFTnOZ06goH!Gb56wS(37DRmfZJd}(AyUh&j%NKmGuXO%R?M+ z8*{in3vM>^%!k?2MFU35|J5D=`^9pu_SW{8h426u$uHUZ_m78W)&NjTW3c4Tj$__k zyOW}{9cByCu-I!Fu5^+0bk6jBWn-KYvpKY>E(;FB18mmMNx3Y{Eq@)C0H zJ|7Ha1Ki>nM##C|<~C8zRFFIk;rx?k8?mAU;@{Nb~gdR`qeCeF87NC1!}hF6{{e9PS= z4|#^vS#G@8w*d=jb~2I6-lKB35lz;n|Jf>dMg zud7|R59Q}Ry#4m{#LN60hdkIChAn5);3fAU;%hm6x6-Q&a)hVR?G-7#H2;kE=~X~Y zmtKNyoEJB zz!4gpmX~ev$jQ4YY|+y#G)Gu&%I~|V|g_{kO!XnS#GHN$ zMQ_gFoFe9!x>BkEk-9PCiDicugQRGT(F#2`p|>D3f%<;yq?HuVz4U}y(|o-(7SI(SIFUkTaYyKN%^Jlx!O5v0ti_4JqJz6kZo$1#1OqTrQx z_y7)@X{IcxCD zu6XQ*Ge4rA?(*aPu<5tWa&3#!hW#f7AG|B$`3+jWY`RnM`@WY|O-u49ED~kCa7a5S25ExmS5T~9mCmF>cYy_Th0Xxj%F47mePZ_x# z?|A=d+z=r*xbJSU^}Hrk$OZD7Go*})Wcn0$w5te02TD=d3{P#q1nYYM{it+vkEods zRrw&E_w1R-IhjLyP&W&~k7@}X$hB$Fbc7Mmj{+71rv|O?xW`duIhE)dKQ8uA7Qr3^Gd`oyJ zXdW65d+C3x-E`L~#576`pseA7Vc-9K&m>kW4yl{f=nYyw?F_UyUOh6l7!J<3Q66-! z8%#&Y2O^hle(XNVa!}oQFf~djqG3kdv>dPZ#?Jec`{aB_j2!Ey6yWR*SU~`k8?=Ak zU_rP?SSoY4eiQyQHQ7rC3?e*@q*-ujnjPfKZmom2f)*NBfm~*-#NK%{UZ(7fWfE(u{_|xI{B1Ohk-Vj z@p0gm_VUc3aBbMmvR~ol%^jU&Y~*a1m)HjRfJ%M=-xic>fIN3Q*S#^1nh$Ez0t-{B zrBLB%ofB;jIs|y~qc0tTKl%W)5_DZ!RGlYVNP)IW5_FRY1`dS`QySU^*^$dwJi*Mj)1){`P7wL|8Vk~o!7JD zelin@hen8TyI48m_bx=LO{>OTR#pvW{$YvIsmldDTU>Gm!6F7#%$vJWTQtR})7V^8 z3xY5ryil2>F0x*@0VVcs%TgW|Hi{PC$k&}HB*f>HllbEnn5$^*x;B!=BDM}|Rd6w2bloq~wd-dx4uV$0k9>tMIBBY2S zEalz08bu*A6D8*@3>Be{@IS;Ut0!Kg4^(0t(_xgZ3iv;D1n}{sTmg?W@>t_XEt5?r zh7m#cme-_8x;p5=h9jQK+u+OhjrT~q0T#TjdI1RjxH{B@you%b0UaSBci$-VZP2tF+O%XJfRygCz(I1$;_56(_5 z5%S*buyqrV3THcfgG5O4yO@*};U;No(FLIOpy1_svT8n^c^lST`OkqExS56N+)G=5q1|uCAKkgJPQ1oh zrrz(%GYng{A`7i_B~%FoFZ?_5hbVhTtogX6xmq43D~EOQm>DA-%3$nXu-Dr>d$?sGV6d!}+l)Ey~HDW3nh9b&T8+ldx!tq&W9F6_=)J1jfQ@ z#S{ccxt#Q$TSuiSM`+mPAXO&~fP|=}P`IK?N7Yz;K)OgNRt(=FrAyIgvH=rIRA?#120krIS}bKZ&4 zi8|l{)i)=WL(4>eJeizZi_HVct5AhiHLFWH>ZJs{{3E{heswy!+AgB0Y6EpOfwnqT zNS!Y{619fRn*ss1<^9ew#l=ZB7o^O?g)S>6)Jo>@|CCq2HQu-}Lgu3CKKga6j>(QE zkmbj)y45F))hF#Y55miG8`u7pA?&>XJy1>v`&@jFM-Egu-F2Wu(|L&B#DGM)&URw^$}hy6>_}3{{mm<)Ol@SAVh7hA+#8+wKQv6r;Ne;n7fjpP&jmW1)aM4cBa7K$}c7+yQndzf+UDoLJ1 zw!jLF+8<)%0r6Q9Cz!@NmhW69CtEvg&<9by2)eKW)mr)* zvd-&M2*4DT<@H1fGX3 z9UEGV5mY4=rTYds!N!3owiIW`0(XP7<71(-nWx1h^6wa*Ay9sHWcYXw)x6 zt=5&7h5LPP2Qk7`N<3zkQCdz2(tvPMAe{ThL=+(Uk?b4T@KOj@7UIGdLeZ=7(sV$A z;n`~w(W3Svi~X9vtgO?y|7rO{k!UR)vH6rp62+I4M2?RtW?-tBMu3{BZzw4FGG5!v ztW}%79i0pN4;db~`Yy<^$A9F;tot)J#&(m@&R=$%yB45jTK2~O>3Sqeg;vO)Ct* zjc9(-_w9;`uU6?o0ofIX(;OIyFT}0LP`ov zvOh{xaWz>_^(pj!bYE#KzY=SwqxbGy?q0g7{c}&}82YLNQ}UiC<}2A0f>pa+xJR<#Oi^@IWL6dUbvb$LmnWp# zw3!RknJ$U8!&S=~U1X|$zduwHyD}ED-J>#-%(D40g-7W8sNj0f+95thRE?v!3jyV7 zj&3LboaMEmrtQ*U*gpcPzvO1b-s}Gct(<}L>LSu)<|jTg41PGYKgTv7+jP+t#mHDtXs|3b!0cSZ)VlW2a{PQxU&yY$TNvtIHWqi~~Ag|E4FVe1#Hs zy1DjbF$p4irwbJrK|_{-q(DvP;fO@CT0a)JeWUmmogU3NM=eLCq@TNfan54>|9)09 zm6I;JbO8ok=a}zdDAkmyYKryXYpoN1+|_;$hykNGg72X1{q!8l>RnLTX;+_ zVSAe@3@!<4b~(0yHR*Suwf`L$l}=uFf9+R{=#I}+kDM!P7w*&KWBkGP$%?NrpIcHr zFU>KeV-w0TQ$t}!vjOaDX&aT?1d!*WcsK2&=dFUp0#unu2_UEvtpKekEs`TQ0}0LI za;VWo*VbRhMlRF?Z;u2Jj8)d@qTS*D-sa(N3_@pEd(b1n+VhYRj5VpSxqCsd_Ftp= z3P6$$$I4JY%t#e>Bv;ZGsJs@^RclXQLTM;l9^w@(__`GYH>y8{@${l6`Ak;|nr+xq z3+rO@Rf~MjaYRLe5sl?WWtGk5fs}Jb>GIC~1GbAY*%NO4v)=h^c!#aqv++;nZBH`` zcW#kk^u6NAc;Ocy=q>aB>}okBL&(Q5L;EW>j3|^urZHX_*$)q!%Wm~!Wl?v?eX9!I z>6DF{)aZuVY_MWV{nZgoBS2*USA5Y?eW~aLwybsuC_cBv)gAgsbir;QB;JL1aPfD$ zBb)u@Ui=mfb&lW?bB)k!8{lcXWC0giFpH{korA^H*~PU^jD+ zZ_=4sbwjKSskIKWr8$+11pkMt9DCFi*;99taVEDugh3b~W&KMqP~O=um26<7{U3G~3Fa!=%p>0Io6IHZ(v3 zO%@y^hs^Zp&fF8**M7z}SYjHku*ZSgGdIFR2LaSiab2nWcvt}Nm|4_?_ z3suT6qtk{FgN+3wOPHm^oP(-?z`mL9XAjuEAJt@^V=6-~D}G%{-`=VjR_W)9rN~?FP#{2wH77_iybh$R3?M zC9?T)PPX$c?ycUXCEs)1A%Ty2#y_5DfAlUa7mt}v#R{v~>@T?u>#bQ;Do}4B|kNHyu{CC-% ziHZ&5FB|fMXJ+&R%1bDtf}KCqOq8_0WP|~s*s4hj#)zlsjiavG>pwL^#HHzy@szCC z6oFnSiWnfB5SUB|c5L6S@8Kdx_2Ws=wh!I3?K%KyI>?&tH_xybPB8yuq1fuCZMFuP z)wZVHNNK(?=}!~;g5dnb%3{m&KJi|6*RqfcqF^KKwq4aXD1M#l5X5sBr5;BT&UN(g6 zGg@_MWgaY1I9CpNoAv5o+LlLEDr@0G%mI*$0(&(c=%b_0-g^@yT6@E}M63E$cKsHo2>8T<=8?&b|G; zS>Mvc*Y|ghOaHF9v&nxv1$|zIO5WwGD_21igXip=Bw>(u`nWOwH$r<|EpK+%PQy3_ zvzBfuFEg!Ot;I?BhQU+)!e3W3v0a+G#Q%NuifzzdAse)OhAoShbV@Dn$5@`EZXbSN z1Rd0OKK}kogjznK-ZA&4$|rC~e3w&UUF^c7~1V49tYQiw*)WtqPHek zE^%c$)Aasa{jGMg1b0$jBb`jJjM1 zo(ID>ZfdUs`ib+=LW><=areY$+Wu8NX@q9p$D>E5-&Z5ji0i8hxlzJ}ol9$Y=MY$B zoI#G<05yDd*9mOj1(_^Zhu0d?sStbU`=+*g8vGnS+>WGMgbA|)e{#X5>HBqZ?>tm? zfEUU=YYGMQQ4hQ=Xd}Hp1A2iI-%eA!Wbl0&kMi_s%ldf9as2|-I1V@5*sN$FdDe-U z6lr6OYRuZBu6YY|b;?CeoH!X}48Ob#z2S~8@8rKD*+7@KK$pRUY~>n+!l1|U>-{Qw z8}-xd6{w#rRHJ*6K!h{Ch&ImYZ%v^sR_y#hSbpw@>*CSx;a3T96aWD8?+zAL-|e}# zLF-UU><{lPd8<7DYry-#9OptzyvA0oU;c8bl}3K8!P7dns)yPNFZQkad}F>l6GN0l z61|h=`@dEN-EEi#Inrpe$n1pcaFu~T1x)e&bx}jb>Jht!ggLL7R--a_kT|%Vl zgoF|xy?BNbdmcRECf&!%Zg63H@y6n&=*x(~_J&K>r6gjhckL^w`h<&K|=WLs+@+kK6Wc$#hx9sVCHu ziZP)f--`01s)jl5>jXVCo;Pp%cAi1H$KNzjvovw5nqu9rJ{cJ`9Pw{QHS$E&#T_L# zv_bood32W_ZBI`>wufitPx}uwfc6O%FTi)rOgv~fw%7OM^O8}QJwY+ssHaWs;SBK+ zE4brf&@*I)-GHXeo*DdRup70&Ft&-XGJC<CwA9U=>y=R6@`o zCZD_PdLQ=l%2#}{s4ozqSPP|3hG+ZFd9oUOCgdSnba_!7vI0dFe~)Eae{SQl^SHe< zF2~~Ab7io;^DeO7DtWISXTJAUR`q;o_R#8^1~ANOX~8^aIi!6ufQSpPhRBiLxTyg>$c_NmPdfi2)T%4F01<3vv^nK#V$FNeBHBD@YiRLYG>FmwaLG( zX}Lge6{N5k8kYag|6UbDQir3ahVC)dr=(3miY5k=bpPKXD$pkoYNB`i`JG4W>>h#p zmQo$nb0@CeecS&-L*{swXsv|S@mQ~0N_cIp6MgCg@BQrV1NoGwIS3F4zqA8G<+KVbq?W&WPq^33FLqP-kpS(fG5#22$M)q) zY{%5+xrv@Q+zPY0CzOl!Psqz?>>rZ%+owHZV!zV(W=gB_irN|H z-iVC=Ny}@ulYh9(@HhN4VKIT?7B^SRXU9MKgqOxTsqS1Pzxv_=6NG8q2oj}6q02t< zq`eH}1y9Ly${>(?`pWxIvs2mNEv)68U#tI89YmMXohzCA5`GaGfYv4!=vei0~_02`hsSzqnYz$wTujc9YW&^B3`15 z=bw6=(i%10nH^h07wwCPa$(VRUn6aY8JO3kvlL_> zbZ}^Q#0+!XY6M}r(E83;WESV^aY0(|(|wx(k`nk0PR9x^Fd03sQAi@O{Jxd{z@yM} zJ**VUM*-tS2ErnkzEK?Vi-9_HrrL!$!9VFCA+HMgP#>FuE%bXPrsrsC4W;Sa{olIK zziYMA`K(R+i`b@OM%`*FPGGBRDuvd4ZZuas@Hd z;C-<3JG;j8u$^O|D}ICQ*6T1Ul+}0=efJO4v_)Ki5S(3YG~#4Y@>lICEOrcD$|ujp z?J3ReCX^Khuc(*NhL#+1E2k&>DNS33)rJ1;x&lEuJ*iTlj0f zA!*t>OrtjSY1DY_e3&*R)n9yl(}+#gsdPi>b-_odQsDq^C%|Ni{7yqLPoNG1n*17= zEnk4Hsy$xfEz_x*WM;~#3h2pLQtVrrY9fjo-q2S?k+>NO&YGPQrcY6td+)*SHk@l8 z|8y5pKkti)>BY%_Ac35@b!#n3EK1S=DEVkJ#UQpqG^>))oMfJ>IZ;h;yrhO zz3b-cT#aHImI>xJ2;*x}#nh6ZrHd|nFU6Gtb7t)&V&;A3FXY(Mo$6^&(4KZgK%@-0xg^8Tu=)H$ zG|x6BBc;DL{xpe!+AW>oABMOgs;$|G-0YhSn*53b^BOi1VIc6%!Y(17@{Z0l08qx% zTEmn%B+ks(f@K)P=RX?D{lSwGnj&`6|4rD&h!aab1Ke zl;gBxCu+VMZ6PQQ#KzcE^3Jc%MA5Y?GvlZRqT|ABY)@+r#G^FB4BTqvF$Kq$TOQ&MdU!+OK#{wW0QIs7VI@@4*rFZdImDH z@-C>u1_|}=^9PnFI-^#sDlHYXp`)ji618dqWM>*bG{Z&GgHV;TMI@ z&3`9Q|7RdbGc>&S*Dmd=H+S4zy)o$h^5%}{y>50-HFWPB2pRX*KAn#*Uv&m|M-Knh zbxWH%c(|JT&Vt)#9~_d6l>!4V>a+fepd?4o4DSqmh4mGY5Ll$K+O7YU#e;*3b@)sP z&&?E=)dyGBj30>2mJ|t}5N&n6!=M6&B~fAR()_C73F8t0O3Vbp#&W=?b!2+&ReRV@ zU~X>IPZRT<*Kd&8`3DPNX_`p9;F{?2_OtKSwW7@Ku-c9drhjqFxwnXlDN&?klC0A1Q^x?2 zvfw+^``b`vYnmw?;$bxUK z-Dd(DJDLnfa|4K!55^?I)k309s0m9m%PGiQQ_z{FJgC?IhKun1ol?zUxZ31c`2T9P zmm_HPbeAG7c9g$3$^MT)F4tC>Fwa+aF1e`wE%^W?NBx&@*xQ{)k3XNY(akT;{RS*C zw`XgB({eQgnqvkp9rSm`c3eY4w6=0uRvJ^JOnX@dgl)if(vJGVb;rylkoN`t6*2GQ zUXj9DGz=|)T|E?^(}9#;)_PuB7a)Qmh_GeHG!i6PJ<7aL+CsAOh`AXijc-2@9N1aM z`J?ky;r>y(4!M=TjiT*t%0zc@p(loRI-t)VSC+wbJS~O0w z>TO2Q@g3D?U?(25f&>;fa_wXE+M|FV9*g}$9M%g8qh>oivh68G*h-_W!dVHKAWVuQ zT+w&Y2Qb`tP%aS#rQme)$Ea535CzPh3mCGzKLgCbx4A&CB$in3ieHyw5qHa^!<^=7 z{GH_6c~(kJCqO)%U~{b|8d^K9&^eY2$4Wjmda;1JN61AL37&7nMwz@HkyP)2!m|Is zkM{q}?%R;HifNG@(U~1mZIDWE{~n_NG1J-VH#cJ^?bc`jT0d<%T4wS35oYJJ52q%+ z#3aH*mmQYx1UmnUL8MY-H?j5ZQ`L>y<3q93#yCILANoo zU(%SSvU%n7a=+C`jUoCG9|fo_d>8<2n(ddAwzDNd_DK(by3jE`h9Y5A+ZCKS2`f3E zrU#VcItHhbvuBJnU9lZli)R_kJJIT*6cZ2e0FPqOANI8O5_7!mgm6We1f^gO5N@SI z-IkMKlnl?sQIy-5eVGgEShFNxZos z(*$exbS0x^pt_{7xhp1neag{*)~bg?NL4_H^+*ak_jkxbf;SAxw_|pkKxaCP@ihAb z@u-dnPn;OF4y-hx%vdUgrKECG0B90^cj%dvxuwibyJ8PCKj+eTq)GqX!N!R;AL57A z4y44kri8bfQ$!z70LdT4nE6BTKa)I1@$<7;pgQa4yI5x=-}lF(?wIPnGtB1Zj;8pv zXJW-y7X_)-@Mk(X8H&q?Gl^EWDp$OU|FdGYR4M;gjt=xBL-Iy@E_-P^bnSk(PBR}? z`99rW2FRyf31Hst{ygt=?}4(Q9nWEr++6n-Q@855gbOavg>uW$gH6wZ22NMH<_!Y? zZ8jvHC>vr#&e<`OiWGC%Sn+xGC_>Ak!2Df0rQ=`ucTx`{l0->x6dM`T zuj$)KenxVE2T0y3Fg}-Rq~__xNDEn>cgP#Ep|Val84l(el~u(Fos{%Zx+u9*k5fOu zI8}YG=owEBbL>shee~~n*4KrJPGY+|aW3|?W0yA&vb0EYK74^~Ys~(7(^ps1T zvIr}V*pCQ&1ZLt_GX5W3Z{pU})xCe$(n4DqY_)=bphd-rNdyd#L`oH{VpIfVj35#P zBtn=o)lxx48AKTb5)l;zAwUFVN~DO$lzb_j+}K(B5_*EubYYAt_B}#ID?UFkDKn&;yh=1NoMJ4 zu5%1OE1TwFwZH;qnB~l*8vTo`c6zzMTLAFDgm|B<>nbXfqqN|jCOmY~JHM~_{8;pR9; z=y(`j{*5y9b{uxK4oB|hvcc}Q<2kt5ONCU5mmc#$1DcUw~Dxi4)+ zZlEDw#Z>myX<%n7SX*vzcdM4TeV4^l8+2>v{<6-6#Q*2pG&9cDO8#0SMRODOYU6cR zd&Cb#emXYVUek|mnHFGQl_ITw(0P1&k2g1II|Ed@5l+cx67Y?}$3s$^xq;(e+*$Zt z;dW>_!Dgr5Qh$Dr_joiBTQLt;+t#)CRuYjb&xoKR(HUFnw^(qfzUwnr$fJUWQ1>2` zQh4%8FEJxJPES}&b}V&e9{CW9?2O4|`?Q2j?=!*7An5HE2VFoj-Jn=G%kR;?Rk02r z8}>}6z22K4c`W_kf0!BY4|`mEBwW{V`nR`_&4ZAcHc^qES^sA;!oB+EqSQbE`Gi7 zlN-VBD}QWf)V>ub_9Otmr*_v^T6x%F1x^{=>nz?pQw}2iDF1OEjGI(aARjRo&5h!4 z&-hN=0pnZ3gQTM-fcA=cjwUX$!1kaZ9zP?CxPdQ?y+CFC5?}dwMVS}4?sjU6^G0s8 zx8CtODH#?$uGcdfJft{TNM>3oUtX-{eLcHb_%A#?=TgJ>=~N;6^y3znH5v9#EJkVg z;i$oE74Pv1C^Whf;I_^fHpZls@@IT6AKKyOnioL}HhL9PB!8MA6kds?#YxjZ2g`K3 z7?P?6-5FNH>wM(kr?&dy?{D#ep0$(y$it~{78w{doilp|YdKe9T#nr~kVDf)OJy5fx=;*k9I>|n~WBS6M z+ssE;xe*u6R*H|8Cn2ylPp;nzx}>r3{oNEK`4ouz#V(@&?4^Q2Esq>STWUfhP_$J5 zQ~lW{{q`S?XjyRV03Jdc6JWA>20@PA@zMh7`OGo6J!Qr*6EN%ej_E7Ng*Kl|1CWI) zf)@|2P9Fxl5qHAv8rA%wNjj+9ZeiW9Id(b>I~AmAmlKyn{CJ z8?$UuH>VgQ`~*n~;fT@^*|zcE!7G=K{@f!*g(Bg!2?Rhl$Xal=F4HtcgKBaoBjcM! ziWl}XU*5JaZx9%F{pdEQG8W18C9Ic6ReMauz3JY60Y zm{vMBmxz+g@kH@;r*$Y^ir}W{-EMLB+xP^{|Ew7b#s5F@)9&kKttob?8#MKFw*PM7 zv?o+S|NKt852grl{hrHXJla_RAo|^a#P9asBcK;;P+ld4Q*y&O-m~#-rKrZr-o2(> z-#UVL+Udh?HY!G`2ZK;SnJ(MaX+o3iO|^Z&j=q6y=zsI;of~`~P6hlxXyxXvfyd@0 zB2V> z10`1uO$;aFZFv0f==2K9Wtq}Jl*u_xoDFn>nI>krM~3rD{5fgCE_KA}|2faQmL9Bv zVlIE`A0x_Ro_w!Q*(>IxmBKGviVuW12~0tNHB0D7J>cf9kn@t8S-Es^-75= zUVk@T4&f?dR9)-P;A*Ck=?V70Z!3upsKy={VO-nK-W4ocM_EHZBH5odkT%gr zIOlp2OY@%?2ojL@)~T%peIUT${2@#J`~eJ1PpD~8$mxyppz)4~f0o;1K2Rh%18;x& zKikgtmh9qR?ei|1qBgkEsn<`dAC-nb-^f7}xTgE)OL-NnjPs3owG4f&Bye0MGUI zTk}f(!~lpb$R7#B;k+6FPgiTzkz4}NPOu5CYnN8Elw&)a)e^q<8HLQzm-3$$K%@~* z!Y#aO0FbeT8}sKJjUA>nhAKupjFwb`ZMI%j|Lyx&8-S1QuJ2jrrjY_l$Ww?mlx#nu zrscS3c2ZTx?e9B4UGq>D2GjQo(&?TbH+GUxpyQzFhS%>A(?EcPTdBorL)VYNhjR&q zt`(Qr*Lup3L*5(3w$PRPb0Tw5Mg&GV`!c38ztr}aTIa)u+!6qCZB``DvSs_v%I~#4 zn+8c|8HcYa4j0k~fNzk|`&6%-oUkJ+kRTmP6*B7Uhm5pkwps9~PA{sP-q6k3kikp~N z3$rH`<&-a%KoupE>a2f1TVeC3=tp7iFR&AJcTMbdGCVyslDUt4`MFK%1s(g@ij-*8 zvca2^)GbU$X7EDKyVOeX2ykV4p+Ti7x(HD8%B6h{!gYSQJTRg_ndHvZKHz7=`4&82 zbx%C8oJ%rfUYy?GT_Ju{fa65K-D@a~DM`gvuqA+PE{$PO{ok9~dM|cUi4KUU`70M3SsJ;Fv*SZR3dL#)LkqTO&jEzr5LCb`gVAip75 zFCb1$HZ7+on-aM);4=SqP3#lir0+h@zwq%l)+0I6DEV6WKNrTt&y&kt_~gy#ecC35 zhhMq5-u>1HT(gr@>SkZ#;)Xa!4Z6^`R9$8fC%t0I3)S;lI;4Dq8;r9g4e@8iP8sFKD|6s@q6U2Cr&PTfj&Nr>cgv# zji1B-gw>w*Nz>J3C+yFR@^#LgtfV!8dv7$>xgT`VaCDdmx3eaGQQ@^T@X&Ez61LSx zkBeFu7=)4Rx6!M253b06w_5&vqYg+E1t9sG^3?i&0VNJWd)PsPChVbtY zn0M`KJ$$&X$8s(i3rPR1|EOq`_X41lfj zTPUlxPv0Z*0Ck5jU;X~nvw8r4&xwGph`#n)`g@^G^Qt1oQd54y91}N}1_(gZ`fDOD zth=btUf_P%CD4!DEwWVgkAa_mw1lk5Achz>{5jIM3udPB_u)As)+&sk z9w%r6M9u2yT-nn+VDw9OQiN{^KlW=bAUee>IG;ZH=yV6Jrj&9q|L$kKolCl&z!hx+ zs;}?2-@!#LJ;oO>tH2n%-Gd;!pSC7HaZ)cGL$tIxHMcEgyo=zxucW;M-ix_d)mBCF z-;fr=F*myNCkUPdz|+7pA4*DhAaLiPAF@RXpoqo4-0S3;>G zlXK-NFJ*{~l$Vc}4&KX{?YwZPo=zQ_pJQ<`TjigO1sF;?${F2Q`E~nYitv0u8YihM zs|YvfPE&16QZF?tR;aAyDm`UY8hrT%{7?$kd+85z=g$Va4EG+jVWMj!z$fLgVhEk%SoN@kagk0K;Try77Dc3pMhRt`SYYszK7*K4X1gces zl*J+AweOHR)_f%6^CrMy`(KZ_jq}H2mp0?GJwZ2O2Nv72Ul7EJ`MHVtC%{nQCAjob zhPfv&e1$3xIlR5zvi-PgPDrvojMsM#26V@w8^Q~NVuEiC zA+2qe2mzerJII}$Y{Y6(PsUdPvR&UQA^RZ5 zguBewag91QIizOdl?x!PTXY@NX#*=+v{n4o_z~uu4Rt=UDBp(DT(-c~T$Sw}rWf=7 zg2E5a+YdQsIV$b)2nj#g6)7};8KC2Lfz5WA;eC0VlgC%n9;?q@~v#9d}-Vy}v<{rzf$GuxF!*vmMLY<|6 zdX5_3uaE8j?2Y6aD^4&GhtNf}-5Fs|xXcy;g~sAl$nzJAQFVszevGF;`j)!ADrW~= zz&)OY#;VZqE9EdLrl^|;MJEn@267|7K1CGZGKBv~|LDgX;p*WAO5-7H@AVRBK7>P1 z(>O3GS;G-G1#+0F>3lFB`ZhZ&l=__wc_Wnuf$fnq`{b2hChK-EVDP@L6N!zRs>Lms4Ab`6E7oHJ^`4gVV@> z^=hVEU&x*L-Cm%$~WW45Qg zG<=^{K29;r@F8234|~af?){5=dxwYxf+)BRV4SiZubkK!II&X~D{q0yCZXy{E0i}I zWU7XwT{(fTY%RsgX^!aVv-7Gsr}7}!?V@t$0RU^>(Ykq#OSgY}YmaxG>VxbTn}T&S zvt(zL_0E<7pTZh{7cS=WSI4KXrpHfm zP&pAPh1~OfcIWex37EMGObs1{?#_meGZkx@ICTt)Vf{t+J>*@oVw`Z&DAY1-Y};4TycO)) z$!PPMGih21gio+zonLrs!(p+BkA+VI`A^eH&%7tsUT3=P3ZSBwO`7&c1dnq9#yNfZ zlP`Kw2!I!mglZ0bq+Y51K`vl=J4#~N%5m8Nbt#TtYAJ$De4lYB<&BuFo@3*D7zb3J z!>@fP*PhyC^i36aH+1uCAx70;R2p4|J%REaN1;_K#K%M$mjB5>1)NbgAmUW&+2 z4G7QeD^R-P*2Mc+>s4%C(Kv4rJ>zPccwQ$thV7}!UvklI7xIB$& zF-IXyTkW0+S{g z0O}{;7H0I>3^HLx;I4)$yjS_~tsp-L@lu0NVl^-p^}%17`IHLu@>)|kyw?Q&!-MxP zOd^M-!7ox`)QwQ*ii>%Q-?W@RO>|RcyDfnp_Ro6!Ex#Ll0qP#J{+1TJ++%*^`08Ov z%;1_x##H0Io;*{pLDlikibHFkjz!Tc$rm9a`rf~+ANxo8` zI%HbT$CA)n6HS#v9f2w#!0_)UixvPMNC0NdPSWooOYQ|*-?*|3xEg;6m1YT4t$!F<=21>v8^%{zX;@o zMCoa-YfPuAx~b0dwdit(r5Vq!0m}^j+S`WlFc}EIj5K#Ff!>SOl=5z1155lTE!?Lw zez24lh3v=kc7@QHWXMcSeai2x9r?fvpGm$dhR`;0VITg!nRt;YU(xbo9v}@6 z)Xk~a)qmd|930d-pNw3P(okfaJIY8ijwswij9yxk3096@DQI;C%6RFt)iNbK$nL(9p)|z^qphr~>9~Vy`mcNFL7)<*tC@L3{X0#WU z?G37tE|_TD%guta>Tq4`fCG7RIijWsxJO=J@IqQ1C zzAXTxZPw&X6dxzXY6Cd%l{Ike=r zphH)_5PW-XHEN?%sxRjbzX$D!48SjUAzeAv*J!DfR+4c5Q?4i>GB3k?Cx+<|fOUBp z*=y2dGK3&PMEh5Fv<#`ruCP~nt&BqHdG4!Icqd zQk6R#h8W*McBm~>`l>uhR*M@pu{*a)^6)24b(;_jET+qnxT9R9CspKFNc!0-0SEcM zX+IsdHmbQ$ykdNCh(W)8GzorP_Vx*U!$OBh>*Q@2?hNdD(yt#k-b^XmC|7)4u9XCHfp&VIvA5ApGy927Tg4hj zzr&-l9XN!P*N1hOyHth{vX9PX1XVoI>d@H{yZ~V?{6WA&uATDM9_i7SM5h-i!!ofs z6T%YWdQQbIxW-{_^c1`(tfx6km-ANq!s zr}ANE1TVA&u*t64kgQD4UHmid0q*Y)RzI@G5+Wc&1VXm9CSJ!88_oz{+%?_{(`$3J zO$i3J73xylswGr(1Gp1*Fj*p*+cA=Z{~v+l(yMIg2Ou!Ko&8Px#}YhK_9MD3nkqw6 zWlfdDA{#g^GhD8~wWR5%VS~4q)cwKD zCU3F}H1EbxHm}NoNQqSU0C*I%1ZLmTG3yZ!0&wpIsH>EFFnWhw0u-oZvuLw{wU6AG z0lKn45}`5{Dwpqn>!a4-Z{3h|yrV-X!OL89-}BTx;rv@bba)HeFA!mqBuoGJZ9zh{ z^o;3Tw@X|ccqPJ@Oajn^?d>c!0frX%J2&cC2 zckr(*6%gL!_kQpIxSgwNKSZTsWx;TuMr%dHmzi?r4Ns4X_nG^{i1dHX1t>TG#7xZN zvMFB6ZI9KxI;3Ugb)a$AZOc0eyvyW2Gdr3mlU&cjk;LTV_{9MYH}5m)@(0Te)bi0Y z8Q5A1;eDdj{5P^cXA#pW*Pm|}yuI_pkh5^*V_)`AlP}&Ua07^N+U}2SI@=A8^#r+U ztS?`+mczre->Duy&aW8f_od<IR7?Cc!)m{HEm|6wl=Axk|qKO2Zw0 zx~!S6$RJ<>doNs8taUM#&HVW1)d`#6*tmrm4r<|}*b^%YEQB7tQF-QNE7?4i1(>Pf zs@HDgS;NY3bKA%+2uim9cn7|G>neHfW!>c2KcK%cv|JFJ@pu&7# zqV8c43hl@~yr0mJfuA_fOU3P>=3G0W9!2qjnxBks;OBz_xG|lWGrint85Qj;Dk*Hg z-V^vwEJ)y?8D3XIWzv@)uJu#b@7G|eFFe4XSX~QyNKef^?8tBkvHNEKU?bW5nDT@? z=lYb&p7-|A0OJMXV^jI4PX@&oIJ#-D2jg2(s)hE%n+{1O4oT_gPqp}sQGw!K|+>|x+(_O-|UMRTpP;6c&=NdPCxK~t=aO>Vv9gx7>&3Nzu}}M#4Bm2 zG&Ou(%T8Fs(1)FjVq@_IQA2N|t*%%qPXRD9I&$HQT}_^maWxNj<820dEaTO@OgQrk z(2Vxp@@&fX=mwE{aG(>&+eV)2gheRdQ(IooYnA0*y$4Gi(>kFoqyiF68szUDRrBS= zIG}~q0bh|JzZ5uMle`UsE6t0{+k0bMS|8!j+n})LYIkdN_`u|vNyZcbtKl!GrT}AP ze9`2$1GYLQhJnjB(s0{}fD+gQF5$+TL>x5OZnT(CT4r#wlM23-awcZ(xP1A&cVzeY zcM#4`Xa!PHmQwOkY@{bh&I5` z_z?;?)j2!qpv-Zg6GM1Z4^)~pK9Y-c(gS!6apQAu_yyO*%(0q|9w>hEY2yH}zJOa} z_&&ALamUuKjMNL~h5w@FOe3P{#;xtV)AT= zY77UEAaWB7V<7TGGq6IIwT>j~9RE=jb)}ZhTtq=-CYC5*+ zN~3ek9AQSR+H>Yx-=~~ypGuvuo;;4-6iy_9g{?2w0#tI#$N3#A-$2HUqAV7Xv7s9o zK9#f(iqyhJ%%V#wl3wX4HLs0r6gPZ$K%%_NCywuZ)=tW!ohD&#R&4fpX*=vEKZTB- zo+H4D3>J}k5YFM)+n)5>Jiq-urw*)&+cPcBT~x4)Dsv}iolt#Qm{K_Uke`qa7H)*a z&p)8h|GB~ITWGHfIy7^<*OrnV*_VKO{E>zBHIEnPD!E^LV2wNA>n1jn4R7k`7}ME1VkEWFycLvN(VM#&#-G8B=Y!Ol5gm)hej zO=#H@!YgzuqtR5FeEFg;B@8NZi`os>*j*5>$&b zuZY*pc-(C@^C4{?726=JM;=k~;#&%BCM8d4f6V)Dv_&Mk(2V814`XQ2ZR3tykf1Lx zJz_^qYzh|K{Cwq~p{nq4GHKc9OGW+l&!0RO&P(j@ZFKxvU<%NdN*Mll`byz2h+5 z#0|$t$M9R#s{E%JIL*ViFA>p@-~d-psE%WZ880n9680x}U z)ZT6bL1+|&QRtl(=iLY*`rJla=$`RF_DaM~o+unD;dGlnOFyR}_2#tSp_3quf#v?~ zG~>KPq0DXY{~89DfKxkB;*FO~e%rUz*Rp%PZbrgeGu_0K+qBPXoA{=F9=`UIpT^A; z1D2?i`kfT?F+VEjkThj$h+4|2rSGB<-u9%4FT)FW#wl{0{HELnwTKD}wr5mKFxe9s z=y!ma-~Hx2WEMer;fjq56+CQfP>4hmC4^F5(DI{#?m} zLqfto8+Q;Z1-%65if2{)R;exRhmLW(Ecr+-6H;&p{e!L5hZ1a5&Jgc^|UwJFaXvf7b_b4?BIP6tklY`(xNrk-$GgS18tcA`B|258dx$WeaZ!F&Ch^ zwoLAiuQ6r-@BRW*D>?@tkShb`RcHL|y0QY*`6V|nzBb{V;p_{2`Bt47Jzf5bp36>&ZwF?ZfYB;;5yAo z9oGLfo`1=yL;p3R?U)}Zls=AX%Ml*YdUU}dITtEVKdS@Ru# zSB%}gZ*3|rzqZ!;Q3rC&^&50KHu+nP4A57OO20g{{3LV->x}k`cP}py@qMtZME<$l zfb=k;Op+79ZfG1RE;s~3*Qm+ab4JlSVhQ+17AoG*Y)l*p0beJQK za}&}=uE165I|&$Ect9Hci3#g=Q6kx=C|d>K;sX4C7)u7oLH|GNY(dAT99iwnICTzRNF$)%-@2CYO*oY;P-e%CS$>$(P!<~C-_lLAKh>f zCfwr|OD+-A)F6_e>vNA!-`-Tp z(!SZ>;tD?J;HPMahj;mCzsMD%c8?+^3i0rMVvJrVkk6Dz_AVcFfvdgjo<&%>CA!pP zVbzTKLOHpg>9It{;aH_K!lsOf&ahKkP*7BZNlh%7;Z619dTSUso^ry&_pPo??YoDZ z6c6Qhz+7nv_mvyG8`(>GO0KP;H%rin{}KkMx|}dY6vx5lL8AsekuP^+g_PSmkKxyj zRwP!iD&uwHH#y})!r0%7D1Ltzi~GA#9h{G?)+Ir%ZCV=HDf*Yca1quzI{5Fad!4e6 z=R#XC#vMF&WjWaH(ZdGr@5ZXzZ7+*@N^uvb=k}Ykf(0-7`A>42>U$Crf*RKKj)!T_!E^!v^u_! z^f8Kd)Z4!<`hKac(KPlr0$%y)BIlwWgy$F2E+r$1o7*L#?UjX7;%*10Wjb-|Sxe=6 z;?xNDp4DxOQ-M#kK(c`KjpK^?DX;Kp!usgN0wy@zT=arnP_)L2YW{0rkBJ>sWB@I! zK;41&0LE&8`U<aw6~`LPBY;0u9#`5Gg`Y6WYrgZtN@ zV>B6uzaOT%V}|=C*PkDNZ{n^Lp`UB}Y9XWKE0 z9J~e{5?!IEPI-*>FhN_Vang_cK;O%7=)f)2>B=b|bNhgOe&`(~!>#q|#?ia)aq4D01^T0Q3`C6+zo$Q=~jlTg*{Q(8a zT9ZehyPLT9hq=G*$&x$)_{XFllPciN5&$Y@llO<9KzZ-Qe^!E+qNay zKs_ifXxuSfRbrS~3eLaEH?nt!_Hn&&SO(C$ojrcAY7doTEXC9m=jF+1J?Qi4Nm(Ti zdcQ0p)buXrVXH>GyD7GfDZ&`K?|XLS4+2-u`FJZa_7BkMZjwLsg;H^i0?z{Uept9Jcw|)#62~sNM@EuwxzzidU>#l z{-)jpgo^g~G9tYkH1+ySdh2^A?EPZ^jou#_H;t4Z1%-d23 zu1^LkWPZls);II2@xDhyIGNgS?m{$DXn1l-ZGz8hKr2#FWSd9%puCgj^rr`fxU_{B zH5W5dzG+vW)|(Eli!|xCCWYL;J>V{w4VSH!T`v>N4gb4!QXw577j+L^FbMk8_uEgm zKr@Fm);qf1mB$2AI#VpNDt!AJinXB!&$~1xTACIGE_;uJ&Ag3#iVT`hbN_vRo%5&U zEot*tDe@8&bHHRmRI%AVS=79l%dbN&e*{<6&-wwZwbOiU_GP#~DB04d5~Dmh4f@cF z?(a(Rp<*FpPTUzq+xSD+?chQF_;9J2phYDeY}N(j!RR}|O?1v6Od;Kki#Z^ClNx_);b;r_voAhj zkKsM(-s_;kA~fl%n{H4=KQk^~Coxide0Y58@EZr!_802g_+>LMOjAx%v}xakoP`Em zOz$c{iSr{&?m4UGK=F|HcLBGGWDcf8`W9w+hsg9BC;YpAD}{i`&B9)Fz)xDtbok4hM zGUoN(II@) zjOgfLE=4&IyGVMcVm%Yw$!DrDSQgnGFIKuj&s>C5-|{KNR5lSFtL60ZieQmz(t)Bw z=tc#qQvcrE5x_zXAaHDT4E-ox>}~x7+BT7MUw3HY!W9_owp~aGbsSz#wA0zeWy-)y zVO4o8=3XoPrCYeXe(JZ=*@d5d!4^&n*GnBr7XljeqF>`6n)iUgcNjXuv;L+{i!l(bKj>xiO&m`C-oJmxGJJ zC)kvADM4Qcxc=0a46hlYbp{(*c6!g-wqM6iM^)B~$s|>G0lVQ8SMf$%I~$cg7Z_q* zME~EAE+7b+5oyX3RljZY))|>Gd|h;LsPw8dTUUY_e4qiOL6fkxG^jWEX!RqMWgYM+ z-zU)t6xD8BmbG#_ciTPos9UvUGqYUFUVX+NVvDHuNG0Ru&Bf#emH$2RMuN||0+XX~eMVUlCsW%Mn+5TXA z3YOyKdN+oJNS9`(IC71p19vo!%d2Xw^a5PB^~C~dy|h!%t06YF-bzI`lpPi{9o~N( zP_s_nenHEhKLWb9`F0ecHmf4Spp|AZrp?Y zDIKuV&iT$}+tTH}QzvpwIJdU=^@jEJf|sXGNKyIVX-U;3tCWy}T8kZ=(@?*CtI_Xz z%&b^+qO;^7$#dmDYpncS*hYB>99TDn|I#1+qnR)MeZ@E=#LQ15=+!g`L9C~Fx#}i? zbZlnkMAcfR>H!Py1JJmr=Rvf(C*?-}Pa{$D{EqJ=l%8hB8A1B+kbv~}X z37iU@nc|1jq!JfLdQu1oLAg@@alx_M`;?&2Ra@AbLFn1c^OJmoP=>`=)yPEG!>S)_ zY!5BRpM*B@oOXiI4Hdh!K$8_ow;Q0gq9(2A-cioW^c8V|?3v>L%t2Xj4=w@X6vp>L zk7rB-S-mTxiYxT%*#D0uI^k!DGbYbf@8BPY9l4kqeJ!*`8cpYf_W2pZSLZozda_y` znCN&tLss=?_Y)}oF>8>}>fC)w@!ZK%0o)W~w9u?+K6+Qs!f^SSNJR`{)dvpdf}Ynj zk}T@3=%JSeCQ6Q~H{UM64fYHqzT4K)Jbz@x9DrH%-4YD5y0QUpcQmUF!g3t>6Wrr= z)vifvw-jUf?yRX;GKKh-CdvKf9w~{&anJn)0S;DpLWwj4zVAA6{Vb=jioxv&tVF#; zNhdC_xwq##*AM?!lh?nwZ4$pa(GKA;BkL(r?kYWekZM9yxZ+FWZj3kKjA%vrV`|<*N7d0V};LK6Rlc;CP*oDf7*? zyRK9NK7sigo~rvRFRSP-MwR^d34cH-yQ1paBwY#rCb;*dE418Ra~a&BS7ewFVBO=!{Pyb9@5^C~&Vki~0CpZJr|0^k<^ z>nS)NtWuTJvAx}rym<7DG@`r(VWMzqvz8`PR`dWt&Ly8px((L)W?q|a_u_Wew#TiS zHAaO)^q^nWvz_JA4YsM%s#Mo%A345j8(S0tI!)!8T=N=)YrE;&%=984YJTETy2MWc8I0{I_qkYI8zCZu|- z8&~Ix5Z}0B-d%tVq^>lZi%_l&{G9EO$f*)eA;h({`+IlCKlkq?+ct2yL+ME zz4q$s?Cco-A$z|bniwvHWKTFHgA)f#g8A=M)E-&X1E_~qZw zfsE02sm-6e{hjAcsS~vfpsEt3T&(HKEDrk0@WR2W%g3&3LSl3d2P-&?3nfR0FnEyG zh|g_~pH-e+cXG6+9*dq#hz>>UgYpV3ue<<@ob2&z%syI0Z!51ely`vLoGCoo!t?&RpryD?&R~tCzh>$BT}0H;;L?Y)20{ zydooe18dx8%51`2?(WtLo!gSZ|FE<#okp)Ex5rhUfCow^c(?b+1D%ZeXZxVyATAxjmp4l|?8Xp=8_sS|peA z@2Bqog{qA3xFv-w;Z}I5;Nqg9n7!oI5&lKe*57Q^i`np%iMiF*6Q;0+n#3B(UhT+M zZU;o{nZ7-u&0FKF1}o5E8*^(5N!K@%E_rU1`x#vM^hzu^ERlfAPFB_qAKzpmN z&Te34kk>kR?RN`szHSTrs#y|9Q}-eVaLFJ023N4Q`S$d^Qd|vx@H-=cN_rChwQcB8P>< z#5vw@ypBbb!~?JL8|Y!<247nGB^}s06L|VxqhjLcV2GRr@CyODY?8LSQO-ThY6qcP zdEn;-m0m9FPf9yBkbiTvWmQxMJ*^rdu2O-d%vP)T*;dlJSx^sZ^2#nUtmoxj{e91Dpd7fZdfYXT*W_1vz(!$6NA^B~alb=p>N->7U z&vNy}13$O?PHi9m;v3G6Hj1Hb>QMAHbkaV+j$3+!PR&b-jU*AJpPdEoud=jE_n{l5 z17z#)VSv!XYBXst!TA=E_>BB>`jYdo9RZ3R!vY851g&=L#4B@=MO}jZxq`yPxhx%y z%TmlWnkKq&%SQR;aAdDy zH(Id=Wll73LUykuJlY~;h#6no^*}ee?-roZIERv2i%L(xDc_FytNhJ;#&CoD2b3f5 zyZk3a=4N>|PtKG9{1H?lt}R}o}|DOmY5VRuEYdTNMgDKxSFDwFY(xTabqjwoKF22|dP5MDzUyAhHS7=ceoq|QwZDBSfoY1p% zi&pe)vFvqW-udhiDE|N(dXr-Xf(rJ?ISg?0JZ>AflPc=*!L%^y%Yv#!-Sw?ui6h-^ zr)J8sEBvF)I`sy$0nr&*k7yMdf>BN~L1yRkZy6wd5Vw=#sYlo*do>Ld| zyQPTs;rOjCR&23Lt(@u6P)27b&ie&H7j()lc0L^hrBnu{mD5!SY|l6=X>aCuLt*=U zJpWB@Wh2W^_=Ykn<+M4El&A~4uOfMNPWc3);2F7bS5mnF1ba&2K`fGQ&bBP%avkT6 zM^*BS@wBhGiO}C86~Lx$Kg2uJ8-wYZEChG;OS%JE!o00kUTU>nacszb4jH@CY2^p5 zg0-MP&&GZxZs(iYy0y5;eYfKV>lYkRR!%D>X5{uSRXhhpAxNPiW-pqemmUFq(nI>t#5EOjcvD&$aybQgNRugHa1Sc49{L4QTT05^4U0-~ zmlWZoW{@U3;_cYVK>0DdsR}Q7m!y}i>g}Mn$}n`9zto#HGh7zsd9`Y(1#m#>9Y@9n zw0e;^;mD#?Mh^Do!o$X+g($GR69&Oe_xSw2yZiZE zSJ#z)=Y4p+U$5tV-;X=elh&@pl_4>W00kZ4A#+c)v;YV3u6WrGZ`|+$Ppf%)e|l-A z5XUUCMO7h5rdDImRgpH}Dma8Q znSO6q?Gy3P<}aCat(Ih`<*lNQYj6(;)42iC@%cIRl=r9f zt5Y?4%$d88Rwz$RT9gHy` z%|740T{yCxjBx@Ps<%5O);-rc6FFCA`SMg(_5m2_b)QSiIn3)cP+aw4cuBDXn#LkssUBZGX=lWt0q4U#M_Y@=9fBPOM4*K3xIE(XeI zCOE(rOBOK*%e86*fU^;t7OBk9xwL~N3&?8LDW-bPR(sCg?s!eoK(GE%AW0PV0f_j!2Bqa3kDw@kOn*CWIWl{J zE=%TWzt$EdYezUqkXg3sJKDVMuz4X_%rHfIwNn4R82?%BGg88 zuZ#ul+`2?rO^${5wk%OP5xzYPzPK5FlW*vx8ImStZ{%XyjPYOkH%Rl^YfH(k)g^T5 z5st3gvi~1r3-H%7dksQ>!g!3ah`9yz;PrCc9STUL6rPjG%LY=>Mzrt>UqH)ftJP>R zFV4dLJzT=Mt$wf_K{d@c9WpbnRqfhsc=TOHb4JXsLgXD*lHHn&rJBEt?E%1^FiYWu zij7e6$~)!Nce={BkhXNV$vsMMYhm_kxmch6#Z3$znp~`i-k?m9c_3)i5%j^TtCW3kYcT9$(Z^j%+iYHhFic*xBIme29$=KlMn%GMhqe z_?EAwMuts3UXZQYMkt&tguL~jqF`l~=F9=Q>s^{JEr`msxegGfgVLHT1fp&JMVt)W z@#dnK_eGM{Q>^MO@;O{}zS^xQ{Eb_5smv7F+7LCeMZ8gV#TmmyXq zz~z30DM@)aDK&}bjBat(fWdyVTzAn2zckd$0_UhHI(>W*o1c~M3=`?7m-1vSIIZV@ zmA?j;RKrnQ&(AWy0o5AD*E^RF!Xi6fo8=unFOjjkb^BA&W1e_7mThz?8O0t4LZiWv z<`2ph%wN?ZYQNTR)foXrn>3q6ddfZymFn`?wpeuAwZz9z%?8iOqnA%K+sU1z|18a| zIC^C#6m`cdUnk%Cb-`}|6nGfT_)V4S8S_}beO&xTZN2%%nk8F6G{7YnWa*$*t*U?>&Nv>2 z6*?NRECdYi#KcWOz~*_mbu>V0SOU=e{c1ZIkNeUGUgi9UH;-&1;5Usd%3#;10; zRR#yIyUj1q#$=0xjC&mE?jujaeBRK<7`J4N32iQ9S&a&LRSk>DZ(N+bE*JT$cjLUZ zG7Z?nU9!ZOf5Y~;tml(bcFvXtZh3#XHMkC zwa{Z`RCjcnt^sho>r7?H1;}G`y=VM91q*~?LRP03e~A76>l1aLmG7&hGPRh$DTC;B zDtZeGXgMT6$iD?uT8~xg#u23w-1;s{+W3m(o4oZh155aiyl2&#hl# zi>=i^iQ`s)`U4|P2pJo^xSRl#p|$pvEEYZ|1oWZQE@2kb?^}hc-g}OHw=f(~@>F{! znYxjCGldz5w{V%M`cTO@!yu{$!3z&v3(xT}-&3JQJ92DIhEnM=kd*^hR9^c5+;DB+`t58(OAFM8lnM<%749=a#R*%0py+%8 zhVEB6j42PQ?lJekZU9*doR)2XB@yYa+>(pp5{DNL^S^Z=gntRk{eTvB$@eu}y2AYQ za#MB$bGeClpHBgpp130oYpZL;M6S_41~FighwL==yZ-LVF|V)Ct!EXVKC!b})gzD)4-;3*g}Z6XACV6KrE2(S!(?TVMw;ZdAERBPG$ zqGEHBZ{Fq8shf=38rri7NVU z3Y8opx%$C~x5Y8kT=|_ip;56O7WJ%O|NCrk`Ox8DPXcjSICB@GjpOKhNGnuk9)x(X z(2Eud@F6oh%DiTsa8Yy>n;Tg1Lc;8tw`eS*^-%<-Y%2+$H?XjGTI49lBm3Hj$Jq^p znXBT#v8Q9WEsXem4a%ZDO+vxpwF^pJfZi;DZw0O?bqoUU()jz+3;bdB!2rN+T0E9N zh}>qZpvAUc@T>G|?Q%Y6qZU;+*O@}lP(1c=FV9gy$S2A_VIM+GLSJexEF7)Oh70D` z($aLE>kLF|@$+=Y)JcE_j)-#GnvVnCW>V4fr(-G%i2au)2*f(;mhdY>6gW!ifPQq3BVFJF^Ib8q`4s7 zQAQUFW1nr+`FyitmVgiQRPmZV&|juQS!=em1#do7>%7xSx|9UXRZ80;N|}i)t<7~e zV*6btWN*6~NxHX5KMV5lttTrjqOrs8?W*iR_I7<|a z+DUZ)EZCtHezk*rKnYhaRg_L=F(5edW6P&2rDEJN+7&5lXQc6BJR42X9uurL+vX=|RYP#*!kb!(>_1aaU|L)VI0G`>}F; zT4ppsg1F-tSnXTkozr>d9G*yt?EjsBj677`ppsi^a%n!v^>cXA=Sb}6dnf4u+i7bO z)_2B{QnEaMR`ev$<1Bp>O3c#|sl?Ab2!6Ufr`Uk9e5dh`CBiih{}<$q`XX}WmKK|3&Q0HAtU6XYqc18I90#ZWb&T@!lHCJ@Zp zBH?;ZL6#j>Ir{iB*ihOQHnPviazx-wv`2}0=?Wf&@iUHi(n=u6$Tu;JL40`9ypPB0 zkdt$SJwAt8@{xq*&1M)o3B3zeG6Rmx=3qP`=#S4~qDkJ_4H3IAq&-jzA-AxWYeT<} z9weG~rWj7M5G{03splTs8e}f9JR^{a?{QW?V+_KjrgZ-*XTM~m`hVR zHTqR?^y^^I-`=9S-PiM?;(_C<@6qem_w;Hh8gnB|ABD&R%jpz+)!ZyIXmGBWv`X7I z8zH>d<>Gp5q2&pX!M#XA_uW0(#okIzVe8t~b+Q7X3V$Nu@R6pxtPsK1M=x!p0%v9U z3)7&0*N*CJ_8&0OV-NMozD`cVO6Wa|xRTacCr!m%1G`csh|<1@eH zEC33mhu9Y|-Yp=3x(vWba1mV{Fh)qA=_DAy$migPZ z#PRn{*3O8KFhz%spAdE2hTow@_)Qnd%ralrjNS#sOB3!2VN5?ZMwq7DK6-xE-DpgB zKzXDNX0at~?wcAhz2L1l!2GKCIHys8!LdyF%F2GTdN=PUIHo#jd^)an*^?ow3bO)A z?B;*>V9m>6YUZ0ALyzF*KRzLvJh*7BolparP>_Ic_!+-_MNk`$646&6mFil;(vnP>WlYC@IFr1 zHJOlUhN`dg)$GDH5CTKrAOdvO{z?ckoD67hPpY7nBI^*!%(h*$-w>;>uI?O@mRh|Z zT}xGF>i-?slPy~bfI>RBt?=&Vsh;=GY<`ANoFq5Xf;&+UQc|_w+xR!Zm z76DmT>Y<^oiR#UJF~CpZItPe9*G^`Ji)s|`F%dbPDT#%IbMb~9`e_h#jJaij+Mdpw zF%9fV(=Z$*GP}%t4pJPM;{)CWdbvwGq$SOAS}iVr_Vk#R;E2lU5F+&Th*?1Y8z>%8 z&b4pii;5=b)w>+JSS;Z2Uh?N&9(=~QIB z{S%I@%fjS;#zgOJ*#B1AUI!)1XfK}Pd_--$W_IRR81N(-5F;Fgr zyFdOQ1o~Q#gjVY~25ZRJiw|V}Y<_47dD+L>9h{niLts6e?cB^SXtw!{Jv0BDnP4Tc z?9>d)vjvA6MzFjQiiOU2f@AJ#5pak+TG!4#E%D3ZsN+X0oXY?x;Bv_+ z?1369b~e*G(zPVUg!i{fUsi zPt#(4`r=#$9^frlSh|fsEl|?ET;0yT&>$vaCmn2QBxSu!H`bp*u<6I_K-iB0H+{R4gZZ@E(-Xx~8tQQ1$%qAoS|Z0vk6 z_kUlxB4x#cTXg}5-6fy1wx)k&AT9UFj+ zl$r#nAnfs()ZI}xPeryxbwZH6)wR#nTBvHG&o2mur4HDY$UhaTRLv=@Oy|TI3RRcn zIKQidO*~-cA&Sqb?y%7d8hpaO65I|#;%DtkFWg`urF)xR8o}vXS!GzK$1pz8|L$tm z>i$0fZKC!d71_U)%+%=&et6?> z3U*3AEm6@SO$GV*)Yu3mnrByDP|OelarX4c-u$>B(<+2{jZELMoQngSfAxu z*Y;3*bxuo1tV_z#JBQ4)MP*sJ+8$6)PD)DXGVciTa=ufUJIGYCBP50_Mi0f;zOz+C zRAm!=7Y&qMuxB}<|GkaU4k)Gf@Q1HnyxlsA#O_YF7m}`SD=7s&FPXIxyo2 zyg5IRkx!=x+m`#?g28;`;*OTbAi`z~(k^GM9Vy*)s8g}tZDL!CN#rSraiEi2F&Z(? zi>tUFB=!YjXYOnc4}gvufnfFX1Py271+U&xs8F1rMcNU)oBlJz>2>JNSa#X2juwK2 z51xozK7e|?*FzF$P&2PRJ+<(ZXu+C&!0&(MpzR|$Z6=A;n4>;fuaj<>_@9?9)Xr|} z;fg0Q%8G}N`$k*0SegC!s~NJVx>bWyn1w1~y5IP6Hu_hS-fmD)x2NI7!07z4@isKk z%|njEGH=M>F|e*;{slEdOsPt#Qst;1>mVFo`8(n0&jb*{Ldp8WPIiN@z2MvDyjEU@BWa(9NyOA z{~%fWA$R8xJt!IKyLKkT2Xp1qwScAC$5ykmUNdvE&@5V>QeV@3hTM}7^0@~&awa`X z`9^pQ*fE8i9q16u#4GZXgFeMjX`*bi4m?ELqKrJ<;fR)k@Sr$6*?Eqs(pRd|T!mC3 z3u$|D5J`Pwbs4-xf(ep#_RE&`v`4##u!Eh>noI0&Ko$V8GV5~4@+axq)~7?{r%JSw zQDx7<(s)~%7uLDiz(kM-=rl4`OejWH!fMj#F#-7Md5IbkF^%YdETK%_@m)4Q0mQst zV!4Ai?_rgUpR|qDF|*4r@94X8cmOen)EbDlF;@(kR@2B=L!YN`m_K3_&magHk-ReJ zE?3bMtT)1-rH6Nto)Ij$4&|XO_~^weR>q`ul=lw_qdLbe3vg@jq)jujDWiuK^B}CweQZf{EM)0|w%`K2aXwp?R8ZMKDb4*$Ffei-J`($D z%vPu7SiV;V@FW~jP*J>ax;}I;J}b)Rao}E#dZJy!W|9k{DRi%OQC7HdI4k2Jk&MXY zx3F!M(}1Mdy>e^kTLDuODIB#1#QWSyGbBwpQ`sVgXY&1-OT+*J*hS4UFexLd2rAKq z+Z{Aq_kQjwict2|nD(`QjCM!x%`06hwy&N~tP^Xrq-BvMHmyMJl6C-rWqA%E&cbS- zDTK|~k)%iiC-Y86Ae4|xpw37Oll&u~(Qqnh^TBIa2r+*8*V^I<=YPNIBT~l%#4tP=9JiEFeH@Oun*r zK13R3U+p)@-HItmh99BOt>eBS90U5RYX@4IbCvqiJt07ogss#^LYcFqz71nHq))3o zh8wTe&x<=ob4kdx4`llHA72^i4dir=VW<9hEz)BiROw~PT|6h|u9zQ4434^lFATP> z5ROwL=Yaj!NoN>kvg^M1KGlW3wW-F>a5cB%zM^Ml3;bW;r}j8 zRpWK!>QkKDk2X)PANTrtI95rhsQ-1i=fj;3f7m?gk6cOC<`CbLkv2)IigvH~Z#$qv zsle=C5-93V%0-ab4oVlHq5?^qvlU8`sVlBG#mMRGNUzXnKSSym8`m>?=mOQQXGBO= zT}A0-pd!uCE)dZClAMzrbqxNLW!08NKU9PoThjq73YoU<5PxChtsoeM`kdyH$lYm6 z8E&6pWhr;a^#Z1&44+A(g;&8)ssptaGIOxQ8J()1EpiplTa)x&aJdh^$Mt~>Gt?ol|es7&{7xG8jgqZ|H-nz) zs+&uubd%Or(FUecTIQmW^Q|)Sp;Y8WSfL~p2R3WWHksDN`%lI)fW{sJ)=atrt^HKT z1;fXyW%tp&_L&4nxIhlEV;nU+OA_s@G8ib=fd-@KV? zHF@*Xn{QUPzt;wQMZTBOamBSph-xmL6?*kkx3#07O&(%=<1_ho47k&I|w?G$E<)DuLoi|VzAUfV|qaJnP!$< zzFRv?C#`(;H@ETnbFAGe=>4>DSk1z-SIAuN>GIvSA4Y#CySLm&)*zMhY{fkD9NPA- zKB_3Y4AewErM*gs%O~nt(ihAZ-n>Vo-4Iu@bZrrkmcF5MqN|9CtTUdNLb!l0!c+X> zg*2C-2^?TJDV})QJ?k|veUPf&l0t~sf!H&{?wM6|Xzu$@!8RJ)q-QVj$H~z_xt??S zYXFQCev6${miq~;?EcTw#rz#Wm;>G{uj^hpu?GR~ax(e-_U?>~?@B%3pF8IYAFjp)m-}NLuxx z+}KZJ-XXK)wOYM^UbE7(6Yc>x07XTq0sS?_!2?}}Fq2{m*0WFJayqbWRdK5j(q6$O zlaVis_WSKjLNm&s%Lghj^xo=|AyIQuVqdaH^jiS%-bc#rLShX>J?4{#f=%8Ri%%~^ z4Hk^ffZRetYX~(b;jj{|6-(Pl1A!n5E3Qtj#h9lLEuJXWnOJpQ{YanD7Wc$@T8^kj z@Jqjg#fWV#^E8W{jp4iV(nW$*^8*Q^4_zOr{qraRTyVhQr*lH?M@h_Xd61%+8szAs zuLu}^&58ry&H?&)t48U&Oase-DIgkVLPb3YZgWT|1ju|DXlisma&#{Tp;R>xW0|*M z;F=4Q+=Y?sa3;K$h#nw|?qFU;eT#0VlxH@F&gB3NjOWk&$`=ilb)FOQE_gm(Rr@O~ z%gE1~GJld_pFyq!%Ev`-lF-Dv7$vRFo$St+dJuNm=iPHGOa>&3-4bB{vaOz;s&;)p zbx4`RwkS&m6xN)flo1?4!fiaTDmAKYg^QN=vP2%wV{&qj%<1ztkVRH5gL_ie1-U^x zn@ts}S^4G8-`&Q|2x3ZSx^nsB4_$zUUC83yT8W&?>WcdK=(=>dsfcuAPvhT<{~_v@ zpyj`QS33@PiY$;zHm?6!}Xc%TC)gD)z&uNqR9=LC|-nmpnTy=7MpaH2m^|ATsrhcslDhp*!WsX=sO7m*D=$3qX+w5G5+jo#HFxiAx)=?U~Umd{0ezvA{K4 z2pw1pDYg_xJB6x!Nn0o-^h-LLtPe_7w@8gqe=K;d$q;`wzLE~YYRA<51!afUD0petonq1V$W&0hcQ};2h_Y5^@`V`jxHV`BaMZ$7Dn3oN5*2|Hzi;y zBi#>T2`ap%G9@krn`8}zf|Cnm%Itnin8!c_j!~uO5dlUh40YMS6QiC*QXuTfbNGtO zT^S${l}}yHE|7#%S_tm#AkZnLFnF9z_`MsWa6~+8xdw!4ZUp)ud3)hqRy>eCb{>%w zmJ)gblU^_|UK-1oa74Yn3HAJfU5Cp^uFs}6rvSB&FX^{%4Y$Yp7I(4it8DAdhks)d%?|67 zhccsQ_A@9ws5qojM#ssxoaPFombk(U1EIwr*SLgFjWuVMM6HihERo$9a%dieDhzv1 zP@RmfxHk25R%){2Rz-i8<13_jI~&<=PIYC58z#NDwe0=j6dinuC5lvV6BTIWD+t7y zFP+T`MjMQnXRE>uJQRS02x=03s8pBicrGlr=Gd5=>Dl?H84Un1UnF&Jt;+_oHEm%G zT@O4QA>v3dRUJ>2OS60|ffVrAx@L(XE{k&<@Q3|JFlA0XzdN(^6xV!Te#iBU&yT-X z{C&FT_`Wp_C)GrElhc03ep5h&TSmi7JNNipw5#KlQ5i-Ul-NaIeL5$et#%>s3taGi zet4TwXqQzA_h~Uw&;a{vj$1a9e5uCkYw}Ylo^}?UWYp*9x`LY(ccX}L*0)%Z>%I7J z3ax5tahK2wuC+sZTyVcEutF}7QsPt}sbtQM^C~E-MKk6^6b&C7r_)m#BYz-5N(n6I ziyrKA1Eq1a_B7DU&lEddinqfay6PJh27vZKF! zaI{g3ejvZyDf&s^UNxt%T=JEPq%fpvDq#8+rKzB~)KT(iUqP{aagb7!uV$#y9~WTn zi!WD^SKMaW;Uj4FFqM1DsG`Ffz7_R4Ovm@r2SD*$Ep?n11HA_j)LI+T(Jp+(V94c` zfdiEAa#%hgkn5B(*{V(KcmM2SPfp`;aD$JNTt^nBwem7T8FaWwc0oXfaRzitAzlT5 zTD({ZWM|Kw46H9)ZFzuSZt`3iR2X{Ym^iZoM>**&jA6&S7>%rI^fG33$GG=kQpOM+ z6*UZ`zW?6Y1Aipk?2N4JS=9AtR#JV_wW(FZ=S|W2Fn*5vK!F4rdUOy6ly_o|ey0yz z*`2$mspL~#5r!NnNF!J%-hKQ7o|h8FUcH9{j;??l!B>xv@@wnbA_1WC;brzNIf=q6h&!Z~P?rL~!S!)X$GzhHc~7JoaU6Jwkmw`!A^ zi5NAjw9i4dL9eRIFTrdr%#M%4gGJp>Nyk|JQz>hWRD?Jhwmdtm5XZKdQ$O#Ug<1x| zdz|Ar_3r=}pqF?mxZM)d&e@Kw(8B=kxr*cpayhs6F5Fb#7c9ZzxgmxMRXd9lF_>zW zO?|BZP63Vqyz*e50)6fIj)kVDqmZh6SAm>KX}mwnVYLgirpN5^%-uai#xwka{|l^A z;7+!wet*Jd@6k6INB>&s1n{ZxO#oT@?Z}_YvfhGmnIP2y@b&QUTs&Y8)C~9yCzr?r zN>Y!jSuxYgGk}@74Wvc=)jJ4I!VABp+z}usghz!i&nN?4*g~iS+D5wsey*NBK5HV; zxbr%luuqt6gjsGP(MW$73#Nw8Gsv^;+AQgeC`yo>av=RJBz98ck)x%rGSdo#q}$Y$ z>hzOAc=VYv&vtP}4I?YJ%pn_00%bAX-J^OK>FHnG5O~{aQFYS%?y862h4{Jp3(DK2 zUyI56lmy?u_R!67q<#)(fV^h{J<6^dw2BJX%Hi-ygm;{<2Re1A06+D9<7UF z7fCe&x;JfqvO1FmHb3L6_*meg?IRYp+zqT#XleG$nU65V(yW#*aI9Ea|*H&&xI?L<_4rmkjbGR)Y+tizeZ*T?q9VLe5KdLzoA zQ@X~y!cJw8D|&rDcD)^|#cf~U1TV2cwo%x^3~rcVD<_AeMOpjrM;y>7j`$pIJp7>2 zTj}5j=M{!xf8l~%jMl6H{MS$^AFu^1{dqTdtv{I5WpfK7dak3m zmdfm+*SVwl4vNrjn(Dns?Y z>-ckw>`IZpK8HXrV`qk!(Wd~cqf;uRkGs4L_KtRp@kq;*phqITeuljhJT6;?rWx=Ghv(&^)Xmuzfz6Wl7s4xz5s(NaT|RUaHxrk;sH{;jtcDdhwX+0 zuP4xfPMQTh!zaao%Gq!YF3G%#t>JZ2z$6DF-{z*^(Jp3CQuz9~J3x$#GVW9GK$aoH zUwI!AtX#IHYPUEye;-M5Mf3dbVm#q;`eN?^5zLJ~Y;s8tUL#{|Lt^?fOukx42x;g* z(yuyIR9C0S&XZG?;T}|eetgV*ew!Y&hEMUR74rs*#`yc(&~cj?Yi|$}2-r+Q0_2P` z!e@Jm(g@YXa>c~~-{sq_daQE@+aXqoJ;+9sM|GTX4YlLi{>{hxkLCl+F4pCLQH;t? ziP@!ikbAW=5p5Bzf_UrV%nO23!M?Un42XSW4R|6-*lN_O01H2Jh6E6P3a>#)OR7 zO>2)%R!@-!GR?H>C{Y(j(NDgrdy6QyQD+-L_*vR<))}ejU2cWMf;S1+m3?!{LVLgc z?vWaB1Q$~dfZ~@k_ZDjk4pHBP-(YF|OOJP%|Jg{$0xW$1dD~~DXV3SFC%0-&ef@zv zI{(rR0pYApcO%%RIEr^PGn?83-hH;bYk*tZY~}?&!&MGz7xNwi*_&{+SWM z?vFD(fNCABB$2__;TwSMYowJP<+Yx8nHdTk)9MKZnwC~ORb-wj>@YzFZ&8sI1>Ihf zc>`_X^Y>>Zf5BG%iU;hx5f(9&+cdz@tecn=kgi9T0_^(@Ja-~^ZDVY>Vf=r@X5~|p z(B<@~@=nR@vwCgdBMJ{4PMRK#4}oH3+~>B>q=@dQ^)$d}Sl}CmM`Q4iEa-zGB@8_V z0A9n*#hZtKLKcY@y)X?m=Lvw5Zp{4m#@?p9EObfVncMX!S&o~3>{4s}=dpEkXRBw^ zTzeUIz4HQRI9->sFtdP*jAuE|%`%q80jf-_`@e2*9q8G_NG~7;Mt`$uj-v#wR_SQh zmwlyP@@q)o0r0ql+j=1l-aY>8+Laq%`ANW_=e%GKNm9*K%NRvV$5#)s6I2* zcmB!R1Y~|9ak+VB>`o>9(5j3B)1m^oPn`xWjtBL!WPave10eIY!m-%EBLfBYJp(#Lq$_9y0g|w{JDS{ zO&*>n1>6hhACvL=wJ~7!8JGoR3w=pzVM$8`aKtu6tvn1*YCi0!2^N_fA2vB%JRt$* zONy-~>>HyfRK0u&N13uBwL1c?;ZuXfJJmVkD|bk0z(6NpF#hFon+jhv zGQF_Qf87*UVI6oxvnU&j-X9@Y#!a!^sbNe!>Yv`N|Fa3eLIBr`2f#bo7A9oBD}H~H zbq0H2ov(nG*B05G!6zZ>3yamkPp_}Y+gy-q5j{nzR*tYB%jVvrD}a^n_6MHq0XIV3 z!cu|JZKrF@8=%n)8Z}VL)Oy$VT>hneM9iI-1j9*`Lj$k6bm>b`(3dCeio3T|Qhg z#gmPUt4vqg>Edi)-etoLNvNQ2ZwWhmnVw<+f*BX0wjuD`y#=@THYf*rAfSD0QEv+C z*nk_OzI87EWXs{6B0GDijO`M;l+iO|D@IGL5%?2e=h_S)TA3mJI^nMQ|F0HWbX9yW zdpR1D`(K~DzudO!0v+pCswdn{@+uFzLZzN{8PbUTQ3U`Kd#DTC|NC$x-=?uhnR1% zX}N7y#cH#f{1g6&Ei6I$9?11vQwF991oUa3dq8m7=7!u5f08rSSC5{B8xnqR8v{-p zs&bAfi%OU$`>7}UF*7wf7;k_B*Tq2eR_q22iKxqw9lK-sqWC%26m-22o7ZaPoJF`c zRxb+>*5NV7;)%~C{nbNseUBv&OdJU$KQ4cfn?Vj<@R)>mrE;MJ+ugi2<&2Nk(V!A zAl!Kq&NkbYEte6cBk;{boZiiCcbgkqUmJtU<1^?X^P7da^ZddWq+;EMT()zr|9w~a zdmav{&HisQ|ATusMq5StFPymm%NvyZ*+`&CX4bPB+p{!6{G+r3;N`e(I=Wj|#VUD5 zT0IOS6Jd1kZpgr##OBHfkJB^Ts2%enD!Y!seP5Tz^BGlFH5^J$!Qn$7m3YzszP-uo zDyvYrZwpyT3c9-_(b)L zFX*%JL3si_U=GS47&M-3%{BO&OTJ+Pdix^(o=!CFYYbWEM08xt4pCoqHe>7I4zB}G z5)J`LeZ@aHtjD_Ask*o-lHOs(UU5BcNvfK9H>dbgb4up6WlcbqYu%oy2%#<7rfmJX z^`liCyKF{=14Fu$1?(An-R6?*?Qj2l>&R7cBPq5< z;`R1bG4MfNCV$Dlo9npFV2dMVgv2BOH;um`rra)D9S6GG-!J`pXYavGli!Iv z{tJ8S8MRA$CH^ErLhZ6+2rlD54w!A^w`{^K2`X_T`7GWzeuP@Md|hpTVb6Yhxtm5uv<>GR)u1;PaEv@QcP5qoU22e$ zsz3n+Mj81ppPU=jaRu9GS7$3?*Jv2rN%*5{H)p`FzL6?p3cv}2ebrzSw{>p;M%E(3 zB~`^F=gtUX2~&vQgRr|O^E;=BWhMj^wtr&~&wo5>q8dhKWRV!xDx$J5e*_V{Z#JR# zL$o1?>DAYVnmG_<((PYs-+Oo6uI3-_T?UBiI0tG6=uzx* z;_y$)5fF>|(MTve|1$cL*P+PM)@m1zb^&4SoA8xxR_B5W_MT2C| zzMRd>mVD@P&Z*GNZumrma){k;IUt0^B?7p^cp;v+f@X*h6&q!zct0L`fAmq znc32tkTE>^bQk`Y$U~U)SUAkam8GW}uS=~iE0E`AE>VE`vm!jvit$`6C2A9c<@MCo zPDCi}BS*2Hc#8v>>%dgY2uJ#)vHD*};9tnyi9;lt>U;qApo-4B`@`0Ky{y>r9Ci1- z)Nr+5yH`aIGUZY&z59P3{bMQAYmj}&Vu?|dM0y$w(>TXHiTUbI#B34y5cU_1HIn5K zr|Z)_ws=Gq1$EqA~{`SSM5Cme0`!BY%;ALEVMi zT^Q2=I)OU0mWf3&V;TC~Oj4V(VLks$z$b1CKLY@e z6li|~*fOg2Mh&_%U5nMo_9gqtk!aNOq67q+@k**S<+PMvC*BpF8*O^(%B?9%i_-{P){y3o_^ zoUWgudZ?Gl^O65*xcT1F1M7SNQ)QKbN^LEThFyPfTz_?AId(u}Vzn?r>T z`A9Oa_FFov3J%n`W6rT>G!hm3FNzmJPY!GW6sE^;AEW&q zq#j0V7Y#e8PJZ2uwIJ4+35$u6u1k#KJOf9P+vAb#5amXR@QRylV!C+QF>n-UxX;YVgI*PINjk_xtN$= z0Jzn=#ScJ1aJ-NKUV55z_hj?&HpE!v@0g|j$nTDfSstXX7C^$7L|YSIsn}Xht=>P+ z>zqv*KLZG`miU?%E30R-fB-C@=$r||pv$c99n!`uH#CZ##w*wFV(n_0L|Dc<^=e`vdaU);l(Bx}j+B;C;~&(0!nRNo9-huDgD%r{;)>{Zo`~@~q`rch2sdhS?>uR02P= zE5611_2vKkcMM(w7uhOqwO6p=AxsUY2UJZAd~LiFihx817f4t%8M$?U#0nxoQ( zR}zKq4}Zd(1$hUbFn?A|4o59bRfC+jt4l&tSOHMmrBeFw8ejTvMX&%OkDob^-lv8+ zw_RLeTaADtxB19RX5Pe5ubTeU={A4rjS->la@#F@@oi4Sd_rJH_oufNt7}Go|C}w_ z>t^dj{2HfVq(LMbJ2cCH|Jrk-ilPlG2m!_gYtLgAP;jQIikeYm``L4(dAg4$?-^ZV zUGjO6VX(_Nraa&Es+XziE6Kfm^uJ21|L~kJ>`lq>wVe3iPP~taC^@+_kTV4@*sBhL zW(3q~Kjtzb4-;Ba(>u4C zb~6E2F498IBf!ojAS{8!I6RRPR^!vpggJF58*(4^=lta34}z`b?oJPumcs_s{qHPT z3%culyZc2M)`%U-qWwgupMg>w!mjGfDEY3hPnKpWp%Ft#&gC2(+O6V?w}vdtHm(1C zheN*cN`Oq{qO5h>wxRR$F_fSTj#-iAO?BIudvUUc=Dl^do_nFgO}Cg7A&}yrh=w8I zLaA)@X!~SKG|P%*4)Cv<0Cae%v!)qcC7$=~w}b~bLOwTSnSWN%d|v#YVX2u`>XB&iBGznVU>CFGkZ|gL0gGW zPI3LwM{O3)11dugxL*S8;KTmg1569fce&ugQyb(NU49;hKA_Kb+iO=usyeOwg0gwP zv66EEUn;XAOQD16Eq~R4&I!YvP;`2mFAm(USeS&qM{#MmAol+C60FJU>~UfNAV&Gi~r@bQ(ir|8>=XiZt%QSedeFHRwU< z^b}S#YcAYwEsrdEsMfx4GuBe$%r5#qvTQv4h$;m^CO}FA%v?ayt@xHYdZ2ZT1x{1f(Br20X}_LQ&bVb#3Mv#>TB{axTdz^<%irUAdoOZ~i1bgM*rNy3@#=u47AUKpOaE}90>y`xu|GaQ1GUCRVZ&H41lO$q&ezDCK5*m=}|6IOq|DaZqRI+^UHSQ6qbx2)e3574- zQ^^h~-jAsn&y}}~u&w9u-VBhQ?7?(#{@n zjmzns^#K*1Fy(qJdS?k074Q9aAjMu&3^>S6lEMeHdqq*pIGRy!NWNlX>1}$%-)Zkv zTyK|C!E@hppe9D+X>#o~=U4r-r;WbbqTbZYpD{jvwRnHr`=Yf+jO-MP@=W)ZACvcZxh0k4TuLSt(Qzw61nggkY0mhgo+X{;}?u z3-3#K&U1mEP_H{Mr&jHm=%IG|at$YrR$u=l0vr;)_U~0qJwju2)^pjSk^jO7{6wQ> zYRqFHie4UB`cO^Jq(=+z)C7gDpOe*pSI-5w`wx!*=mY44aY%N5Vc*_Mu$pJ}2%8B9 zFaz}i#`Ji8E;rtOonH)H8))5D{Hah?HcqMu_+wcPx+s_B-c2;6`{oveN70{?=)bG> z&vUJQGO6zuT{S)1LZ7z7$&57M`9qM0BGIuFTxYkH_e%C3N^~$-NZ&z2=96l!gmhn- z_2q8{Nxc2-vcCkDWF~|CQ?Fkt)EzQA-S#R0-PKoY;{T?t9WnUMPKC|WcSd9usP?B| zy21B6wU*evDMg3oRW;EC*uMa*0s-W&XNicdM2h zp-xy&Ck186ru0DxE&QImFCViAzy5e6;lr_Vk?ONlVm`~G^4a?o7yJr8=irx;_9(zl zek!2b(F*94vxF#+svBKz@M)!G9OQ3%t;icC(UxHuQMfV=Fwyu`a%pWX{ z)T6!ZceNZ3!B2TjWSICw;DC9t^UO6RCps<9BbFBhIQFub5;HAX0({3RYU$ z71&%*-)^pXU!z>*@MrP`4%abSkQ>T$Q+&Pr%UJ`WpBZ&i)lAp?n_1t*0Lm_h*j3>y zKV{WI-8Uy@a3Et&SK9)q+s2^2ZSVL66ch$YRp|D@zdAOB2^vr_1CP0=XRetD7I6Q! zN4e~7dDE;kMsxV(;MKKf_ei$1g7s&?lKtOq1fzxuXw2)}H8ubYse!!Q)QPvZr$3y^ zX*kJha-n<*B#)2B8;wpeUgZed4=zi$`d^y$JElykS0iS!pZU#u?i6-k2oD(l153vy zO|fy<<6}FsCjGXti!_)&FpkwXbCQ-iG zfxTJrE+p;_GwnB~aU&# z&Pt0^Ra=LMwAInpS&BNvT6L-%Xh=kml}JiL5JJS^ciH#**}ePo{r%O)!#};eUGLZR zdOcsyL+MfWOEe5qtj2+Vl~&yZW1i5Yt?;VD-pumcS?x$$Du&6VBF{w&8(5N z>?KucF=Xy`^Wb~l=se$J7adhs=SHqbz{K)H{QU#X&A;P{ZzHUC)^T%1vND7e`yH#P zQ7l+K`_O=*5FsN#a0;?IbpvijO$e{-bC|7Ik%R@K4g6Mu)n0`k6wRgU|#FTEW=Uo_8i1OsQ~S?<=B`BJUw;*Ia=1_HUQ{ zj4_k)aPC48{z2H2#QWpO#kpX6qtRIFl)*3N3}YM7_}t=Oomu>6Kjf}hDcet2@HSo9 zw~HoNwqB7xB+toY+T*#`bv|xF{^4m>Hs#=h@Jx%gPfyw9FVO4FTsf}8bb5P}{M_W(M_9d(!v;nrV6#jChKsxD>=FvnOZ?`n>|j z-=Rc|Dju(cH_!2AUc5hQh{DFQjkwk zHsmgIRb4uOrT>aTSWa90D26N5Z6tni>xk*J5=tOopq&kFY1Zt-3;WS$sco3R@E-o@ z1wL;dlhvHC=Det@(JNyPY1XYX;Hk19!{DLaoqfq}P4B**dLp&!b$98g4?;e5wzO%F zT??Kv1^k)p2pURK*maN?pSN>~Q+jHHc)#Vw#C)x}Q{>fI@L^Z_Rq#rs>iZP%SE;** z5(>lXuWK4uX=69JiS$Q z!V2O>*eVtK#U=T#Pv}sWUC&l)&O4r04f96rKur`&BS#Xay6am%<`1CD$Ti|?out>L z8k81WPJ$7(-eLa6uF=BxBF~1ekI*%v79hV9O%(>uJ+(GLrxdIE2iv`TDZcXe=Pfp* z@{uW0VWA=YIs3(B+c0Snp&RwlhbdU_Y$t z8h&|`2sR4FzfTmOP18+3=3`lAFI(Z6>4V?nwH?Pg13h!!g&3#`R+{>Zwdx8sm0@V6e{6iW(Okn|TB&bU$aXOh=*@nrnSFVK>EsDLj#;b`obx9*- z7N|NI!$X)K7h=D0Zz}h=tn+s}$KhNzRO{kJ=V5ufkXhpj+j!5;@4Z0h9!`@_lW<9s zh&Y6V>y|w90fb9fp-gWna~kc}Hw5j%fw?!6yv>i{>2AceL+NJYlN!5($?SHbiQoTB z%vC0@DmbQwrOE#;i;G>=$!kqg zHKxTrJ<83RW+*u+tjM4Z-SxmB!&p0h&i&JA(>XU%ZCNR@RuKA~S@BN=n(OXi$P=voH%aV>}l{>u8}X zIvN+2*eydJ@&cB*#0izN?YHzT&RE)hFfZ3Cc*sN5Pvuap-htiwk(%>nzD1akv8SUn+ z%=Ol@iIh>O_%{BL z8llMxS^Kz7=vPo+bNJB-HlpMOSFM1m?W83O_Hd(sC<)o1SoO1yk>O@^wZnQ3j;=bJ zI6Q|P%DUO|L;GxTqn+Ji06kDJnc;8z=+3Jl#1{9%a`sj~fYD46IbUwAuMT}S)LK0W zc95B-OB`g-Zurm=$zoleZr1jZB+#R1#IOldKDz*iMNl^K8#5G~dcrDKcM0-~Yz5KI1&Opys+hs7h~MG1d&(1O<@7fH$qK;hfLWwEGwX4A zk`%rfa{#=$G*$@Z=XeI3ybH;k%u^vpU@w>n_io@U?|Eu?Lxb~c6$sA_lCH7Q;xzhE zETQI8@7jzrp2s=e*0p);wx)e%y=F^JRQLK^i2kV~u8>Akb~oA*`JOo}>M>F|H6 zn?Y6ACX~rjW^E9l(#oE9TB(m^dO<%CV;+HLXPwVK`j^)gR-+wB)>$L6ZeyU zKHB)UE10dfwD|PArdn2k*?*9%+ui(WB;UZ z-g%8lV%E^GESRKsDSPoL4d%(N(3rVSkJ`tTeY`7N_mP2n4EZbew?#>B1KYDT;(D1Aj3Tja zpCL29A$ReOF9|zc#Sm`YJT2EB>L0YDkQmghjYcf#?cCz`_*hogl*4L2xoDx}@>dpf zTkfziy&AI*+MMjRRVVc5!J`eD66|~i&!B2%;OPeG{5XBK`WCu%orxaQAmD#XOT(gb zoe_Dh({XB_^dR-WUQs#7T#nrtX2n3AN9+LICW3#daJs4KL?X!);jaD~{{(A> zy}I9W$_y0DuJYwZUEFQsp(JFaCy~7MQTEZmGKa%%wz;BXESN@;!fs7-o^>g?Y2abw z4Q$YFRO;u%$gD*P)en;Mx!>A3Gz1U2hfwS0(&PCrOFbl;iYc@SO}lPFr<*?9Sz%h6 zX}j@cSOpl1X6Hr)>r9=A69nwO`oU ztey@D39AU(9~LzM!l|~jb=tRj@yKQZhw__K^=J8@e!=+q7(N~;yiN)6nj83I-6Ca^ zRWe5CvJFsfDrx5u-}{wStIPYA^;)ZL(pX0ASN`Xl3V=xyZLhiB{a2q^yGKtxHFfF_ zgqoJRA;^UYr?nn@SA>(YlYxhxJq;s&|C)6GGlo=xi|cKsb9ID;6|qr~i`6$$gHeu* zq~VKh>Sqfc$$t!Wv2?ep_u-NaW2OY%u%0U`6v~46_i$-P zM3hrWZRy0@l0`*Ma&}L^H&#biLVn+@Zft!$FlTS=Lt8Ov7FfyHl7S83T81DT9ZOVJ z8~S+Bf&zJ zMsq^fy3#U(1n&+7qaCZ9?)D8~Z#`fpn`<*Pbs5p1SQH@moF!K6Rt{afWBrcvEMh^Q z1C{0MddIP8$JorBoQ)Wa-!!5xzZ!_A?rQH2!qO|_++%Bu|ZhkUEb>1hsiUmLs{VWIk2mxoTo=LS4WHmO4^z9P*3e< z(X%v>ctYugUwckVBO1SmEdDaMk{^>El7QX-H6O_=U^hoIk~nabAFX(Tx5wCGyhxHC zS4m2!9PlL_%*!z{(C5A0k8Ortm5dbV1L{vHxBg~A7t56Yl1%WzLzUcK$JRdcmUUK3 zR50v$DJx4E@-RJ|dJe)I<%(n(d3430^THlr9(hND<=G0bqO<6#z0qsWCwa@zKc6^S z8T1JA3s%56C&IGwTU}=s4L2%7GWB{*J8#XHJJD4ScG0>v61!^0`}%xH9=wtMEC!V*4RUGMEl&)r z7VAC9@kQn&%_!se_t?@QI3cbEwq{>$i4Hm<2(JnzPfr z7g~dW&PGnpjE{*qQ}Ixogn2S}(ef@mf1pV(Uv+mscd64cfw{!Z z2PdrUD4=y^`7mZIb`omXbP59v$s6fSg6_v{mj-TH9Qh! zr$oh+Mh!Qzw4y1LQz9oz^#?QQ%o7WLbQ$;s#2ajTF+ior46Cl2cMnjUuWUzius1dw%PeRKu0^TY-}g$2j}@GPMbDrse>48 zc954@*d9pAxAv5QwQaL!Vaa3lw(y$VoWw^Ae4G)TRRRn}kqVCM?>`2=EaY7=3woU>E`!OYE6h~ttUAjTKI{dx)#iOIRdql+BR54u{M^Tadkbq0ICIPD6GF4H^Vsnxcx^N4ezsyBm7->33wbVHe^ z@lRV$8&fsk_BAGq3>d2y`Dik+>EPvld;@loG*MQaW2b<=2>q@YhkmCsQCk4|Q7xWs zr_wMEk8|CsLY+~r5e+bud7RR7S?;jPbZ?DWSHd&PSyH2|$I{6E>=$dje9@;iAEb~p zOEk5@CJr`j&H^GJ8 zvY|b_j43VeT8@5C8KgZ_KPD=5-HM#g3mY+oy=Y4_uurHbPrsMw$jUt{Pz(ifrt|v4 zX@|)xXb0!!HaX+Laqk8$F%Jc#V?l;zt7#iceS4Q`9G>6NtgEF;n_#vC-q+I|aI!9P zCIg1NrqL|sE~!F)yn-LgID^KOHnP||F{y5Ka4i!H%?b(nZK=JC6y#QS1is-5b90bJ z&8|2t7n|S^Ri%Hg2YWM*_HkeL|JomN0=N`O`J~%=CN|xL)Z59dbX`r zH1`W}Av2(LDjFtBqE^_#EvwJ-9I;SX>jw}_9o6SpJSRz>lRydmDce;1hm)GHSFcfu z5guJRzkT5Zm|gwea)MB8NOdz2SC6#!da$PtzE%8MUz~m{V~$Se16?gPrOGdxDK>-Sj)8zhQ^I0-?`vpS(>tJ z*75Sw0NF+-o7$SV5~b{wp~IDDE+a(KzKvWJ%U6@i+868*zzCk5lDVidsoB=VXdA24 zWD5%&hSSN&Uv>_89D@$owLA6#YrX%zT&Ij0%zpsw0BM5$MUd)!9gHI7^M{{#gNY2< z5yQ4EC$qt3O1(|C@7Ol5!`5#7 zv1{`xjdSZQHYhY?b6av8Y2feK@9i)F7)Z=-^W@3v52}-=0igbEsuY=}4&%pG z_Ai5?l2IVewqdysb5~-2Dzq&rEq>c^B3toZ0C=HpEupkXe)#qA58C))iCk!M5o|w=YQstbK0)0}Gtrd+uQyjq&P0wRyhcOl{9S z{a(?>tj=OtxWe7onl^NW}6tG>ndjsmkX+NcqV>Zc1ZImKg{|(I>76 z{Na|(rYN*Iyfi}I{#T!Ao;0_#QEl%l*Y{6&NpPbt+}t8^w&weUF(%$czhai=se}!n zUwy2uFxtp184HRWyC%IXBk$%y46lYi67LuT)FSfmx&%*gE8$+njjbghxdAHIH}CAa z-v|x6W5xURQ*X@RsUzkaG#~;XyfQ&gub_QFzrD5%cS&P_Qan*Oi;E@;_IvvmyA=VX z$b$4gRT_6@4axy~3To@vLa#*Ou%&2R4+7|;$%M)?s8VOJYwm(&1*o^2z6sopAx zJ*8f5ff~J<9qNF5uxplI;0N2&DE(*M1jGKt^O3SFzb(rH2B>4vQiV$GR;(?e&4m^D zj-_lxgO)FO()B8oF_y%?mg=21*_9D%jjrLE@X0CM_);cKQ6*oW?*JQJmjdTqdx|vc zxe3t?yBFg6s44BULdf@4&PI!O)3HptO1kNUztEh?DU>;^r*B>VQ{lEcCfpc1UYZoO zhh{f)FAGuMkIAs2fxDNGlXD)V?^FG8 zCvjX86<%ZE_EM~+_C7BX#18GdoGDej&!flC++iqfW#>BwKS?oTBiXO$tc9!a)0&)g zy0~b0zfAQFFkb`=v-L86(1drU7SOM}_%ulm`|c8$mLIjp%vPu;mjQw*iORw|CbfVw7 zPUe?6lL0Ci#%b{G30{b$DRyjGwXK;E7(7&Wt7j$1t+86w4(j|4a)5Q;V@q)K#mofm zZ`SV%liI7jznk-W+MhM}DiKHvsDZe&wciIV#`-%t4rW`2nvCS>2aRCj;S*nH4|CI6 z&Ic^s%fl{=<&2CKsUEMry?(iR&qvm!?B&T=Ksfhd+rq5D_NUHK$z1(s8}WPJE+h}N zj82&g_^tGxv-M;LU0=>&^AquJ;#?zJzx~5AW!baQbN?t{-66#GNa`)Gl*B@ZM)1#9 zYn&ow`kiDYiqsl&mKxB26+ts_O9p31KFJW&>xeEa&OBXr$dRj?DNMS8yw~auP?f3` zF@6$;Y0CseV&>^W026DOl~%4jU9+_fDIz!W#;3$Sl)1s< za3f1A*J%gkgg)iNmZE*@VMpGm%3dFEh+NQ-@Bx~ApM3%PI2(I!#4|m9U7+weW`423 z)fu!W1R8Rdq4|9m571!qAAinB7!3?51l+cObtK zE*=*~0n*^rn}~pp7e*ODxs)`Mw~IgigLD>gK4$!@K7&etBtT7;$>-j;jLk-*3&xcV zf?XH+xv&=lU%7Fd?TwUyMse#Q?f9mQ$D#l3%97Wn&?n+kUhIoWqPVAyWaDlxgi@8E zWcIdjGJ@$D)5fTQuI(&r2c(I~>Kt>GotQnI?bWt6R6QQl>rs^SOU0@<>U&HxzuysU zjON7_4zK7oP%U$)_AMgL-YJcyS4w+-A>2WE7)6jFb$~C~eTXN9-dP-rtfoqjkRc`( z-F6nJ@t(b%ESy{*OZ)+J{(ehAxVox#HHXPa)x{O}GLkJivW5;wTXN@~I?ey>EMn6@-H@C?P?wXR$tZ%VY!eX+){AtzwZ10XTn56l1SJcQcu@8r zt;FJC=>h!`d~2A~FSBOE_h#YraoE3;t%t+n>MZGicidK1l59|{^#bKskSw++w}SkVfiZqytHmvRu76WV)ME|A!VqnOt-}df0!b+<6KU zldS5`c3&=FvvI}1E)D7?RDR_^NF6-@GXwK}CtH%}I3lbcavOUF9!qrY153X~-(!s? zERwJdkUs8tnLn!k*MmKxxoOg$nl1b-Zw`Z=zrYt*XH#SdC!6J)DNeUq>+6=&9`6({a zr%4bC$E>Kq818Vzr$DJtWJG0x*%OH^nwA?=@oSQ?u$J-%v;4Vte#fe&eV?AYAr07C z>jshd@h8GupOT05u{%M)^r8&928&hwZWo@V3k!R3btcnO5zLC|;Xbq6U74w?R2gq^ zRrOFCTm$8hkBm1<$tGIb==5Z0q4U*?HQ;Z(6Hts`WfZ$~C>oe8n59M~|7el9gHAL8 zc2j0x8>D&$*z3iUWUD{>WoL5S0`@ozGwd@+Rha{cBY9NcVr*aUL(-Xt0LfRx!ez_! zLW&{xOWO7g^FncmhuXm&{;dVNI^DccoA$7i73i!ak$_rF+*57SS1@|mzdrLO>Y~>0 z@8iZ>{sw<6|Fa#CF*o*39gb726}yxc`5Aw-$+MJdug$pS9WOQHaGMW$N@p6O__S#> zG)N9!_Jb`I41B}uDYavIz$ZoM`{l2uXMGgE*&cCgFjE2Q5A-$H;w-vXOeIpBwsCWH zNccZeekfu#qUNxB!uC65i!sXLqnv3^@@NG*ok9(UA~s0?-dt4W)U;6@6c0QRWx%ajIb0GLzQymafTRT%rtp z&&yX;@J-y(f*vi8)AOfaP)U}^U`);Ny&2bv0VzF=cOahlGwG z%joj+ve~!CBw5xDyPqO)PGE|=M)kfxi-5RJsM4~IY}xYyY*4`exQ<=Z4~t&wigAyyaNR~**V|6ecHZcxWY%MWJb*)MvBOJ*dC`N>60 zPcYA*JbOJ4cZy435Es|FQ$Ff$cJT}EOB`zd?3YK#-BHFn`AL&1EN_5`XM!F2i?JM=3m7kbQYh}s-`VB zPLL1sU3*G#!93qAdoZeY(A)T~d6VwcJFeaA3B?0r?q1sR>Q115ssxSDj>N9lz9n8BUDbs&oS!*Z%zqDA>=<`YHV_O-v+GYCMo|fj zQv~%Rp>*+_=lTxSrs6ZIu0zH-^!yNGv>OyZ*WPs(6Go!;-)himfzpfwv z3cqdnZVZ$N&tC4P(6{OZlqcm2ue^N0^ChdV&H_|=^9r=%n~H@`7Ew`%FG4N`JA|)* z{teYMP%(Bx>=@WA?67{!P(f1HIr!IQiSF7pc+I(vTdc-7V| zW=rgU1NK>kY_5C%SI?VH=Bu&oJp zJkj|b+6}&PRfzmU#kMh93bfaH=WhR1OJUu4oUrLd87B{nN!lt7k`OxSxipCT2&Ab*IL2 znMLk9UHnw<&Y>s>P~$q9c6-c@m&G>ZPx;6~a8-Nnr@W)>F0<999W~{*>RYOow1~@Z z3|TK8ARvMr8uiEL$1LvsFRhF|+HTPZVu%7ii6wmz4KLj7 zL@K@t>rM9sNZ{!e!(h{Q*-cdkZ;5qVtk2`Y{c{&)tU-%eIt)Tl$GS9QbF?CeB_8EecFe4pt_(iMa2|xRgR!i>YIicQr|oV#mue-Q82&zWA{LyGe3qh*2fe%&+giAMn!K{4bn};COWbZLlLEGpj{8q!M zo`)%-yyIb4$T|KlbY&32p*|P@y;R>TlLV=xd~qAXT9RLL+?huvc{3({IktGdOM9w^ zN(w|2`w^PqDZmp4{e8Vv>s4fd9)0`;=qrG>-fOu63G2DXdwQDrg#wFuivE%y4LjjR z76sFQYwC!FpR)6OWBSs1W9D!+z`kxiOPVEXi7Y7@H`!m5gPS)1eBsBDc+319nvG+nIK2Pw>3 zg*w4bpj%6jwyV&O3i4vm_X{XPMesYZ4K>Ycs+VOKj!q^7b6RnBwHABF>;(Hyl)(f# z)hO*TxO4qyeyNpWFJpvur>VpSaSVR|e`o2Se^XEw^_hMzf4QkQ=a@J#rBwDoeHGWQ+j-oR zmqm)jpBA8vlNow_KcGy&HYsb1Z?KH!vetd>tp(k71$9lVvV)fs>cDP-0-+(_>OWNF z?H9Gk!l&^}uH){~G%c(B6-?TW96!((49x?jRi>OQgu~>MSZmttwrt`;Y4#1-J2yC{ zC!Jx3{I%`zZ4+%jD2Nb)crPIX?{09{2|1>SL~paW7t1P$9x-!9)Ur(2744taIT1Gf zs>Lj?Srx3K*)sZb@A{WQwjVXAQUM0ID&R?5TrE=t8CC+E<@Tmw@eab~RK=YMW1+nw z!cEk;Wv8g-w$T%NDUVNe{?H%>_|0{)zH7zF{M!aPi+?Y$+q)%IU7KSp^xr5j>L>6o z6w@Ezq@)V|8-F`ds@_RH*_gZpw#W$3zF!jG*$BM?L)$v9wH*^IKL4$hf!!OpR#O0Z z61^`B>RNZy!MZJWF)B~16X>+{JEh>m;-wqJx-bnN7xjb*tyq{DL#g!Qlr`xwdr!=k z?)M|~Kj)2(6%GA__3FdnymBApxh*pjjctwJ1)9&T!=WELt8cv10)nR}zuOFZC9CU$ zwnx+$9dN^vRLVL;zQmgh4*)Mk%$BCH13S06q0DGd*%+q2`&^+{~C#|>L zkVz8<+yDDpp$L>79`t%P{WCx2d_>6EeYD#-Nh4<*kS{M))x)t&2|n1 zKX-}(?Nu)Y)6CqAXo z7mhZl^B z7#=Bl>!?U>tJi^k=;$V9z>2>~BG>7vH2ST_5sy#R4oD|+qLjjHq8>; zaYQAa+*3Wg)H&A@QhIdmB~`jnP?_n@!0OQ&l76omEt@`*zBKj8R`iCteSj44vbXB_ z=(IY3usX~0OMGdYo1*R!7$&bbjwi)$_-uB6Q0;1A<}Bg%E{{t(a8avD!se`TZ^56t zpw)Y}LfJe+Yjo{w-CuAbP_}M%Y=>-z!#CYu6n+gkY-M$oO4s~+#EtKZ*Ybrrf&Nt@ zcCrCJm^NFod-~j^+@KuH3zKrLEYl~e5H_2MyxWn;8p>-U!h<^tn^rKx6fVA60b`BUL!DfvnU5dUHqoK4Raa??=6KC z(g5%{Ex6KnYr<7{B(-f|&19|kVF_P1!-o;-aYqF9qz9Sxp+wjVU$ zaLN`hCRutk0w2%AC$B;yVma-x+px(D5VDKgN_M_1xBU~iPF|hD*^E#eX6R2)Gu0ad zf`%^Xe};f#dwCbl3lTe{g}WfIH}K)1`Qd8GY0Iz>hEo^z@*!B>QG&WK0g_mODLiB` zmlev0KU-Y2HcPYg3|N~H@Vv(lJ6UHu9)F&?(W;FN(=1SZ(>*NDskV9N&iq(-gOsB^ z5u>@N>sizV4`}Eu_o)!25tm<@Hd=6l#f6q5I(>H0KP1$}Cf8r{^heV79@uD2c)*z&SXa=|?8}uQ-*IkRPSx`AzT~G;h?bH>?L8eXs46(R zFwSg<+0AYApcK|AgLzSHGE^h+AB5Qhf*^Ofz= zHeA`UjXFEu>-g}&VP$PLCuN=NkR*k&oo5`R&Re4EQu1bHhhpo>N?Ln^qVN-Z1Iu$q zlB^RpGWRPeVR+(l%B*^Oo{!^wEQ4>{L+qV{j&Y2)*zqcIHu6<@L*WWQbi_YN7H@;4 zkw!5k9l8EXUBLCIw?2=4ni@9^1dpY^4#AB4eMXY25k$SPdYhZNyVRPozv*{D(P~4)Q3pTK*!Dr8I-zYTP-nhF6IfW*Cw5`!mmTPWl+D|GpHcoZ7 z9>>sIRUC4=Y@R>s7Sy%7MC?{){X}|O1kl+uGAa^ZJT4foVUHK4VDf>Gl9<`I68)jC zz?v;GelX@~wg_z4_8O{&+cLbwp=?&g9Drsn9zpXyt(;yhvEvtgzreqk9ZR1st%&9A z17@KwnKV|=CB@4ENj`K41I_q)76iDLgYhKw_(hE|M($Wece6s*l1QUQ<`5e^yM3XR(E~G3zpj7h(4I(2!dX z-J(~>{;Lw_Lhyj^Z`3BMD-hxtDEWEeZ~PY@a<&#h=ps&R{Gi!*5~p2cMC{>uQPw1F zi>1>ktp&e((>i!36a*(qQN`RGPo31Zd%T z;mP8tS_2ByR=l2 zqEg@^2(J{hmCCRaVRp%K;+7v?ImS<5of#mUMXyNtkM_{7yN8nhyl-)ybQN?#hvt%?OvmUbsbX@H%VA!gZF#?;Fy zYpcf=c?n%dwd)>Rn4%0+uBFuVXq*$(GJ|s#PDVbfVilMZ_81E$4#DoiDZYTAgf{-T zjiaPS%MXeYoqtGd=Cb^gz%Bf@WVn)a#L@Dev4E=>@o|pp+O++yf!g`e_qyi7i079D zIpH1S&x*14bRV?v1UtGslF&gZrqxbI^vBFa#G*f{t}m$D z(e#9}5WB6wMt)G=Bt*mWdjycw>AkXPGrCn0(cCukiC(#0#ec9YfXigy`}E*XoY(y^ zA%nNBo8^mB#e1yl4wgR;42Uj4-L$4+-$C^CVx}53+t$LuUi(hse!6p5>*KH)c>!}_ zXy3O-l?+Q>=S@g^LC46baWB~D-8Wcq4>jNU zlmGsbPpmj~iQpX_S=mwy*7+#b6;12SA!n~$#n`iXg~ZxY`LC_CYd)31bd2f+Er~G3 z2&L@r)X+5;{s!01P8n$&PZ9GG0*peq75l)Df?M);&;DTC)PfL_!&#>wZAo(LHKA ze~1jyZeG9VmSSRY*^;3g`rfpZn0+L#B^C+2tlGog302cB?NUa*!?<2%t-ru`F>yvl zG0bTae=sAd4>sB8)?Gb3J!q%zsc0727DVPCkZYIFN|k0Cu__D-euN4seYSNvwE&$FCqFK@D0V8hKT{Qa>M?EMw`#lxJji#Ao(vV>_OwH zU|w4LmQ-(UaVaE8?mkv>ZkkvzU{IW!up+(mc%|WuU!@|#WAJpPxZ7@}J)977FA?;! z=NCmF(#W4O0IAC6=l?3vU+4_|I^g?Ebs_cJ1ev}Lpkg+0;~g{iTL3bR=^qXn7P>p$ z@=HM3F%nBjmK#@bHOv4~G?k8d!)w-?&ZL0uLGD2$u!B-?K?A?9%-U+B9HtKI)0}2t zeRRMrO>UYEQ{kVf7pE}Ldqab^N9I~lz`{TSs3zTX`K4N>k~A@2a@0Q-`Of`L(lDgM z&Y@g}B6apuug;R}I|0?t>b+P=G(GC2DLbO80mo11O zUhu2zbObjy$lie`1G(VvtZBSor{Cl80zgKc7Vvv_eC(4jlVXak0C4cAb5A`maw=KQLhn@_%ICwW7 zp+zD+FCSRQ158)axBX`A*JbQYSp%IznTuK7wlnTPCyUV$aTf8fzl3i5=|~$9nd!41 zh$YrCpsN7q$N5i<=0Ek>c?;uLrI%WhM{8BO6IF}PtEQ1v%B9}S?Df0aG(%e2M3yBl z2Up)2syf{bU+hD5G4Std@_h7rLBnj!Yk0dXYl+e^zWj5Wdr?r=czZ#G9Z^{$^w4gO zIv5ab6TOU}hUIUf2zwmuE&_eX$RqORff9`b-ai#;`&x%{{+m&cM+tQWU?uwOpLigd zR5d-QyIvZ>&EFXuL-4k|FsB68>M6TZwt)Vl0MyZ0|0TXDjFDLR``?>E&j)4zX;_ft z&eQ^FA))#^K|4rymf{s;VbbbHAcDSQ7I0btg3>nSM&k>2@cWAw@0abT1AAH`=7k>M zN-b<)0(5rUT^7j;nY)Y@4;s~}Lg*RZijuBdfuO~xp<|%|evc+Sj8R>uPb#O#nEUPa zHWodZ*81mZ?zzWXG(|g3s$)2K=m&uJJb^c4*a3Xn2i3%;*<76#>pF5nVQ-BVIVwgH zCc^wGebCm_$`?7TD4Ku9E%)nJc9tA_MO@ce`xK8yYRPPI3>R>9Pky-#JG=3OE3 znd`m7dAKSaUUKmw2IuSGRR6bGqMRaan+?Ya<}OsezCe3ydNY>!73r&_DIgF213)s~ z_)t!tDZjHZ9P)B}g}ySz{gV=F>rshGTj!*#x$VmHjq3fd?d1zqF0&)N?dL+c|QUqh(( zqTaWK`Ui4-WW?0Bw`5G}2A@iNwLrqP+SAL=1R*Z_zbtMd*HQyFwpm-5p_e^*{}$?j z`7n;BgG|Nywb1fv1jw@Q+E{%AfCw(w1LoX5l|Y!CQ9b`gxb#S$gV37O2z}9_>4lyH zpRCI>-eCA7NtG&yqPJQx;wFsxUb^l7oK7AUnF`R=9{`UuW=~S!@hbTfd89RPBDBOs z970D)Ngb8U7xG%gt9s1gswse;=Nut?zW%XS0L#2o^8Qw?a;PxnB=5kzSYl=0ZtRQB zvkwu=dyNf@q5zzrGrvw0^jPZ1#fPWdS0Ws*K%Q$PHc!+?-1=es<1yOh)QGu(B4I@d`=7Fm?!DX0)|mM9Nu!k2 z?O?oF$j(k3H1`bmaC+=Q|A^frL+^BVyWSI`&1Po;Q13@xwV_bjx z!1ZnNDtF1kLO`Spr6z>eSxSVlAuK1CHIyhlDy%4Rth2S)y_Lm{og)lp$yRlc0fGt* zB8sE6G~);jvKrnS{nLJ%yC*5qSvAFJfc*Z4zCDL^I;-1D)<i4iKHv3FC@l0diO-PuWr%6$8dH#luT?qn{Y|Gany3sqY+ExnpP~o`E!sj{opw zKztg7_m5}YA6Z@7fo{WkxM$jgR11M;``VCz4+7apLYF>5$=i17whtX7)@pE|taho{n<`wcPT64Qky_WMfgnEk z#H$?f&fckDOw0xYl4>;nvldofbD=#kdAs({tAI!lAMJ~~9F)YAC!U9TBrTuB)j(aHRG)~&MWM!p-N@asPrlf`oROSwnq9AUR3NGM^ zq6p~kqUZZO_sl)7-@pEKd0t%Sd7Q`b`Mf{o!LMk5yy{fKcD|7e>!$W&b8|h8f)$*N zUV)wy1yqHpW5kBKzoMJG`^vTe0<^l2mB4pF2Eh?Z6^|X^oeq$hroEewcCG-vqNbF@ zHLcB0F}q`DXj4C$S&`2uHszZebc>NAFj;4_3f^vL(IK6@t^U1ta|04GI#4(~{cKTt zMsk-r$_>4A48(+Nx>|G&iME{k22+>wt?}6T{y- zO%4X1d&p(TdjVK~MM4}iTE;G69r?a={sL{{LhWmOj=|8RiPUaw>*jUTqZsAH&gKQ> zq9s6sGu-$z6umf@w7~luYKh?H${QKFa~BQmHt=s~@(rWgC=k`e zDE^-4k7t{tjTKX_1tP3xW$gUrRhTBXKViKedoxR)#Qbyp1&mZ)M(;Vf|D<{FiEG^Z zUz@8B1Px-a{K|E?+rO*n5+I+6lhb#1y&-XRKD1h80vH&zEA@Pon4z&wf!HIuXL|OP zT!r$qj~I%gqzS)#1(QHvk>&BKn2lS2pgd;nzLxBM1&^zR$eo3}Ep>Gfsr2e?%nP7A zX8hHW-`gi|19*OfYJUqwS*2wLm*%Qx)P8IuHW@!{9bHY_Ts0)hMYK7QrV58&FW8w@ z(Z~tl)o>p5y@0cI-pijEu0IQ5YL2D4?Nz)pQ@k^`CZImLj4weIpS1XRny;3|4+Dw4 zfCerm+Z2;gu5ur=Rne!?Xo1#x-m&9jpKGD`SnXh_7iw$?-saluo%GnHoHym3W^J>n zQq_6Gdm%Ldy6f`Q%=)$4MAqq}r}!#ioO2~eRKLLkY66m+161nGD$tuDm*t{Xdu>DA zEAgEP_T7_h{l+QL=J}LiJ1N|*c6wIn_*HCGHKh7>T*K}bggxSVLgkyp*6T=^7^9Ka zpU|2y^G|D3WI~2w;w5nc=DS?c4`TqLjrd-EVxdGwV3FFDY2!=%kGxCuGP_e|^-Cf8 z$MwF+n5dYBn4Ekx2h_x2nIZBm|Bjn?UQx5*=vGAORzkL>W$>1BGQKmXsH3jAF15V^ zz3;uuKF%KgE%~uyS-jKGND4j_?=xo{T}R46Fzt2{ebgM&z4_}LZ)mkA1wk0FZLK)` zS>C>p-*kISd|r63D}g%di`R__-gQ9|wqE*WaQLxlD+@8?-m?-O)s(h27Ed34@w?xEnd-5B{NZ>BksDAUD=Ilrn{*CUa zV*2DSMTU8-!FH{QbBT85V|?3tL~4Vm7eDN%vRVSq-<+Ma;TkAoS4+Wq zBjHE*>G79v`5t*eFom6>+0KUcgq#%pGCy24Va72@7&8fVz8YIoUv^o|q9IFNpUx5f zObQMR>}651I_^wcj~7Pb-ApB~eh=u@*?>O3#*>9Q4V{CLbHRz#*a{HJa&|s(@F{)s z5N-d)u*Ln2&JAT&kr6)=<17B_T9J=x2mKJ}AK3b|^*8mi8DAAT6o3d;QrnHn+v}=o zaIL#fCHYQC+yDwf9p~>vI(0V3x%YV%A%MEO#cEF^i)ox^op@T-fwk$z=&`l@)Vc$^C^LjxT}8%u?(!du7ZS08lOM8<~Ei?u4_1_~3TON>(qCp-0Xb+h_E z-n&%QSo+a$b374?HKp`G4uF3K9F({Q_MYWrYsV&!t61)pQ7k-x?^f_~)w1lMZ!Llu z9Q((wqw=IP9wD-UvL7|Nbtf`%PzxSq*P^7YHd+`ykZbKI4bXUbh23b-f`kL20_*AR zY`{NP>u^G(!+n_|>r^OReWSm~Kf}pu1pn6|s-;bh*J48Sw=*^S%7e~o7@deMjZ^S5 zrF(SCmH*JPHurbT$Pj+mS8}`ejo%ZSM2(Y~t$GGMF{@8kgL{#ZRF6jg_}_+%1`XU- z&&jZg5#JI#8K&$9gch3DtkXQS1HVt*pY7PyRCIYqU!ib1&Iv0tLxlHVV$J~Il1(Mt z+wMC7xy`?1)sltjt}@{GQ)|htC!)I@`7*t^^2>=aa%w#z(l9b?cFu2}afQAvja$|~ z>^jgOVN+$P&(4S>+^1VTCs$nt#u$`f22_=2LcZN(s2<5JUK?%uiBuJL33r3eMYW>v zSCjTOZ5!Z0$_07IRnMrasAlA|Gp5~&Po)^ZySU%NNBgCj<055|O6byx4+yiXRm7$Y9bkL$g;O^$%J&%Ib-JlGD_^sM!Fi65A+bTvo3nBSXhoaeX( z@#h5v-ejx3!pQ6*;YD*czkrT<+?_DUOUp9tyzz9citAxAbvoPk#LH;MF@{A5Xna1> zDEBRAw5Hu49tUy3NXirExljN^KFihyd&US$!knzHwWX(x-CxPw%?FBix;999LM$4Z ztY+CYAg&b=5~h)ifI|R?#~v3oAyrT+q*1(gv|O!f>mVkJ|LLzMIQ3)eX`gwOp{OAk z3RnV8J~jR+W2*?T16n@lc0%ATsgYLFL6X^y&67*Vu4YgJ`nOas<)GSM{ysKQV=c#Afq$*AjBBC(zOMP!Zl=O^> zGA+8HudsGUzK32F9jPucK!N2=YZRnz< z0;8=%V{jqU5D=c%n+yF1=I4ulT&Eefw40Fj;yf7YIH-oK?4UfL11MVW6OhLQzfWBE zPG|=1cBz@&qYQP~+s4c!oy55_9ND1#hJTK=cL06z1?y8i5Ka5n|AV%dZXf;J%?BxSmXefa>JY}@`2X&qTa zl%?H_I(E^?JfVg^QgUc6FJtVnb*^&n1j6b-Ho>$MbpjRPymliI_j9l3b>9j%-vC|j z=`zUX(u1Nd=}E(DS!G$wzGpZZqFS*%;ZRJBMtnPH{6^~;aP_f-jWHc?SYgvCiA{ju z2e4%WHj8BgnkC(vjaL4NJE@v@j$x^R=6jEG-Lm}ch@6iD7UNUZ`5Ibs#Wcjfmu0-u zbHjn5ZkWo>kxKF$P~eH{l$1vN0MgyL(y^eBAgj#F5v?6O>i2xt9l_J}THs#jtuUOrq z(H#gO$R+iGrfiV)T6PeL)T$=KhOdfn-GEHkv6C$+3m1jvx5}-oV(BHcO4-iSMKQOzr5nTxEg&s5sV98^KY$C ze`K$iQL_d1l~PbD+{s#wo&`kdA&idH8^yN1wGPxye)^K7R%#0ghq<4~{kmhRDm#(m z-R+s3gCn=RFmsSjR;S#O?2V7Fo;kgOAnbMb7*@br|2#qf?5u{h_wKa*$ow{AYad|H zD_#URKOo4#wRwUc1e|&XCbp%7SBE9<(`g7o6`NQC*hXx1J~Y4R!N@S2gU<`&2Hhin zt=B9+*Rsx-@ctKFm|A zPs0=b5QMMvo5C$n&a@<-p}TId&ki!-A)YDC4P~(YP%s5A>x9Hmpyy~Qp#Uf9du6hZaf!w;7^jvs0V{3dy z>hc7{3{iN{FeU@93xZ!42AO(T+2^zCq8}k!;qJHzNMJB|faP;22E^dSR4nnh2e^#| z=fX&4bB{c-Ypha1r~-5U0FMyiOwdbExg;aVBX43VeL^Frk%wUgJ^4=N{wGX2ww7b7qEoCud% zW{lN^zFlA0Z%G1 zfnBunD(FQed0AF(z&kj^J(UZ}Apdw^lK;{y6U5pRz+31r9w|qz-ws{Z1x4yeLG*2( zY-HI*3Yj@F_MrB7G~~eqwRRXmhDsvKu~FhahSVkieyHr?BMk6Zcp1P2iEvoBzGP z7~V^KRO*&>yRr2v%XWYMt)ADNTp!7=m8U2-uH*@q<|N+SiSsb_o$|Golfm!)Ff$nl zp1c3p1c%Izm}tm+Y`|eBkjpC9DkL3Gd?!ylUrBFivx(jj|5A0e>N__HH8Mw0lkYB*9$Ffwi`~!w2$Dp>1aPX`n|RWK4P2dk>1oqoqvQ8ioF6nDtG}f#l*;u1T^Py=Cuij4UiJwRq^bU=(v}~ zK@Sbw*$#V`OkL z?=C0=p-=YY6Lj>jFDtjSz{5taThl3=mOsh>ZCZ~FeUj%&pK;zj5u6hz3J!!-fD^;( z&E1o+?WED8B&tojg}l4qs5Lm>Q_->E)yaoZn zsOd`H>P9~&KOZ6<_)#S6zQLmJIaF(DX$=>K;4Yy>WY?7;?Lvw9x>G0DvNS`Z+R^Gh zbA7ESZDxNZ=W9%jk#}VHY#PC7_~Q`=WC2D9TvBFVu5t z&y9cc+~MDOoUluGXKR7(t|)Oi#jIdYOJ&J}jQyF^Q_KnR_dFlMjeJA=jS$AQES`t^FkPNW zlKHmN_Phja8Z)1=l?hKJH^Fv}@sXGtnNrDiFdbJr(LWd+f?#8K0T$!-+haPqt`sO~ zkj>?emg7^Y79oHuvU<6L>01_bghYAp80os$=`NPGDj3rbGTdfcf{c;c9m2uwBE^U8 zsJ|VFu-fi-H?w_XhMyMqfb@1GJKV)-+(+Y4mnYo!UZeClT_`Bm5u8AX$6VxMDf8PC zk4%RA-}v0a7(~{B2myy&;sctq6)*6*5zlo~*-*Yx7c1zj{TAl{mX5kG$iH8!kl5Fr z>(0d5#TrxvKT+4`FFEP({SKdoxvb;UTgFLrvl+*RR9hmvh`&F z^QHd-NAr$yx9tnOEYs?5kzp|33E34buT^UGd2^&ulN&Q2O6E*Ze5g4d>k>%}su!10 zo1!fzEvGf)t&hqIam2&`?}|VYr5nNF7%BG=pv5lX9f)%D@$pIftIWW#m!S5ClQ8iN zez6Zl)Zm?8LBhkD>OekQ&E;05x!rN=my00yE(;tbEbP@)*045`3>tq}_h0@X7{IMz zX6SCG=z#QeIFJKgS=_#y*hAgIZNats=>EobB^_t9>N#)21}SeDS8LE>)et5JHH%0pE5C)wL%r=YP|fKmp-DCb&!asg!t5Q-okCx}C6DAbp4Wm&3Y-4~d|9E&Xo%|)qmxf?K${T0^U|KISq+K9yv(N{= z@WZ3Slp8?zSmf{|6BjLpOA?%^+WFrfs03(ApDODoj<+giOQ#JmGp1RpXdUO0Kp z;JzTs&>K~YyDH`Ruir(^TZ2{|WL9?7md6k=GQHsASppOc{lcQpw$ir!L4MpMubgcZ zAAYf1Oz6qI;o=HCytR|ffD$ndcO7GV<^O$-d)zaW5i_<0KIy|2-#7zH`f^6))DWnR+0OwX*Jmof4xEFs^_UpZ)Lt}cp7Z!+7{Anq8v>-UFKooH$ z8$!}AtyuAcWj#g@x=eMZhU zR)ZTOJRf?t{(Oz@*z76}ft}5u^4o@n#4De4e`RjOJ+gZb=hx(5x}q=X3y3xI<0Shk zJ^5h!y0=qk0r#tb$PuJFWha=G;3Vz}@)gVU8_oZGbOFgtbsHD_mL39BV2qSP#C=YU zE*#k<5x_PCL$9mbW4(@XjcKa%>i42S8B7(~bl%j&QkCXJe%Np+Y5XWqC41_q-GmK-$}K zJb3hMI3r^WSyxx2?R}3UDA34X@-S@IJA_0{m^>M#XeRW3(;@rAV(B1(c`$%oUk^xQ zobKFrjL3~P&(cY`mrtc!HuH=LkTmwQZQ#jG^=o&pnC48ke?L-g zpN`Fl%8H7ww&=ST`~x>RVckSzlMfPF(Pz-U`7P$vxiLH9sntOYufde)70CZRs4SQ2 zz%y=3|I>ioW2+XX-M%(4Wf)KrSwHl##;C%aZUOmDN`s7XV5+q-Von#|G#e7`OYAE& zsHspz@a**iVw^%m+w?O8CeX#-hmfOd>8!PMqglBD-x{)Jkes;cH>9UXbkFPgnxLU> z_zoQ<-VfiwJ3yd8JcA<`w_0vc!eRy{lMn%VvH-Y-T!)*`eaKa=EM%Mu6P8)R!@7-A zwZ%x?saOSCueXBR zQ;zy%&HNBqyARySt-mG(8Vl z82h?eUsDC;)-uCQUjQg5pVO=fjjh4=6FZBrojr4d&1`@g)tptZ{GxC~pm?LDc+(Rc z9)fHDK0NK<(}6z+4n8F%=jMaBKv9v4S`?1>56HPbCnw=#%;P4v@@b+goVCnCo`{w( za%4s$k8ZSYE=0dR-3>~h`SF8017 zF$VxLHcNQE76A;{yo=0W8B8osXS%4;(lg2Tl|?7}!@lU42nJ;*(N`|Uuf{ycD`!z` z*rUZ)m&S}Km86-ixwqJSA4aZ`9kjjMCqL3T1(!$NT{-V0R!$Qnp!v$G|2*aY{kDAS z2JD{WY8zI2?6DqD8ebyRwDydPT8=K*uNVZe5?QDA+3AkBFxty|U z$&@g;whUHR4v}@1sS;|GSwyXuW)vCfhU_f#acq4glw_`xdl_n{c= zNkFTTqw)3YH*(`IJ+((|^mfO`J9*YZ0^9X;!NoypF$#82!QBVWz_#|z&q7qN^1|NA zN!cj*S!j;1p%{D9I+FOWAn(EL)gk%%OFNp|i*P55hRFI4Ee2d4F2YgyVR_8TwU@EX z(ye3axlL~YUruARB{D(ezemuCsH|*N_cRyk-eQw%rQvRr${yOhIZWD~Ne2Iht8#O> zn+v7uP|lcajH*xYoGd$AgfDWHkD^IqImo8Z&&hrNr*bKLeDR7PS+@2{Jp8Cu?wNb$&;4;ey=3#4r})qUT)syH$cp zB*c#I^L7rt0#7LJk-ki^6{kCxB+L{6kXtu}q{$q%@FnbLtT_$v%$&E&tRV+7f!y5|{XA^v z(8ab_L}m@u+#kl;o29I=aHV@ja&LA%NGI0hR$#~=yTn@Qa!&Yt`WXYMub~KoONYwO zgGwvsPgAE!t}!jgfL`GTn-xlH?$+t_sQt0rcQ0F^9>_o~sWbyfL0JUuVbffzp_2bx zGPR+)SCo3stHK(CehD(YrqBwdcAdJyQ{g*;nIQ3Gs9v0-BWy&``j4S`^tDVcT3-^zCE<( ztEu${{UeZnldb)xCp}l4U7VSo)>wz`6kJxe3uEr(!J_PD{UQpcq5$J;B33r^PEN{e z!_r|r5Zh_6HNRCTqxrvCMbI9eai@~j#}udLehs`B_iAZ| z*pLNl@L_X8!Gp%NNN4V_XAx{67xMj3@U;BBsSaag%XVnMbkQ+>ak6KoqW{5B>11cY z<^h8Lqr}$W5b~(B`%-%FacjHxM?xnur>!S*Q_A;DyP1l|ktp9hF>-tHGZu=dHqF#{ z2@$9H0?ttXnY6Icp*<~OL>#Tfbbc>5CbC{9_CK3g{FG^;ZJhw3lP1QuNM0uJozttY@afwu3@BSCgS~6)p{{irb_J^Lgi79?3%mu zqRb6*lbj*E9*e0ywrON2Yab{1#wHYGU~G@GX1w?-2g7PU9fF2uHdO=LB z4XKoUR0&Hc;ax18C#cUU#N9E@s4>oIT6G>rY^y>1F$3{hZ#5N4Z0SJfYZ;cR|H%9o z{9(die_v_G4=G`?Ct;SuGgs@ZhSxcDP^<(XM14}BhQpnbe4RD!^GpaDnVy--WoNSH z3DnCVeKsrZ-IMM^TT`uyx~kNu4@@15%d%XTBM&?OeWL+jENF@K4v^TQsu)i&&O+2E_o!UFciO z%bTyEs?=s9f|AAJ8=jG_YL^Qzlau_D5KRA|elEUPIx$DqnB+XI)QKZ6Gy_3ZGix;8 z{I#RltKGiMYxo73&s}t;!qG64xz!2Be1x7NZ4hYF1kJEGHbIjPFr)rQRv9w;N1d!H zzp7MCQV#&oXy7)~l+8QaC#cLxU( zGj97ki76p4&G7Q+2GWit^cr&@l4uyO#@;RU1q8^VtBM)CEWN!F>#mKJAdz!u#q>m8 zIQ~p%l%|t1os}Fq9~Oo{=DW&utgRt2xKs~K$^-N}3&Y6f1iSYs(cynu;51D37`1wH z%K>Jcr0K{4mdD@X4POG%(V!0-O-%Ab<~_!pjF`TufMQ9l&X&xm`80p;LTpKQ+q&Sv zD!}kejKfY&KK@Y>M-%Og|1Dk5H(MfmOX8vJh9I^T za~~Tv=cpu)t@y6F%P~@%J1%?U7f*T+~9`XxOk#e;@t7gTOE-%9J^PKid<)XKm%p4lR2)EdbA+Glo8NeJT zhAh(+6=gSs=Isb&zjd_i3Rf|FIumbfcTJ+n#y{FmL;Vqix$^U5@ml}QTH-Ck z(uVUU3SmPqYH7y1-=;sH#*zCjn#lc!+~d3V8*Rl{yOTMSWm>?7xa+Wkhw`>+HkyIgyhuD+5$;tYRbOi#@^;4{tTORrPG7sV1o+Ivy&no|RN*BiA2W zZ{}9w5lo?2DoMA+b(C)PhYvQ_H&OHCRtN^xCc+Sxy|!Xm+fA#__~_9+Ar%~TtahmW zy=hOsPj~mdh!^%iz{RxdV4B6MEV~YMz;6;2=8~ykGewZubto^J|M3DB;+m{X_`kQ} zQ@2oDWBkN8D^WYIi>}d_0`X>=W&TR6sKP`))sd-)%jvq6Q*9~Br~9l}r0ynS+Xh4_ zG@5&Tf~!7~TTgGMILvG)izd?|ne`JxoBy~{<5Bl4mzwx$G&*`~5E16g!NeXDLcW7GM^Psy?U5A^f->a8 zlh71b`775UeCiGwm{YL4L3J5OUz25CQCA8Uz6qN9SuqwU}K6yLeH|G<&mL6Xnn_HNmu)hez5F<7w^yQ%tz@ z^wvJ2Wp!9VL@mHZ&D|=?t#>wM zFMkQRj2;A3y}{K75Y+w&PyjX#AlyI0wBTQ$eN2>l;bGWSp5_`7$`C z60|V-Z52_);HJJ=r9ed#bHJwK?yG`H(xwF;H>Vu!;<~z|D&eKY2z_&PbK|x8%4KW9 zOr%M<)zlhcx-aOQX1~Y%qRxthtCo1qYi2{hEJCcHCnsdE$*;e zT$tr=%%-STbSOEr&buga6-eQ3mn^AYFhVHs`Z>`~MDY*+G1Ji1@ZG%GHj?MJ_2V}C zC$oT0!7L254)D7>QW6)mHr{eB*Ce(a@vCauj0V(mK3T%8HXpYPc_n=}vnp8r*RMF7 z_3=4b6qOf(F@Fwg#Wm6%eD1GlMcMCrw&uJ%=3@J1QoJzkxr584;uU z38VFU*rTWA!KvsekSLwQ8|dm^ePJcUB)J+PurzR}XgUiQ&+wUm@`EUuHLHJaE{_eS zCuApXjsNnOje)V!@E&wMBl;T3rSG@mPoD%e_)^2Q+lIGZ11=wo0)82PC!lo_H#(^g z{ip`L9-rO1DWxmJQa&r3{ddx-h<4iB{budR<^WAAdv=xeiIM1%2P**c`W9+QSn0N= zB4M{-<}j>y0|QA;8yW>%fC@$n70bHKy0;@{&kGrI-y9>O#>KuYe5`K8Eiv4%ffMWu}%vQjxYLLiH>hi0;e&8pPemd`5c z*_wa0NUB4kyZ0s!%o60GU+6qs{I-l0t%ZXYCv0RaCFdo-F4jCrncpt-Y)j7%!wj)b z1-KiwxITedO6Q^Z!0J)0kkmmVxsFjMvfI&#a^|X&xnKv1++3f-yH<2W=*KbOw47u? z)+Q|;XixCOj@0t9=BY^X=ycehR7)PeCE7Kb8Lp;cO zkn6z(PA3og{2XW0-ut8By-%Tz8CPS^$3-bVJJX^m75#7>s99_FC~mUFClNr2xo z1O_&;ew0<7+%}A~6I8({kdMAk4LrHmS8mBagRMpW1={}YI&yV(p9eu$VqD7o`m>kq zlPbHwoI1dZ-#b{}Nz`g9dFpO=qu3rQGZ-zm|FNCtNz57;l^ zqZA#bRZV-RL98pG=4|pF-h(Ts7{J)P#(W*6R5EV~b#}0kW&{wa9Q9=ch>#`N77y}j zd*rOQk{{&<9|XqJSQ2jXRl(B0&}GN^iGFwTpE{7hjQU8Iw4L7iJHo#2(UjY&?jHPc zNJ69aWwpg5=u}dz;j`+wD$HHc){^#5-9V}rOIHv&Dgx*Twh%{`;QJGmnCTuFwrR(% zmWn5>=biLWaLyL4>yCc7+zk6^Tb;0KJ@{Nz?8wRN{^h zCGl4Loi~gT{XZo5o|5s!%tQsrwdjGk=8GLtiNxuuEeGnc^2EbN8l^6bO)00~DTfp8 zXF-a>cDwqlx4!z;n!Y?eQNUpR1KonW;IaKc9g^q@Xec4#N&fFS0kUhZuvf$r*V4|6 zCU9K0u0ywqB5ohGW~>RoYprdCUxC) z!;yY}o#DewdviWqE7k!-3JzzTi^SwarO0qY0w}Ok;zvY&Lzym2!>8-2OM$aCJ|3TB zP-l_&Nju?FxK9=1CA0+e9nW6Bn3MxzCR-m>o_5cyL>+apRs)C8z|!AboylT`E$!K zOkAyMTYiFVS8JKlJ(<;IIiAx3D(`|5p^33^-ScPFcowXIS#Q^BaCUrW`i6PeE?&yo zxvS6^jzYe@0vRG`@8&0lPnCC2oKuve^$)bl`+HZ0vuv%>aHzSQ}Q8T;0s6RWU1~h$bpAJ_coM3by3$~P~;Q2z)hIt)+QIg2%Gpy8NS(dW5P9* z`38u&u!CY%A+n!{imb#4EO!cx-UGQDd~X2N`DV1(pxH{g!3+@eocsw%FWMU=_<<&j z63(D1zb>(~;=BHfVw>uwR;GJ~e7^MCk+ScskpItbogY3}7$;p?%HGClAp!tKG3!1V zD>y*ub{Od>?}XR0I|XMdJGdllPjZ3ipEiQ*(?101hu;dg<-|vLa=1|G%tA-#CM4NtNc)2Y{CjBs?lr z|1uc*iu2p)jIT~)&c`dJ(_CP?5t+x&aPS-jfT31M!zf&is^pton8|x4!-&Gyq5g=0Pm(D;d@+ zPxwge$Zwv&JA zcmKC|x~P?QO0Z~Ya>OG+%$y#$-FU0z2iiF(e9zJyTSIfn+@(U>{8KH#hSGDK1kS@u zyvAbIOR%SQwX54{?T@ma=|{wn%xvH zCLnz$>1SYUG_D+s)UNf&^=Xzhf}(S?`6I z7(^BZ>XOMn+Nu(n8!Z{k%vafD2b$1ROvLN|@ z5gagbJ(q5oh^o~nzGKsbY0a-z0Jzm|Alda@J>p6PH+trsMw{jPC+Qs&hJRInhZB{_vf5 zz)dRF&<~h`qeXy6(9lXTH@`7g`LAG)sG=mu-% z?UFgA-gxySEhKtg;Ba3%*8Hajw!V>=f!=H*SWEy!y`rlJFvx=F4IN(Dk>6kC-rUsJ zGVe%DqK4V-cTEva>^oA#JIBY*0ZuL0R|=IE@e>$24%P$+5KUT}Q-;byqiM)CXTSNL zxy2OGziDu25s;vxY9kuVMPxVZoh1{>fw=nrCs7>>s7(&m_)22jIJMN8p?((ivLyT+ z=PAWeBQ*eWEENVO*|d}PvZ3B09oO*}q+Z(ZKfu!W@mXkNcdjnwNy)e?V$KR;war^T z)0)mbN7NL2&pwU{c^av$Ci|s4PnH}v+Z7UEEh-^J<$yrZ*R>+dg)*Hp_Y{*(VFw5` z*IT2KX|7V?zHBfZn|c$bA$Vy{;y1R=N-U6VFqa51^5xe{Y$>Oo6G$wm7#8X{YD_ux z=Qvl7)f$JXQ}>M3w2rpr)b#B4l%?_~uNVZl-wPsEtfWsy9{+%Rq>lsrinXIqzxmms zbnyax`9ca1WArv99>|jUTp^`6+Khdhg0z$K=4-64KpviSBY$PC{Zn&?FRfc3@mN)X zTMS2m{;EOHe;UVtLOZq=CUaz_;lD*}E}%1bFU~!&4W3%qQR$Xvsn>3oyON%ta4*;) zoB>8UZH@)M8?a|ir}g{ojhsxKIL_Le6YeFcGOcs0Ga|gScpu`6epFeL!+RL3q1)dx zTz?}I0cDQ)uiy00@6dRaf||^)aJLW3k>J6zIc`W71Yp(lK%h##=7!xIanEydIK4tLS#+tb07NF=j0FCS8F zo{BWTp9t90td)EF(}5vucg{vjKEVA8I4Mt9@koqrFk0D~@NuiADzYzpO*Ol0-sZRP zYqRQ)1}cZWf!|`P$6ilZQ{d=^N|o|S#!B3HFk$-)UPw)&%VRg^KACNdnblfV1_hE5 zM!2|<7_v5fttDk%(LFz`+Y1Dfz-|SEC)`rLvo~0}e{Al~dzIp)VoNBEG;Vhw@E3ZW zd`c_u#`<#1jc@ftfdr4M_wCm`hND(h3gVm3KJt799FYQ;3)(UgCK>L3S$}F*`xj#|v1&O-Mv{;-mpX2CMKw~}xfhG`cw1)b&?D91hQ5oP|TD!l;URXT67 zHYJ=-t;DtFIvEw96POdv)^CL_+#bR@3#VNZ*FU*s#`SS_)(-*U zack9P^6F-8qLOQ<8nQ38k11{ecZ%3GAT(^caO6(&1=xCTbJ&J3%wU$xQ>Z#gpHx|n zJ#$TMch)`qbh=|W+ol`-r;6kid#u(rAd{XusO6H*G9T#ffS`k&u1ym8=$W0`{&%xAW!#fzs&(vS z38QWHa$My3W73&ox4u&y-RZ#u^GJ=FYVc&rVN`oYL{tccK%LZi80%Xdlzgq&KwR0} zC-7!);xUssm@?}ow{)_Zp;}bS@pY(Eua2xx2W%{q_10L#Hn}ymSRh7(iVRFBoby|N zgIpL8X*>yYDNMcj-7 zQD^zkr~7l-kkQHyAAxLYLm<~jvF_La*yx;vYk>XYJIGmo{>L1!H&A{$)Z@VpP_`yI z^;t>ZAR3^Bg-ebZi+Rsmofn^m`}5O-)3U~DL&?tq9#Lurmcb77*oR3WF9=Me*jeHmja}^XJi%Il@KM!O%NCPZJhI%m9i5D zE!ZphQ+orXvRZSC<6NG3>6UH>&fflud7m>_Hagz2;tEim>??MiH+L2(6^-}~B-1V9 zIv82&kkDe$%hZ+R#$0z#r+3gdQQzx6Hjr^&VF9uS#nvAn!-xAi+c~pT_<%ullh$%B z3kwXI`t~%cI)RS~r3Ql4bDQTiTD55lcZL*HfDbgZy@pDXg!`jT)Rgtq8=`-T{f=$= zeqSNjrT|;(@txCfN7W`OL+yI)}5uN&D@6*=`3z;+?_L0 z6JL7PH|}B#XNI_Dy<*|!jLx&|j=3rc;%8)Skc$}gjltH_R&O9f+{wtgQP{Y0#g<54 zQJwidv5QmdVf4A)Bj~(t$6mv^rOru)D8d9-ARNavcIbcw^AUSYmYYpJ=TiXxNtMFbE%pa$?=;t4%>X2{OP_Kb$D>hkfM^Om~ znma5HSALiv57<#vN*S2K{}J}vO1k9=7*?G%);*BlhR@g{k68Bop;}RG25qM_7#E)R z4PNv7cDKNty?oI??XNmxfK<-ebL+X3x<%exb!}#QmBHUn6 z2s2j&fKlBW9*;#?fJAyg7%qms=mHKV?0%<9hxJcMgSVq2eNxr|>;TG*m>>&=6f z+`K5K2DmP}45}68qZX9q9ml4pY{KY4qPhYnxfVMzs=HP$bm8%gVc%Yj>SZ zww7nmGRYMPLh`No_tB;r5~X!`LvlnmJD0yq>e|#=kCYuN~7v-?L z#Faj=wkZFMbS_waZc#9Bvhn-i57K}As^UMQ<-fPd<9FTm*x9(Tm`%UnXC#H2(LPnp z10RQeTZVJ^EW4`g)BnfTn};Qxwg2PO&pgZbcU|wx%fGzN z@tkv?``q_yDR)Y9ul-PwkO3%0T(`z30yXP(w?#y8yH)kX$^?KHmG#9xqH20OT(|rs z{r49kooT7q5uu@tP4OQ;PBvC?f4J1tl)&?3$DMY5;TSXPr=LK~jMS95$*#1vg{(Wf zH$R1D8MKrUIK$bb`7!9#{AOIl!y)L6z<>iS8l1pkaL&5~{6}1gv>u2A{)7`R3d&O{ zLF^n0=f)&q&kC?oW^lk#Y8|s2GS|n=k{*wRdXq%v9fvDF7p3i<_`j{a3_$ zLp~E0QJJ6s(zdb2rBp;bb6bZA0TRa2KF+u*M{KRj^F|~8Tnkhr5QXW-vW|kKR~3pn zM|)cu#rBOC5#P_ODzHQ8F~Tth^$nB(H&N{UHT69CHjh2j1cLbkGXp1`nkphFH-8>; zMmf!(oyIwq8m z5D|Z6lxDs9IkZr@yX7hG73m^=#|S0HXD4rS^$=9H=daBF?f!)M_BLJsPGV=*(q9Wk zZJuge%8@gF%Hz))%K8x#3zl2F#w4I7X~rCH*+`h|F3g0|+R+1^O*)zLG$_YPd&(sv zR?oFEIKT0-UF>L}x(rsox^vSW`ZdyA!h3K#_>Zk9(6)8dP$_&T*^w_mkS zj7YVm=f&Y>jX>ErWZAq&>*95Rq(^!vhJb+2m}lOVsteKKKsRt#8kW8dOOlU7!F^>wpdKe&M)@L*L~%@n5L;M)l1+yIMQ*)|y+g}m{M&1m_?n^2*| zt_3MNrCAA0@zbX90eRC!usO@Z7uy=0=nT;)c;QOMSp1z}>sRqw@i+L2L-QrZPFTd7 zz&zS=>O_qVV`H4ynNgn=IMb3w)?pfQ!_h*vwRpu!Qkwzt@J^3YXqh1o`$+1t4%<6% z6riI?2!1OYL86LE=MOc#AtN_H>w9LtwC@w1@e*x9H@C%Q@>-^E$4ih->+HuB%l{hy zO(rcD7C-ccqsfBCmZOSW$$0$C`nIcNs35&xmN4Sj1nkVqsF&xpGujvNlbapyxqVG+ zQFwUl!zdD>nW{DZ(|S@58`>+hJ`^(ZRi#kOno@1djcUD}3S4~7)b66U=OFx47yav;9l_&$(n4#DoE$drTeYVC_G99PH` z6RpW}V|L3o!XNuy-P$q?H2&*h8wMK~L4vtQl7+GiFzPm0Th9B;^j*zMmanSHr@yd; zaTRBQfxwnWb+My70^A0u=DvD0ZeH3ft@16k z@DWrEGx{v^hkl63G$jcAG^AbK)nTAoONYQR3aG8Hf2y}!#_})5f9__I0C&6-4f}2e zx}K5rUOp_%ChSHko*8iZKd(Ppz}DISViHnu#*%O6u{C^@66JahPfVx_|6W7*+*{FDW>~`K9NT>z=t}kEM0>`Ya zeH@?v(y5-nd@|ElP*z@0SXK}_J@IHUALaW>VPF5ds@H9w${N}t9bz9^a zvlMn!(VH*A_Gg@YQ1HM^M6?AIw_5&2dp+b9wOTIkaFwsov$!&$FiQfWNe28|qRNMofCY@HWa{YshZX zTbQ)b8q>KehgTT>3i_$Tydd@bA+kXNbI7`7`AD8WBJJ_`5Bmcq-{l;xyTl}p+c4c9 z_7=NEz9*SgDd4HxY?459*F8P>C4f)Z;V#-5e~k2rnmKyCarU3;^A$}R^wb&e>A;Xj zl9#3*p3q>fBuPP||A2?6AWx>;^Yo~vtq!w9NUH}b92aR}3zdG3hFc2Nu=dA8&-f3eHna3^ za^Lyf{4|uHV#bYxF44*M0}7*gy{!%twn7(ifOv`mAbWN!zE1cXkWaBKF(X_Ty zvsYTs8r}P&%ssDx7xg`>p0uS<);xWR6X#;anr(VQXS5&o)($6x74a$|s_hPH_ zSSe3JiIORIXNv%nc~)@+b?ONr&t&<7X#nS+J}L~1Hu+KHaoXZ<=QGbAo!vG_R!!Jo z8zh9xT@4rYCWGbOcr(-&M?>pzL5a2OOLu~}ByXeq<;g<(6%kl2`iLpljjg@~zgD`> zlui3Cqgu!^^%+@NQjmwb+Zpj%v!(l5?Fx zX2j%7 zmF1xdUQvFgNP7COved_oH1=BBN2{T;E8cN4NA+TlH81da63taTv$WIAX$;RAaB zOTdWx;!Uf+#hu!cg4;L15(g(@x(tBhvDg1t!5uZ$f@vjnvFjgb)$5a4geH1^ z)qD^LzKl_BbIY7>VXk6FyF$LBwNg(DQQlw0Lc<*(Ap@SGTg@%SE28!59hI=!H;pxL z*I)zV%U3(%@wi0Hm7_)QnzAw*=)|v%=@JIvu0P|(&x_XByL{M|2HD=V@VkwfNc5mpI1;O}ywjG+q*Ne1)ZP6{k0PKwU)CB#_KSFi@!R zey9U9=drUl@afHu3TD87B&0t)y6UW`xMbRNwf8K#q!l$2^aAfuk0S@XZ4R$c3S1a3mb=`dQAhJ49C1KFr^m3Y@ip@-rtN)^PIX7HS zdRMOz=nT9f=lPO2k01-s@x`l6((+GscgAx{?#i}VOBdtlgI_)bib{!g*}x*o%qmd*)=ZG`NXn=w03!O$wh;0SC-)3H_vFAz zlp^PRqD}r~uCro(s3(l^Q%voL25Q1@P7sAYuX1d|p<#y?1C^#9U*eM%FISSLX0IAZ zq8^Lv>KOi%7GS1nR>DFmnK@SaBHCMx4_0%576BC02ATrli)!{%PmK3bBUqGcLQDcz zY^+zwrgML?;O>9(cCCGaBKMXT8AEKAlJy1IlYx@ z8Q(TO0oC=Btp7vhTv`@r8=TwZ>%3}B-Ucs!^dRuPa$R+`B?iAENVh7rB7@BO^pm=V zMcCC=ffIN=GrkN>QwXLShGdLY^cvE9CxRwp$K5lX9IG=pgj@waSElRkJ$Zw_nOmKf zR1e`R912Q~rXmWPXFXEhNxayX=C$r+bRG6GWD30eTEH1RPSlqZvaM<;{>&c+xaX}C z=JUux`=7C0KVWE|&Kt%JecqRGyA!g%WHw*rT0RY0w!~}U%4R%zgtBF^uUwq0Xz0w^ zU3XRUxmzROpf7Gz+iuJ#&@~c0We)oyUaxdXtK_ekLj4AR>M{;d*jM4Vpc)7lHvjy; z$>}y0O7`@B6aZaSGFaJn&=zSKi#6vQ(@>)gO%QP2VY2zIcz}-#RoS1~W*~de)@84v z{r~Shwn(H#<$ZK^cSE4(KbTq~fF(O89@+Xl3eJs?nDllkG;(|$a3BD+o))85$ZNB+7Z!p~&^z81ktYnSGh6XmpazskG#31C&2bc@QpzgA4X6 ze9$C(!ISU^ih%p*R_c@%`SgY5Tdu=BL=P6CnChduJkQJ~4b0v#BcF=|OOQ z(6FfT*Kb%(-s_Rqk+|I-8p69q9NUbdaxHh(*>Ha`EkEPoj0?{2k0DtbMq}L#bIb;! zmE{sL#nhd51I%^L%V`D8LH8gNy-8^bRyPe&Js|MR>d&XVt-p1c3?LTs*R7zB7S2|( zUN_+e#mzGxp?(>t)POKBG!Pm3*`R41ne2-iB&Z43b4^1!;(%AT8$t&&RyrnX|CV9+ zvy0(9=r+jDc6?xd7S0%m0tM9LR5EilS&1PgP72vC_hLLyd*E5FyTaokkAP2~F$$F! zNeVUiZyDC|%j%wq?E8Xej_r|(vIT6AWO1ds2l2})+1C6rf9k_Eu!6NNr8S$;AMm+E zkLB|wv-5l6$IEX^U+0aQLdFAappT#LuRg+oW8ex7`Ka4NukB46{Wuf;_<8>$ z%~N%!s+$RL(nb{-pp6n4Hk#*2qHZia1O((lA4$9c0oaq4znB=oUj_isRV=T=|D$AZ zn?3z}*Cg{{1rPY+-&2)66+DqEG_y<~w)ZN#zA@G}J|67k04cl|-&L#LZxLGyiwR8T zOJc`dcNSOqrL~2pJzs&yK!C1C3JVLPO#y4bivCz3k5tx_KEu*Ld7l!Z4ibwhaa=@ubAp|5t!q7M^JjTRs}|qX+qW28E^=KkT=1<7&$u0UO-n(X2e+wr@a3U)woq`KK&#??)D+5^xX$AHrQ$8oKlOu zi9A8F_07VVH~M^TXr1*Z$@gkKBKj_$us&bpfbuvq~s! zXKyT4azUu%84yLTks0ePx;?S#;oM^xg>T@ze2t1(QgP@UQJa01!8nJ#yW8`r+UzS` z@<7AwI91J|j1LsEId|XE=PsuzMFXI@g%=+;^CD`FPvGMQCz6vqvW-r(``Gz115~8m z!g`x=D?nulo1|+zq(r7_j27O0Hta*GEKFD`(!zu@>KAnnva#Vy}0Qf=DO$V=9_1F%pVnqwM$Om z#@U@6G1N*|QzJVeb zK+-~_qTcgB05*WFZ_-;4m1Tb)zeYR9bws_c2c=|+oTDt|y zK4Ok|*#Tyagx7r|Lsg~2&xUrp$u<;k+&r#95*9pno`!sWc)t1@f3EIS-|Jrf6$<~s zV)EM54MD@Q_#1jYd|?NX$0ueq5PfHLPhzpq{hm&-yRgB z7F-jymPG@^Y+&6ijVUY0Wu+pwT_cta|C;9iPBsPRTx#MHe0CpKSp#s~*R29LJ~ltC_(yVvjp*xj}<@l&F2kL5xC*Ptr}G>lx3xa(T4k z_VL9lVlpK+L7TF9&?ZL<3|GLDgyA0Y2Zk3I9iWAUm| z8TB{90AQrV;!_hYV(9XNl$;d9aK47qja0npe@jvE9D@$iTh%22f`c75L%w?4ID=MT; zbMj0cyl`}iV|^vrISknOALG>(w9Ef*hTHS>{A?V1*6r+#pkIf&i?z*W2qi<-w^ICS ze%a|bwN_aOL?%87+I!8ZVGMD|A`fjMrRTw`$j}OdzR<(NzPM;~`jWU*_u)~D=2g*i zJ;A&`y-H&AB3k|s*IXrz-1N5$m$(m;G(f3&HHfZ_$hnXc${_>>|3P!OH>Ru?mEb}^ zUf!d93#a0(KEP;uO|U^DHy7M1Q7L{nsDU0qt^A$Oz^zl%+&fk40Fz3d(Q7S1M73%& zbL&5s>Q9;0KaJ}za$W|gUi{Wl1(x{e0a{6IYoSQ$VTw}n#s^c!BG))?PbY9^ap-Sx zggdyGC=#E%bPdnDv*w=2i7KW7H?yHU2YR9vs2mjF=R9IlEA4+k^;F4ysY8UFmxesZ z_sPf+wz8mj`_(BgwOVnwca?iG=1v<{EX-t;{WJ85z)Gkhr zXW^T9VQzU&8z>^Z*$@(J<|%7_QK4LR0YvoqeNRMn9K5Rt}j&Q z?w+c?_y_1MYCl-E*BZJ5Y!mTs0p)bld$h{o!LgSGpU>Go*PV|h;1vK;M|4&gyM*cX@q)L=vn9)Qy#nGOan!%B-xcJ- z3o0QK&hrAOGou~4*cQ5ef3sd#UPT=0; zvI>P*1*rVYi+aPI)KG6H$y8sS^^BeMD<9}lg1%+DkNBGeHZO&$-R-k%BvkWGhnp*d z#Xn;3*;8wM;TScH3Vj|skSpot*(#lMY3Kba=ERQjQv)uI+C!`5I;a8I30;EI%x>$= zA@}~;#Y#dkJnlPBHw45Q&WWFFD%+ou8U^zR;o{(sJsg?R?1zc=MQ~r@o5k~O54lH! z>#?NZx+nf6xS5U-dMJ*fOF#6n;c?_(Lsn+no8@9P>3_u*EfeECcR@&{C)tU+67x~r zZp6Fx4Rs~;(`#j!+X+4NJ>`;uUyk=0-HK zM_(e&Sxwp;Z^%NRLZPRtd}@cW$HkUo{RM1ATJ`VS)3gJva*}iBv)P@Vur%e1SJF1J zZFk$I7aBJA`JiEX+|b+il8&nk1oh-ZNEBpn_bonsEOx|F_0htSE|0Vg`fUY*5>eOW z3X{CAWHoqZR+m`umM!*|KgfZ4qon)eU0i*dR}|x%K-Yk=siO!iV=DDhw^uSzoI-uy z1!c$m5~?5_biXZJr!S88bekX>(gRdhtKQ_;A)KMO} zQ*&{w#H#US4_lNu%Yr$R?dh8$6oxYjDl$P6ZH+jig&%Qafn$Xp^wdb3CT#P+=2&;S zsc-(MJZf%m@4Ya$Uv{2i47-NFY;jW=w)?cWNxENO)u+4SLFqB*D{Ph?ro!qy1NbEP zpeZ_})Bxh;qSU=kHof?pI8G~qQBKtrq3#*-Fk7650jr;c908v=(7jN_h&#kjZYC+PUD`oc-FLnj@E)f6BnMnyJf zWb5Z+gB*E^`)x?LT-+FyIm{zm>(5C3XBaOE_Dvmfbp zG=b^j#HG4=x$&|>yWB)W)eRo=$0~WAY1MyLD+d`xgF2x?td1a>_a^WENm)2|3U_qq zSUJcdQidMCx{dUIY?F$Q&sC$Jq3-33?oKkNL-t3dQ_rQsd>uW~nhgyf<}^H&uFS0* z1i$t;vNMD=Z$9#nq0)Vkn*;~FQ=pKXCy2L+Yd!jn%=ExZGz)=EYWU+9ZCU~&p@9bt?X{=4Ux-{velsQYQY+CHFoRAZy$a9ilIR0{# z`>I<2y$2R}0vm9%eG#_| z_!#^v5G_+b8($6$3YE7(T7YpuX9 zfs#DBXpgjRbT3((N^gLuP~fEs+OhK)Z0Xf-uUVl(Z`;Odg8ov8d<92ZBjRPm)FuT| zH0yE?wa9ep!cqu;Bb0BpCwvIM-J$ISty>J(Vu%6+R8L*=`13Y;uZ0yVJ!#e+ zhMe1&?u-wXH1S5#@NhyaUS#DuVatqc%SO$FZD`&9JE2EDmuW>C7uDc89-7}j0qF`* zJz1B@C)fc!X>0!PT;n66*m0a1W5!f)cG3jOYQ50-*(TIwHORvwryI4RSL<~onyw*Baj&vtlcr zq&dAf^-^KBX2wQz%u}?a6vET=J-yav7`Et18(*np!_~uaj^mj78N=JcUd?|Qf!&Hl z?h*K`y;t{X-Iz55qgSw>;%u)alCxT8eqv6sw~aVw>_;O-au!$yHJse$=GVtyx0!Gy z;^qvgw!fAIbzR}2rnePiOBYJ9!saz}yKoh=K@CgLxuY9_p+_f4pMSg9p+Ng2Z07nV zEU7qpvlTLr3$S>mF)c8AeVbax+}M`dORyL|x3LXZgBfKf-mo26RFQ5eJZ3M^{>~L5 zOQP0QuPG%d?~NK9ymJqnXG77sVO$y%)Nw(}W3RKt^`l@JKMyO`=TCLi;5{CvhR{p2 zAH65J#lX0^F*P^sob9RWr3ry0T=DZu2*Xst{6Jzr_2!aAx^#m@JoHRSTy9G|6lp2nWZ&B8 z1xxjvo&WR^*H4?GI!yDE61Sy349=)=yu^V#1#Pzkm(<{QaV=rfSI)c@T6z+p8mQs~ z-Q+E?x0>XFTcu{a_D|m!nqh9LI;cRjd&)!Q(+bjS$>y~;)Z6RBxcG7wkf@eaI&^k@ zn-AiIbf#~;ZePiAQmAn+R%j)a*tKu$UF}o|YDNpE*qaFX1kBb|$#ZE~2zUGYC9$Yl z?RY}Vm~w=ybNz8tN7j_~{R4K1Ri7QT7?E0aMcS>Dv7m`~)mwvq6rm$9-SMh{gYI+d z1zOpSg=~`64e%tc6amafU~z3$jnP2pnFy}3=R~4%B%nJt5YMT1B&y!?-#;U4rRQ*q zE!CHsu&aKO%E@CbX20BGBY%GQyx$u3;;P|~U}!l0B(t*AVkav6 z=Y4n~U(?_5=aIqlR4-kQRPj8c|7wBrz{oV%nyH2F7;W|)MCLyoJT{jFyF8i_j1|_! z$M$UQIRQe)s&>3(Z?+_?&Mxkld7QA3AzykuE6CAHFbxTL8C=R*ZL-#}609Fl*cfNE z>@*75cwI!%xA^VyM%Li>eMYiJ&B*AL^{6XCz3DB1HoqLzVQmzy&&UGwTh?0}%~ zwuM~hy7so-t> z0zu)taw9@X1XFt|?VKC3qoPCKUDGheRn-0~@7T;&E?3^?H+SRm&{=)lXC>LltkXoz zy+Z)l$BIj)<2}A%u|*z&#I|_9s^axw)!L#Rv`Ry0uq2k_o{ER*+m)YekE358T9iUl z=EuryptxE_NFX+KB+tdL+?@pEcM!2rY>UyJ+V}=uxbLGipAr-+162O!!r@THO3@hE zvx(V}`@-_Ig*aPS;sf|{o+q75vNEUlxq3+yd|$v<7;a^{nZtn7SpTpyXa#$@bbks`Mtj+gD4i@U$sYB&6EW96XQemniSqjn2(5qx>pzW0F*PvLXy?6s)- zHZyCcX|s_Xb1U{SN_2En)H}F}X0L+KS#ura?kO5NnmvpW?Habri&{Mr_xnn@FbIw# z8fM1og+=>X4Fq2VH4h=)|Ld|xsFnyXho;<1I;gCw0@i|1c6{v_3*h{WrhMa>co5F7 zN^Lk!p25i&_DWikB!k(J4vUs-RtxHYry50nix@LV{z;Mz$~@6Nnq=*7k+4L^NM{Fp z==rhPNS>ry2gWoJ`jU#`dl(+AyuAUAMErtNUt+_XsgiI;Ul``_Y?swh#r2*PUevm9 zt>Si^Po@qm0`t7y0I|R?%4HB-p{KiKRb#t+<0hR=T<{t)KDkI-ZaCWCuD-P;bV2Et z>K{|Nrk^n7yzyX|xr5^OQm^)VWLrkQDZh}LVJPn8Y}CFcK@XU&2a$va;a%nqF8y{} z+|_dHu{GV%X>>O8Q#>VO?r6Jg1|{llw^Ff!H5*C@#b{?0nUkySwA8yvWJma6b#2<~ zU-=Q{9a`m})+-I;w-$OIoBj4ADD7!1)MJ2*Tr(K-N+)ZI$9?t>Uo*0~c}9H6`ismn zX=R=Ps)z;PrV2<_-KTJp<76|xIPsTG&&-8i1}1}xV1c$qAlAi)X;Tm2z?EO&{e(p= zD1Lc9_*qt)n+Y#?*%kSo(NG8|$R$66smVh8Q|%-YGtO|JUL@ojfw zBam8g*wjBi7i6rhq6;@uMmp`dpfq<7cx~hlNq{vcz)8tX5(R#CGic0^pB4Ub3`vcL%wFwIl?)|2dp{cU@G|Gf1k%ywc!WLN!n1bbnbhlo`G z=hsbalao|bOj3?u{HPIM1~1>kf4(3yZ{0;&uv558t^mHi(%~aWvaiWH3b8(!%i(zt zRozV8a$pC14Hk}q%Z@8d8+3#_^scl3ej+$?PvHGV9~}e;jA+lR@o@ZA?n|yakxfp{ zHs7;5g0I{cOlzICfJ_90Kx>;~4k^&%7tB{$p#tcZRg`&=>*k3axfqZO!M`2=`$0A6BvXf981V<&N)8kSl~lrVU;HwIAwEGr8NEw)Qyd zAKgh1C#h;a?W7bXCaHT zAEMMEvbTa+2hZ{(GMxkZ`Z@LLhSj{Mu6WG=ZvhI>r11fS zgWf0Z?O<=F%Y}@L^1FrF0C=U27`@kUm5-rM&t@58WrKY}y2iI(smA*?k}dT)0I8tzG-Drk3xNV@j%?~ZN@oE0;oe`j^=*<^q3_EpI(E7SJ)G1 zpPk|5AEk9PkYJJ)HQHgV-QLQ$;z*3c+>|J>tt=C)-IygL)A1iwPcKkaOFMbC!wOKWCepR3wDuN0seX-p zY)jmlHt#Dlkv+l?8zu$zz_(Cmi0=Okb9!j)KZ~9Ro!Xb#Hwwf$#%{D7_Y2NR%%9yb zeOU|sZX~-Aa*!4*aXTC7qs{8J6}Fm~208xdv&QJKa6rT)lGwb`ozUIawM8B5Qp$=32P6J`%u43n@Jgap3+K*ML|5 zz>RaKS(8iss+=StHxP~zI~$O#fhTBKS~n1XYijcY+|S3?sI>dOFdzMIZ_-(anIme? zp*_bgCZyEN{w06!XzeUxks<$>g-a{~TdC@*Pvt?mE58*xw?|rc(2h1nt%_e7_C+-xv&{b(H@Uku$dMK|*Y>+05@OJI z73qV>RRPfAI9YjEG}Ox5t5MNY30K=yMLN{sCti?0}v>rbINLHB~{+krEncFANTeQBZ|hz`wU%`{F^ z?tY!7togF!*;Q1>1HPcDaE-Cdd0ZGTJx+FE{%}+E&O>k(;+f{Kb?*z81RtS}WF{{{ z8HB>Xt3_o>aqE7VvKy;OKx(nqr9D56 zDPvLV$mz{e8wI)ADH)7Az*!1nN2RTB4`o-8IVDm_V@qRk$j z)gb(xx^0&L^RbsfA3ha)ChPp_mT7+4Le)g;(V)uhF8fMdqLr6?AVsMp%vliS{$kgU}Q*P<9?de-%JIOqmAYJMZ~`!7xDnwBCcHG&Na zViUEZ;qw71fx=y*?)syldEBeJ;67;L%U!JP zxy{ml7HlaEZR0>ud5)C^V5k&n@kH7q07n@nRu9J_DjGk606^^2`#O`J#%${MMytc z*BdHFfljK?VPBD5Hv_6+3zQ-mo3s|GZFSAiBAnNp4CgkNJH;R+3&%pp-+0Ev(wnNU zFEQ-vu@SEHM>#^Tb%)V(kP+;<`by=MaeglZZ&KM?OC3sL1kV&c!GkI-JK7|x|Ire! z$S+n=`JrbcjBIZ*c4vAn{ILyf$9}Ev?xIy6Xpu^_C0C1S9@a=uelmqLOF_4#R>jl; zy2n_Z?o7O{iS1TB{qqd~T9xFRoOoUXixSR(kaf_79b=vJ$j7l)FIQ5M4 znF#VRDMVrXy51AeudXoZ{L{TjYi{yr%Nv%dC)|jq=ojHZDh&{n__5(TBWEj5W?uVk zNz@m_VFn|WtMG3`F*@2P#r!}QzA zZa$zF%$vIk(h^%I`}mjW$ZBm4J6Dx^?$NW%X^w{Gh%GKDirh}1C_dfEHK6M?RHu^r zYq}e^yOm8h(4D0hYO&}z;P(eIJNd7x;fXfL+Ilk!-!_i4lKjk7zR-kSVi=z!=|2^J zQuLKIF{vQEvc*Rj2{jvcWh~VQ;rN8VQ+M)1EwEy?9A(R30d%^ch;f)3s-&PfeUCaL}N5hBCb;V z*crb*i~)luh(}yK#<$C>)ZEgp5zIci|0$Y9U#}_9cPmz{!Z&2q*z=d^ihUAR zCiNPh5-y0lai$AfZDKio>KW6cD!5R=J`WhX$bBgmjH5)GnTnpzE9RFuo|Wq?b&F4C zW~JmrUm!(7Cs0Lb51og&w*E_n$g?ua?R%QOlt;F?db5LZ6dwk8r>y=#nKN42g6Q7( zyAG=OCGWHG10%1qAwheG-@fv@zoRo^Z4fIr3k>$2;FEEw1x5iPTeW9k=5nFV?-^4@ z$TIUNE-~Bu?K_IAwy2dM+C!$nQv{O*G6#h!bTEFd3eRbjy8N1Ni?)XGiSFv6i6 zu3daeRs~LM6#!aLY7D-v#2`B$+gQaf*ZkAD96bBLmj|@)36?!x9>}2*y?2*|Nv3Gz z!R%UT!OlJ$OnODN%x)>Wt-Sd^Zm)6Zr#oey+UGQijcbC;e$&2SeDUt6vL;zno4GtU zr4>>$i!*@{?_MNDgG$nyu?hW*R0us7z27q?I~hlW3u<+e#!M(y%wMHceWbANpp+q@HA&6qu;WI|!?BWuk; zEIES{!zks>xyb^+h^eonImWl#T~%WJZ8xq^r?Loz1 zRTtnkqM^1eKx3|Az=+~ysC;VKIS+V7Px?WeZ^4OUM1rFKE~#!e>?*wSEHog-Awg?5 zZhZLi50xK+YKzbv4Uzq@H%||*c+o!F**;G)EZRY@1bq{na!QSWAZAmw31LX!{C#}M z1zr~VcY_vj{dsP_5_VzGzv8Y$d~8muABR7(z>1G-LtdVs#*SB5PFIQSVx^azMozsm zBCTr5DIiAf*21ediYoQMV%$nCt^2wUDcGe1q{l(`LcFW?+CHpJ%I5F#Y;Ifqw%pT4 zs1{2vf_l|TkHnJ@K@F9Kw>?7emugQmS;3zuhKV>c7iS5+;)!=hemAn$6pxfRsSn5g zCsH7J;{;vjVh!zX?+B{%YUGMeid&ZRO9(szcot3nr^tLKCX{h;e}_{pm~Ex@L2>)B z`Jdyzs1JMWIaA!~jz^nN#8y{7v>gkYh+WuEF7TKybPQ`e<_jw-oIKJ9Q!^10^k5Wp ze648md-%f~t*A8W6>6&~pphW9u6ABkA`@a&$_K2cZ%vI)LPg<;?K-^3l3ywOi8#iE zRnBeIb+-iTvN!|mvku|-upPeuKf1B{{=eJhxVyGWDm>-yqtH4@^nQv$i?M-HRe}I zIeH?U4TiWbETg)>VuJ9sw8TX|T0yY!S=FouSs3PtBiQCc@sgi)Bl}X_ZFM_uFl_Wn z5GFCr5>gX`2rJKcBL&q=bgUET?fLuyNbINmY zRiXiS{5=Ndwd|U3s`yMAwd1$e?j;??>~Cn@|+eMGc@f5di#t29E$jx0bvlq75lBxGp#D%TKJ! z6aH27N6P+yCcuD)grEm;5S}ObK;eB2$His3^YHQun^#a@j`l97x5pUBmD4A z(04}F@mHN8)nX&W0`+?lYS@kjivg8dTTWOgc)D47^(bo|UqT3r_?mwL!D+&x^Irp7 z+RUDHFOp~(rBLUG81rN4CP)g*Cf3 zD%H*#oL5NCkfk6tydi1BpZ5*(1{hB!k*c(<;cAr+;J=^wCHZ%|&I`Qda?OzW;DaAw zzpOq9olHHZ2az+#(L#P9PYw19?f{ujZ)>1lKu8umGh+{z9!IWf%*Nm<1Xe81LZYBw zKhAhhS2JM%1t&*0F8tt00bI*eM#5YQ;}K*3&$)Yd??}pLTU#^#H9w7gDnHC69k3hK zj@w(WPD`MiG4YHrMk;BUxTtq~e4=49La~K#H`*qp;}N(7iZ`yzh`6lAjr0@&zxoZH zZfjDikB^f~)%`?XcGNz@Kp&NsU)o=97du4s05p1#dk$u@8)6{QNs%7I!(iqFzSb|7Md5S2Qa=HR+cB5%mPaYy#xpkCBgj3X<`09 zi-O}M6nKqQm_-VX*SZ69chj)3O@{*e z-j;a%X&b!ugsxP7;bpF(;%?)PG+L=2Ky&p0)^&EWLeR%!?LPN$Iy9{J9!pS^=q`GU zV-2pwDO7tyI@^ApwC0nCg3t#>cDC)*3ZeqsopYq6@_O1kENB2vQ{db>qtOaTDIDrU zvbT=dD)whouv?+@S0z0*a8Fv)J(BBx0TiDr3Ir;LKPdmGVpXhhu}Gg~Z~G|e=LO>f zCtsvgI7zdC9?l~cu8R78f$77~Fz>^SNvCh{#;PnW!LpU1S&B!MrSB4%v76xYUO7Vi zmU61Z+K#ABzqtQd02q1H*L=u5;~%RhPwLUnDcW@zOfYPWTVfxP9Wnd@LpAjk-a_CW zf)H)qsqi?4xld{wtFF+(D2nH<*4Uhs?LR-6B@OUV^WBOJBC+y*s7l(BKAo!2B%~9g zgz3o2)5C$I@~^({jTy7hFKJqO>x@#wJ%l(@Apy4VT<7 zb58|L0dXxAQ9w}<5O8@P&pC7EyyyMv{l||V|M5|t=YH<{`d!!e+O9Z;e~&kr_Hi57 zjTx)cfIr&fJrVq8@>F`^{fz@A|SeHM9mK%jjCqrdoU z$;YLnP`Aul>6Wd$pPnOnO_-fPxRSD_uiB|RIq?ifRR=bd-=KKNNW*2x#_7h@;>Y1a zM0}4$^#N;B>x8Ncmoa#0fpMFsPNrx~p~`L_GQr|`%3C~r`|lGEd*MUE1Yw!EG3;&4`X_<7vM@b**O(B7L4D0!``UZ)>-2i|ZT89o zZrJL{B<;X&?uCfkrVUjYiu>m^Uuu+>n+EFA-=nqons_UqxUTfLu0Pq-b`<{_4aopzk5rbYkQvv@^jvsZ zzjcR4EbdX(c5fNq{e7>a`#_>r;*ZLge#WlxO+M~~Z-j#phh5{VWxrdvMF;mFOyYjG zj+i;Xr}vJF7!mC++#2Mmw#CM`=DR~v{1$30>QGGSjI1c_T1RHRqSceM<_XPV()hR^^w`SbZ^F9X=+6<~WR zbYCgG$L$gN&K$gMG!vtLw(}`o`;}#VNjh?h8*Hn5da| zuH|ozwr6!-a7$`pnkJAgNavdgkeb9C>S2Gt{MS7ZM_KD`TATb6=xm&O+^M-V z1GJs22p&wY?%OsH9k-m?yBO6z1V#R4CY=F*eaWgDpH(RP1 ze2Y+yv({WrLfBdJZs32Mcu=NIR$qC<^%3KxMTXh$mWLWh^E)Og3{ePacfhg2;SR~+ zS(z&b2BiPhVm`X9_q5fo)#@~jHi8qr$m8dxH%CZv`o-?X6nVMC@1LqUd;G&`-WENP zy&$uZ)Y2Noq4(7rK7XxFi)lAD0ITk@CW3i)7r`AdKxin|JTwnHDXdvxWxsU%nc1w;>=f$-YC%CU>5mkt=$%z0eGi zneZZ+W9zl*yA3-Q5#T z#b_i0zf|rxgU$fIC0~K#Q&wQJBK+kN9?csjPb`}xatA#zCXZ1( zMR;_4AqI&4MBfs|rP>wWV*pW%KNbhrXl8 z>8h4<|57j5<6j;_<0jc$nTBhdj@&PSuiJ8TLS)%=>hl%?wG9C7V>Z3i6p{TWNqL0p z-zPvnev0tXr+yAmIU%x9`6~b3=M}U-5-*q=wGdaN|Mv9|TlHxmd%d zQSkeQCi_v^TmroWh5((5+KBZAy+^*%*kmP$2{^^)5$Cz%U00^I%r^#Q>goXGbIq23 z#I^7&1#S}pWC^LaEIe)^Hs!d8=FfwZPB9=ul!(b5`MR{XV3; znc8@&iPCfPZmmY_>zu5w^C78Q z9cxwFP&{39_#i_B^n1E0NXcn@X`khe`qgl&5;U9>bWlvj4!2shrmnHvnOGljC1gCp zs`klpf9&sK4mAkMOQsHG23GTfDx=1IKU#~U4EwVTsz;ZlPN7If)j43k!6r9DbV^zN zj(a_brkU#~D89tw60ie8l>eCLhLU`w#6NF}pN^8tn_N~80y+m06tP@oyHcV~Lk*)~ z3)%&w9p_)^+sLolNDq21^{l%f%!V0L z=7#bqf&sen4ucD|R2lrRyZ_`K#S%Agtd#meGbK z;ozb_Ut{I8LKwEZWPZ+F#9^Ko<-&!}TGPl>-%bGp41)F=V4uoCW--@GFW4#bPUd8o z^rh-kuoilnP49xC4l}9UAgPD|K5c%(nNSX}p0L(sM(_&6L3%lX`4YT3v|7d+xbu2g z*Hvr!(Vv|4xBA9W;$9^wBM4%ND|r`8&2yONj~bkb_hty2?T#_K-d`Vr37keOc@m}ZO)sd#)N`O|b5PPS6Z-Do`phUqxdvn`m^xC`4 zl#{916MMeZu~mg0He0Q~2AVmLd!Ur6Z%7mItdQUS))O|=vw3F~c$0nJp0sErFQIIT zezI}kP6;3jwzdo+V+rs)<;Z%lBAw?YujS}Cu1HI^8vRN;u^f0xV@(1VQCg`WKA|Pk ztE5@DOl1%6?M(i(?G@VY8;#$3bkDXt4T(@j6o(nyZg*E#<#E*shW;C+EGuhJZc*m# z+3#P&CWnIdPGo`KxDBaMf)f!aN+y#MH@S;^4%uFQz@YaGvuBTsm*_2Y^}XA1us82b z+r9ztTS5FG>l2jq(rfVn0Z{Il)wX>jK2>#P^nCpgQJ33^s^|NYWSFvuy-D1kLm)h2 zAxKPC{KE4r7hGcJLvRW0ZkQL*{3{Kn{0o+>`)Ki-_#UPzPItsJAJ%2`uPdE0ok`BL zg;!HmL_>p@>hadf3cp||`02R0&6Q(?XC|IwrOeH$q+R=!znNI3=^z^ugf8QPa75VB zg(l9JLHrkj?a3kvjM!Y%%+~t6@h3Ef&`nqHw*4HJm~;J`wWf_VOiNdv(q@O@W_Owx zUD%o{LT!8@fv4jX^Az#euP|RIE>%L_*WQ1gBw;2H?P}xen^E%{pNsS6|0NSIQ(L0F z#Ls8-YGeuy%GH57%1!&8VaEJY@O?S94<1Ste&IMVxAi)OL1Mei65j0yKJac|VYX_;?+iCJ8Dejf!eksh7)S$u$Jt52c*OGw4U|$b%6>R`6IHd6lIj z8;w4KKF6wY%GOV(qb2Ik6fcIw@hy#);|GhpAZvssR;2eolOhd!hH5`9>H? z75jE~?H3CXxQ$91W@L{oCk6obfR}7pp1(#Ure%x zg9Zt=W`JupUWC@8OlF#{?wU67 z<1XXzx!*#)#Cs4>KkB_hpul#mcd$R?GYR5Nu(EpS*;=+vQtg+Z0Zu}ye zC!y)J0j+%5)pj|w9B$znYMK)SX`9Otx1}b?0jIHHBWJGO9t(wmw8Z_Q;M!+W1(&h_ z!zI-uR&sR{9ou65&g4N(Eg&FW;q2ulWh2p@54;^Do9A9YXG}+DtL93+9@4DDlgEC7 z<+GSB)#Ip$z~DRhiIZ~w__HCgA+hNIyl5gOTlc~Co%3yH6n4uML2JrCIE7%IhTm^G z(|%7dm9YziMRjQ^d!85&U;Z7 zakmU&VtwLpu?zmX3x^7!>Dk(5LfeL!BxI#Fmr;VGzv9%5USPWJLi3d&6~F*)^8z`I zcx<)x6|$@=%)+4*aLf*xPF^h$rTAK5O;2phmMCf-P0VGIAZtbbwa&0A|ItR7WRob6 zeNKB+a}51-JncEY*d)Z{s_6}WkP`+1y@vdDzzS~xvy-8CYP_vun=B>#*4I`GxiF*#VgKS zW8Q1hM?#OyQbg|6TTzv-N1_>tNkKqLbp3j-qI-y`KkPRmg&d9GoPKU{dFtZF5@xB} zE|08(zRAr!C9ar`qq_$XRI38m?v{>3E(c3ITIvNitIG&>B%lXvEydZKoy@xnXP7r8 zEbA0`lXJ+PI%6~IIegyGHDFvJ65*=~%Q^W*!V)96#{l;u86WUtS)uAc!pb%Mw%nY8 zh+Hzc5c?b9nmPK)#*G;Sb^)+-$Hk3B-{0t0MN2O7?2LAs-c6AYw?Mq%lx&a zBB@sax?p3qa?WzsIpv>Q-Vdmi6KNgu97#1kAIs~|i@i@@U&C%t4S@}kMN^@xAB?6p zF=Y;(EWG*eSrSSKRYh!F*ntznxsv zb5~{^B@NkH`j{JO7H{_3LS_0zzOz9yP6i}xd{cvGhqehH33N>Fh^Bw6&BV@ih{Bbv z*K=KT2K0p;1)t{zGodrvqI@+xb|LQ%4iNDFz?p(5W=`T4#ro0xE(Mdf{WDOlYBh-k zq7Q2-^w|9Y8#A=n&)w_){x7m0<>3=Tf587F3R_IFo)*6F-F(f$#t=Fd`@yH)#TQK6 zlu=(XEti(!H>1V`7aAKa(bE%mZp2SBfd}jBwPRzs_Y-8GUxxw|Mzs9zmVwI8$rBw! z!9HKfS^1vjtaJ~-RP8JkZ;KK+YcF5NCz+kjGM%ydI3E&r#dh&AcKJ!BX*bSHYo76g z^}Y25^~vsI&!z=d{4v#`H11{NXVRc**~)Os#(D56_hI;4TqGyk5_f%OKwOlFoPAn! z4*tPh*xarpUf44uNBJgDVVlUjaeH9q*8%TzYeHIafR!OZKW=(6YG$-!UZ6PRcI0oJ z_oAn~GXaxqITX0N|L%vnFHT`?@hMZ~|@zzr9 zBOHfkzKFy=Ap|5g+MrVnYQRHQ1D;TTB_OBv;T^3;DlxcQDj$kXC1u_7@%i}hSFjtW z2$xG2Y>YpqEM#k(vV^%X{pJxiGmDSI8bujWVZ38MCkFem*)w@wi;*_D%0aw62zLYs z7qMlGasnJuAu6U8#9X!>#Uj6KIa#zJkSM|9Ug$<@bbaOM!4-sp^(C+W*jtE`TSD$) zUoHk`a;NK@y7z62dJibV`*sw{H|7H=F)s;eScfV`gzQkuExxK#yLabvbx!V z5Y`iR{YP)FtI-b9CnQB%tI+D$g*UA39hMof^zYf~0SR=gXH07}`-a*G+_}ueKMv77 z-_vOzzUu9Xrs8gi?Et(88IQ&caldaGD&fzCtW=o4_5Nd|s`8xWbPTTS0&@z4{Iza0 z(3?_aQ9Iz;)9;FnWBcbP8%E=!85#0$@<F4EEsuSdubF>7-Li8p zGfQh-Yy!-19CwchuL}=~mF4fFpZ*zetMS=--+Fee{ZRLx$=M)ABR)jh z4{qtVjVNV(XSVmEHRc^dYOP5X*_qDz&Th09J71E0gW`0CuD=6Vx4H-+a?_-JUQs-@3r5{-wZ9s4s z!gxcinyPfMXtUqqOkWw(&Rpcp>V25Kv_`hAQ=hlSW)x`Sb{Oj?7@gGyC%Kbfnra?R zI><_p|6Qo+;C!25o?Y5n;9|QOEl8j}Aa2I;P3{d3xQ;))UUF{TsxX5w z`J~L?je+JDpzIgEa3PFdqDYXZz0)@)Wl+c7|9)bXPsauP%)248R(JzhEr!-a0g=-) zjTZ#5@re9};C)!W7`ZnMz0hxIg#oYDdrQkg*@A@se00}dvRy45K%kQvj#tggPaY5Q zdA?Y4ZX*S~U#Flrny9a)+lmzmn#9u&(*q_vQq&htbt&saf@qGbZVcEFuVKz2-bT;o3dw0ylOS)^7(-F~hYF=< zl3XiRcYpx7(($y);3c7qJXmA8oPIGHw{@|&>+SiV4AcKsoVT7%4>m z3J>!>=(I^r^h$mKV;K9{65Y-zx+I<@u?`vTx`yj>Lb8Emp9~pJ&YFK_}68Do3Qt1ZA zcfl@w7om)@M7q`7^QpzSP;&t4Z;^^H@0ZM|{4l}htmE0x068ZWex9A~Xw z8^oWY9XeNb!1fmdojFL)c)^fNQS+@De6M|p$E|o?pzST=q@jR_@i%O1rG%^=_$~BQF`D?POienPE$QNp_;=Z*inOZ>tO)d-xYe^zTG*`0=ehHPq0F zjzLzP7#XG9CZ^17(V%Ta6E>9pE>hYt99cbAgWupX(-#_q$Jtt@&0#0f_nY(jW&5&~ zBNZwF@2DA{O9^(Pjk{l}u3hjPYx2pC#WiaWBu;XCx+rHZldgSm3%wDrGvKGhh2dO0 zxhEps+hLKWL7|583Hb0IP@GCvzu}c`Gr@$j??Ryg$@o>HH_gy2ftjB`!dN^)><=#; zTkmomixv0-37ZL)n(vNjjg{*C9^lLAXku6cP23oN#K3E#!VGsyR#w;~6U`5|_K;sh z41U#7<>@~9-xjK}aBqdjiM!A1pp}jNJ?(VwCmt0?+igHHErVh{M|HzO$tfRnL}(KGqzjo+IZqL{y8%l*DmkNfF3X6Vc&wv1Xkm z3rh{G?=@S`U||^U%YiIX3`*iqD!lYKZg$;adbx^ZIFuIRCLM&dBM#q}jYKOCV3&0% z#G_8|4OGz3y~ROuub$3O=2T>^Dvj z>#}PgZu+aDL}U@HR+tmg$yf~fXhcHSG8PmPB#G1Tl!#ge>$zc_%HEN6T)?-yOg}Fe z1y-XMN6f1W8r07=oq-QF))Sga7YKttW8vko5n09o($l=LjIiz6$cWXBl}Y;=FDG zUz~srt7~Jv^CedV%YcA5pm>7qPq^F!Gkykk4iN7f0r`T)t4NM!S&fh#9+%w=P!Mr& zwLSQ>Tm3uBwI^}28(O>}W`wNKQD`+sy-F>B`A+}gG4BIEl1S7;!6RQD&1LrryXGm+ zSp%|ngvMg?skiFc4xUVRN6rIutdt{i#b{YF2#7xPygQjTzBUWFi~elWqjKY)TU=FQ{ghYi7wP#FH39 z>*ACkk{f(ceF9OfKW1wNUov@;Uy?SY-}ZdDF2H_Ig4WZ1+`Y?~%Ve3C!mOeP`;0?5 zTb;Kd&bpF6lp**dR;RU>tWEoFxvgSga=I^${WeeIek3?KLX6xOF&b@F-X%bkt5k=- zZXAtloMY&EkCu*!dTqj7IH80xAz%oy@viVvD`h#s5XqUOxxusR$e$gJ$o67ti}=~v z|GLEok`nhO?om`#{%QGUzUI$8;1e}ksFwYx4PU2AChvlF|EzhpNB8$QyZv(RUL8@c zk-VHm({&CLiylut_t(Q6%dVo3&4)_TIv*lprG46MCY8Sy-v?ZzWLo${ak*009 zG*-RMDL;QO$^ruhOkUM%61;~I-w4u{Gg;-H3tkU7ADzJagUDEE zb|)e;z(ER~!O6}|6job>2p>eiU#^#Qm!A2V1pHQW&El{JjT^om-TJ%plfYiREaO(! zBqHQF>i_u+o0hTpW=~JXWSG3uT~qe_P^Wv&F8RVn1SU1O>kA2LI-7X3%~b1Sx(;=C z9Mm?Ru(=Klt89L;Tq(Wyex{UtMTtF47T_!LwCaRCkr0i`J!s6KShAuAyrqH_U3POt2%Ydco1mHg6u>tv(>*1*hm4&(!t zNZDEvhLbQO&9Gjh+{2plwBq)mt07kWwmI|y2+%H?&EO-N5EhLrk#+Gro#(la5HpiQ z{x;956XD_CY=*_SIf7s5-^Vfs4-_X+51+F^8Fj+ED|Bmk>23}^=#Ai4rl^2#s%3RA zxqTf7CZi55Wvvu(D$_zZE2TTFbQTi-UJ4iD@ay~l@3?iKH4zvl$8Ak`+W=3~;DGz6 zI=WvS$B6!(DnQ=;gRm(j*p4a4VDGCa(?1&4j*e-L&I#tNpUZb?fSgSFGFlRWuzvG7 zzUHgcM2)t7;H`(|?{D)H6JFRytMoL)J&w7*(m#IS^;n&dqo>S0Ii=QPeCS{Y@4=|0 zlR~zJn0qbyH4=#2g$`d>lD^kw`QMK5n#Ur5y>s$)JzR2`J6qkB$I4$jfVy2q$tfUf zygUehR7C{*Tr`WR`EE;<&EKz;kk1C>Nk17yct8_GK!(=3LA@Atw!yfYU8qZuI8~LU zg%laSO+&ujBd`DR_fu${4c%OUHm$x4mA>pAvy)NI2s6<C?c#gpmm9Gb_;V`-@IE*fJU$NY+7FGC_W ze=i}5HS;^U9vxa&Qx!qRipxMSwC5tI^HJ#Hl@swpG~>KFu{0HrXm%{NL{u%O z=PPBpk$IXjv@ zDfFlb9gCm2**)HPmU(yb;~pjgAYheAN1|a@B~{yiap#VBIS@Fia=N_~geZO((stK1 zt+iT$|unQVZ+V=(x{=2d20T^r!TxB&%%(pvP4b^U)`>&(QQwfyf#w;odno(~F@ zRBSRE7Z8Ocg?Ha7{M6#AvqxWNX^&1=ZD@&PB16|_zapRk5MLv zcOSR0O!nm~SAOv6j$Pg=_kxI;v^#Pr+(Q(8H-(=iu%yLO+tlN~sKb!j8pKARZR_34 zW-U;_S)-X-o46KS0x(Rr7%1u!8}k$K%L9q`)D&zbp^OZLhKM5Ri$WW=`?HANX5E!H zp)C=frh)%7#w?WvfO(bi>|@@sWz`^AZ*%^cR}uTC)>obaRfE&nq;xG3Z3`~s<*t1; zN8)eVpz{F?k!^J9NcHpy*u@bPVTmRGNr9v`6gRl}llB~sttA9k*t{4349%xCem|@5 ztwNGzWclr@+vSP-759FnZ1nroV!p*y4hA7l)Na$vNab6o6GFL@PaYyDzSdYE>}&iQ zR4LqxUC6>`LPnnVlNuD?f08RR*qo&(@pQ~^7Dkph-BvuB!%(-8izhSS@H)V z(%^ouqm|k`WZy)lCXA}hcfJIE(qa=Kax#?5+>}IJ_9f0I`X+e~ecw8G9iQ{WDT$Xa zp!45RcrLp}YS*Y%yhmg~R_iO{#cMkA^be(7On9d4Ff(ALMxTyHb7}kAQhmQGFhV_{ zxsCJpkePqU0?`oV79^;@V|`vzaMkUscB&Sx1751fp-}#6%5gX?YMbMMJh zhyW6;Pj$U-zzV&>Tts=jRQuN##el`PH+F%i9X?1-E=HvzRXL zSovZRb6;b_7v#U&h)wozBg5Kg=qe-OOm1;}qyiy>66ggPDy>fpEb|UH>T0-TY@Y+( zT(S>E`o7RRzvQ5V*LT#R-PJ_SHe^-K0aHYBnq#j|)yRtUwrfD2Xc`3@r!B3(4>mYwc zZ$=OH6z-WTNxXjj^KeIIp~m6Z`~BMnw)K>MD(~6GO^TmQa;#OnA?)gUT)0!YeW3t* zQ9irAmUUlRIhp@Zer^4z8~WA<(Ys)$coj^u;ykPd?{3z&VigOjCC5NVcL~?~Q&*78 zylM#s`-NxuM)IO$+(U5QW}bh1Tu5CDv@u1Qhs|4G?!Wu}t`nVM8J~7z4ze_#KCBv= z%Kft;QLo7Sy5LfgPV0z0;_(JG8{J;zT7!rc^TRbe%YVfEIer$uUYb;E%gqo6o8(%l zdu&$bOo!rJmR15KqvF@rSHm_nufH2&>b9<(Z_vLedPhfv*(7N*QNKyF62B<&8*ev03ue)Y8^BYiKxRqjR@*E2_2X^g8XzMu+%K2wbd?r8h4d?tJn<=#j@JG@^$1o$jX9|Uf@ zK6bLj=k=F!ElG)cCQDgDouq?hn#6s!OaPHGBxEa10C_tiCrnwY9Ls(Fk}#9*!Vfzc zS(=?FDm{}vaz`lyiyECWh*mwg8u{`7DZmJKAVic6z-8BrNmuL8r{KGp9760mH7bx`QUN7B)sa+&HkmK`21@;%*O?H#&Qv1%GlS zOt2Lu!LDew_F_4jZ$ZaniO%iv3spT$r^jhbnWeV}g zPxQ|tsOe$>_hHV|p;{~xg%q!1ZVK@lYc%68qfG75pUjbsgAhu>GjEqLk}y^Oa{spb z>lS^P->b0AIy*ye#WWMj&|w*kno&NCBh^A5#<6oYAaRf9pk`cIzk83?Pk(r$vux|F zo;wgtgB&!S_JxwPy}-O32~1BMOeYer_=4eO&vfH2iHbKH>_dd|OZ8ZQZH%6w!uU9s z5ODI`hC7+AK<_#17}uDrKRJ{<&kvtrS=q&AY{+`Eq;*Q{oA%WiI#mQqwd&XtLQh;i zJ`SjwxDeLns^t3^IgrQ-71z4`ovf<04)lr2$I4sMqVeZf!e(y7tG>prYWnxOCzgg# z{6s&+T^`OQW^J7%6Xt4TWo^=HQ|F-mNLkp-C||845r;p`pPG%AZftpPa^V(NLrvFa z`?WsA{)0i$2+tSfAyjP7UTIiwky7MoLQy7n|a}d*XawPKZ+RW{ppz z;5UhxxE9pSar0A6=GD!%sFuydfnZs2Vp2BhZH612ZrfX9MS6=7j&dZFaxo zzxnFcq5i)7?Z4RVT3T80{zU=1Jd*C`<*kKogYuQ3pamasv(3Z}Mgte*kE_LlL8ot) z>>sNg8e_(eMaqMA@)iueH!67xJ}0f8C1l zom<(;^UQq3Izx6Iq}g0R0`D1UyhWQhNkY@599Bc+%++Yv(Pw%{4OT`hs~&#(*tT`)qqY^{nB}F z66&FP(`uVOnsD#Imwy<=<>ogww`koiAe*)xslML+)O7Gr+uhqk{i$DbXY#vx;3tTA zDl@S^D~qq~G)|(SKU?Ef*JiCipI<0J?l12u^!L&dRp|2{k0NQpDE~)f67+D;(v>LkUZ>ac$rA3=s=8 z`n>dTUSn}4nLzPxZ2-;>uRrKRsB+@}wcY4mo}JR0#@}h+rV9j$w`b~+g1rk5nY{j) zmFJs@YS&l$cK=Wh9_sV?z8+wdC|j-y`?)3!nJp=n{L^-?3$SE+OS%Cuf+~Dl<4{&DkAPz@C*1j^ zXC!{!3~E38Zm@bNE&Yb!IRjjeXC3P9S^+xCfmEc9Ym70|;`PYE6Z)*dJ$_~90_H#^ z`iFI5?f)CBgWUx+7cbqJX^dgDr*H+&kDhowtfBB#l z+@}lyIla$qjc?yK01DR(+`E&<^=0_mTe4{p`+(u=^$Wv3ukWdiT&b15ZbGuGl|24` zJ5+K@|9?7EyuUv4|8%INi0QMCJf7vuP4YQ33pleNjNs(_oMle!lgzz^t^s+dTdOSM z$Mq9U>>402_OGj_Q)RG>Sv`h!=zsYf!;{X8>?l`#CIo3jh|#@Iao z?nMah6+I|hMQZtxF}Nm_(Vs$UR$^>O+5wMSVf2N%S1_rwXVhSHdx7XnKF>0ugq~|| z6;L&tFUc5{El0z6$ostz4@=fFg-`qn0|U!G*lh2m%+z8Y$hqT%?=JREOej#W3mlo_NMOc%PrQ^7JvN4v$KA-!(rT zwGq5OeXn74gr1Iv=nm!A*HZbu5qta{b*1>}>Cr8u0lI9?od`67&Dhg50j9u)4P+nj<& zCkE5)hzOKX+ouBZC!C*bhLuwbVP7MU2=~aB-(q^}>MF@qg3xD=;0MQyr_)fL=_81I z<4dh}IU8rS7h3<;TK_czhO~U`yV^JK;5n)JSIoB>jwZWt7$F67`a z)bTo-zQ-shNU3Npo}=bQ10ZoYxi4_qEK!0lYJQ-*jXSq4?%`2gQ+90H@CG{&0og^C z0(9t|jjtpn8T?B585+{W9~aV=clCQQ?0?!cwkCsz6L%%5 zEAIJWCiNfEz}R`tA-%_n+C@s!smL3lQ2WO76(*p%8zf+z-|2+J~@3n?Qf&)XbHyfp1Y@&3pzITtJCZs&1t97}ABZ~*Y{eRZRLjy)00fYvZ4 zFtcum=5|3#2)%Wy1y&v8StA;b1e#AiYHMAmIH(YQ9{jeZFdtTM6(kfLSBzx39e?td z%(=CMY?X%i^q1#vfAGc5OryH|vA**0zW2Vv1Jcf(dyREvg||zl_b@pNwfNiU)9IF@K*hY ztQh8-eBr&VAX?#=IDEAY>dhQA9V{FQXBna1$K#t~M60r2A9UKHo^xH34WfqY@COE1 zpNE(8fc}xUBhh0r8azA9_@!g(3!t1Ms8^qw6=enyn^^OoLmkZ`Z36_m?O%g&*dDE+ zk`W}AYWSb)9n9E^_5EwTtVP9eT?okEw_w-lFY7T|HCh1Zh)h5OAtk~3xB%=Wplz+fj^8_=9byrX9PBVt{_ut02}<**R$rbK?iy~6H#}7QBcpD#YvsAvm_#17 zhu86}@kyk2*9^S~NA?2_rzatO~0{PkzhcZJQrbm)% ziX+jE?6=qQ4XI5u+&m2&{)!8{MWWCoa6gQ zmcy~(O#WviaFI9G+>x->;oUIj5Q?nVozNU#OibIT(2-Z9sYFTs;Vru2jaa%hA-+{8 z8oT?YK$o2iTX}V{8?y)&#M0_x+K$1(kUDW~ZgFivn^aI>{1#$-P7A<(3lf5^EgW`K zxPtlmQ)=`3>nfK(!@K2?3Rp$;l`UG*34L#?OceNM*yVikpc{euG_sc7`;2-Yx$LIK zPCmi3vVL+?Fm6FWP%;1(%60wu`Xr&%cj#hcfy?EclV#RWrYDR;FVwO^RSge_8SFgy zO9E9%9>*T&H?5e8!ADq%0xmN1k+_|44BXfDgw-xi`5MFe-Wk zWYyuzX-pnS7)QsgzirL}#tW{Pl!egS;z~oqF%%P~jV}Cqoez)p2^4S9w!@>NuOE^W z=!56}qo&*0uGs0LFm#`Uk1qJ|+WPucy@Y9Oj^dx*Yi-_f02MfNH8Ipe`FFzFv_3)n z&(!L_~Y*JUB(> zyF8E|!WcmlnXF=4=7pZdjO7tEIn`on4v?`pwJj9hF=7_oIvo>Bq#Bc$S(nX$p$r+4 zt#8Gf-*6>a@UH2-4In#`dwDOib%NFH`J&qg#c5*h8}Ea4?mIlhl{t!0KFQoZoC9Hw zOpxT&{jgbpG$xLIPS;ml6CE++r_C7_lI<&e42jIc@+)Cd|ED6r{#`p4l7Vc0oEce7 zbq=)w{mrZ!mB#okDJ3i_8B&&yH7)DvFd^}4^3^?I(5mmE;&t>0Jy`|EVSbo=%d&$=lKiSKX>;dd=rWV->iq!zU<`5|SPu%n4QKKW1jF>T}hmCctHYXoaP&}mwoC_Fw=_3ePDRPj@rT4MlscpND^ zzjx{q19yPm=baL};CGNh#1Uae!S5*`TwzrXu_|J*#(*+BcJY&FKQq&4Uh$^r5w~~v zhB#X^-w(cJ8&Rj80gxTio-IGeS6L?sX&_(LoS$~-1qzXHu4;(uGIm5fig@hMhn_1X zt9S&I*h|b(sGbwyuPiS6wc9;KqfeTmjKr)@+y!u&4xiO@h4Z+#Rjk6z&yL-RdB8eUOZ)6GwFVpZE8fn;Jd2Dq8{Oj&QIIc<$&& z%gc=ic43;f<_?$h^^fZVBm@9oI<+|XC)~^eftN{F0RuisVicj1zSWD(g>!H^glM$T zPdL50B-0%8kVL4&%748teQ=@){t3Fyot57S(;44dy2B;gwm|wsxqHkyav~KFLIn*g zHg`QqoCY1(F-b1TH$%i4+l(OT65!x*bB))KF=EnyxFFF8f9J!Y~M1%0f;fMC~BhaN&NH!~tl{O}|QcYP42aI;mfb6PL z)O~85jpck>p0MJkp`vtXGDDTqy`TP+2$XI4m4&|^%&%IN^?P|#S=*j5%4qb5Nuqy^ zWq)N|e1TjG>CqP5V?MwZ(H!%0GOfE{4WqHjl^UE}vO2bwRCCoAX9MII>#Omc@^t%G zaz>R$v}^Tp0FFP_5j!51 zBIoJotvSvzjr-lS2}8P4j}bsP1@;4loB$);cZklxPi>KhFGg@_U`JZI54cFnkoG zA8o~ZE~dqQKJuh25nvY$9Pq~}o@AX#KA~t*UnhF$(i9$Mv$K@dMo%uXo_gC)zlXqh z_E19DmCyLZ!vDk8n};Qt_Wl2NW24hOE;TKdnbfpc(_&_7E z&1KLo?J)MP1pzN?iX!LReoA1*HRAh^Ag+{xzBKW~(>rO=*mo#ax9jSdUbBV&hEt9t zU%dcA;}h}pg%k9spt!d&VCO%A2G(-KdpQx+&8{8T0`-R;O!v|sUFkO;Se%(}3|9Z9 z5f&|$pl$|7ju98Cv_O-M)VNq_qN?n3OoL%Zr$*~SKk&=+{{~;}5_*0-%+7crar+v( zeCfMYHCNV<9~~F8ocV(O!Oth((j9;BD8#-=q&b96pOkTFiT_MAENC`DyWG=XYqZPk zapiUyMt^<({xu!0nPC7xY0M?Bo6LI^Nuvg z3i#XmDuiX$FP$movS3LAbZU}*T$2OXX0(TLwheF?s$(|X{S#6CNDdE2KN zeb9_syS2gC3N%_fn(^r{AihaDMVhIDq?pqf>o7A+dIDpFf*Z6XWFNJg$WLsM?e#B~@~@R7LIIp%pH|8 zR_7X5)c{c-hxmyOMz;o@`S#+1t0vbWdM@qlcGfbiMX>q5%cH}yumLA+JvS;RU_5-p z+kFOYu_h&-P^`nW#J^^eu75VgWtk76Xsm)7Ce8Mx;waa z=2T5)7YiBWllI2%2c4aO%Z91HL$vw zYfkScTp*NaUX4{9?IA40v6X?EogOPg&vN(7SsF_H=5Aqvx6Zw{#3I4b;&c~i;#Z43p2l0k{)q{N9 z!ii29*9Hi$yZAO}&OE+d305^&dK;}IaH5^fhcgsX!#Pj$_@dt!RGd*yOGBD1e*JpY z03EP%ADJ)M!mol1*CbYV0bNETP_L1v*~#^em0$Xdeyi>qTP!Spo@CqG_M~s+(LIZT zhvkt)ZemwzfM{k7hmzBOJk^SHEmxE0e~uYUS$9BnA@_PDJ$X;S9gFg(lkEce$(_G%?DwGM43sOVEiR&$bNKlQd-i+d+9&UZext`BT(O|}d z%36`q0f%+JiNg|B2g$3ES4$bMPi>No=)PL5i;5d`tF@d>EwoOG0=jV)k*8W8Vj?>I z4d8Vv;-zA*e8&}N$mLjHa=prC{MDMIxJzqnm@j;52dWD@y4R*|a2ltWjFlzZoT6(k zvfaebap_$U9V9jKsi5sS25o&Dq>2&&gPgb!OPn_U&nT<^Gw-ifPUa8co>N5y2j4hq zr#|*<}3OFwqiN{7;ca|)RTP|gMaUYm_T&+QAt^1WcIQyp3Z4_^)2{OL^ovbMjCCdb!9 z{Xbf;1d((8FaVsIZHu>VAIOU7He>l9C-~iM8Dosut5EVTF2(tPNOe)}+_>zsdH3C6 zK;ffEEoTY(a$_w8;z=P=`M@A@9-W7 z6Eyptny~lZP1QZ_5&>{2UAV@T5)XSnofQ5nL4m{G|KeNnw=|9UvE{jM^sQ_dhnE{A zEq)Fq*v-8tz0DfqJ?MR=+B9=Kvo667o>_)bERE1?vbohDIKmL$+XZ5 z$D6_wUBV&j25W$RnUQtISOAI9+Mc z6_MiN9UG&SG5=KyYWOE;UUqHL_I{yRdQBpb&5kohLio$hJL$SBrnK^Lya2JBX}bQiylXf%WR^yhTYSS)J`}n3AfVyvE-X!m>uz5^=l=xibt6k-v%r zl+zBZ^7r0-ZPFHZ6ptLEikPZ!GsG4&DJXYN?E`+l3%cXd)?cC#5b>&*`4RHWFLjaf z>+juLAd4AemTit+{IOEEU(xf50TBPcDtDz*jk~eKU&tSUH>ee;D%)QP{CZ{o)$4)H z>}Pl0Hvlvt{k4ig1Pz<8>W*@Ki8-2qBHq{?I}{j4Xn+)13?T4heSQ0$K0d*O6fy6Y zAB+3yf)&@N&74Aqe~s1pmX0~X11lgj?&?b^Jks{DZ$oNDn6Nougb4LQ z+(M0H`jZDO1!$`aHBB=CA|+tkOMVl))!H#+>!u7v?w@jml(yJ-1Z2cEpD)BU<^QKix#VyNeFCVZ@|Pt( z*RxhEdCR4KYngx>=HkR|xHrc`vd+FG^v0u7xcH6k? z4KAk68UpF!ltZeS-l;v4pl@XR6av!IFzD+=jvsF|(ORN7U+Lqcg8J02J z!a=9i9mfFp-Ab>0-n;WQ)tGRpSu)h8l^GSVxZsb9pD66CI@Xj06WLN0D;%o!U<1Ed z8s_Zj*TS5)+>nI@PQ;u?&cu23w1YoJMook{U4lV+*w4rvYNM!UG@PS=B(5mG@ zYrM=I;aD_b>%WE>NIv2qn)>Y)E*2H9LPx>iQ_{w(8iC!LlIp$ds;Ere8i+uFE)PEe#}<^QXP_ zkA?WS54h(Z#hTf1$)SkzNaK8f>ZfI#73p8ADU7C`>2BSBYGfwU<#&8`JG%h^0CUSf zy$zL3t3MGhtd3$Iav;{!#KyZ>x2rl%r$akeK-fdnTu4+XO?Y1Q!L*!EjQ+*1>n|qH z5Lkn96kDERX{T+%Sg#Z_1gfnAt1-ndwe%^~Lh@f>azKUILzwH5tiRGV*c6;-Map;pH=%l*(n2~nL$S#aL zHeTLlifK0W#>@e=t7+6dDI#8mAYuM@lkBQ?uJcws(K+1DYFXh&pdLA;#TeOE6TFfJ z96o1N1zJ@sJLU2$L>4ApMUF!(jRSQ4DaZv#9 z9O_es&55#-?u5iUoK=4wOnq4z$pFo!hQlbvQJjxd{(Xt|ZnS(CdcMPXwYLja@&t)( zdLKpe%eOJz*v7vLgi5;djsg7&{?^c;k$luOQnZ)T33R^L?9_LRmY_(!uE~wsiS;AV|uf#O{CM%b-n+cBa+`-3kTqDhNiuV zhCqnfmK{d6DXw~kEe|m5&wm^!b8}ee4tk)!4b_=#{cPi*E%9;E8P8V$J~hHQGJ&ov zVzLhxMo*9syNvsJ3AJhu_mkn1v9Cf3RKK*X)UJRxNOKWIFmQF;*jbYLAiS!1-#$1y z;{rKrCdvp{)lFs^?IBS^nYvGBBK{ zp6oA0W}h?SJKY6fk72Z%;tUdIKAWV-HiarOpmFo=+D>@GViCZ|O!{dfX?<0M;Z>5f z4B>MrF60ycds5u2u3@bA*bXHTmO z_^d*T;-}6nHLvnKex6O`TO1|}6s@M`LkECJ@LdLq&V0o^Tt)HK{3evEs$fXUH)Ofa zTnt6r^H1|+97u|hIKE{$q&CjbR>e*GSz~vK-Y}rM$jBCF%WymE*VxA`u9nUFaIBt7 z_^jxBz6&w>Dv!yHYMnZi4RU-oRol z4$QjoTJGmddWKkoZnguZ9?U4aZj_*iQJ}nb4$o2xx2Cwq%ZiT0NgNByJ=?bGX7AtT z00Ga1K23tZten7iQ8kN@iw_Gh??Qzc+mf>Y~Q1Qu3!GN`G?3e&7t?2S!Ys4ZruUY;WUT9ReChkg?d|6 zcNJMyp!WOFkQHn@?D)Q~pUG8DRC#S3*L0!=aa&!@zdD7VF(%Vf1(}bKgfHIw3;6}_%%!A zcc*86W%G}Kg>ji@s3Ia@M1Ox&}urudjuyA5aM$LEDDr!suq^we{%ImF&dDKrg2G2*2n!5W){v!uzb$NBR zeajySj}rHHm@^I@zSC?F9~b$o*^UoNIu^P3OQLQ6gw4)u)gd9?`ZXAh$enO{Z$4h$ zcHs+T<0~TXNVK<$c5LKl3YNV@t2O+9sp7Cr-H9QgD3r;7kt$-Gh=Xm$@Nsm~hdVMrxZ^jvDM|rz6o5m)-Ln zD`jRE3cc@Tt5^{)=o^Z*B+>bVZqK6AJU6a~lWB>EZ%od0R;H;Sq7Wo1qU*k7lNC8+ z2W*t=(n{ToJ6*X&d}Hn`4m1t5zoMoA6}$}GQoFi$?pm438OlZWaQVwHh~jAIz+;iQ z&A!i5NfGz(6>!n+6+48<%PK*PJ2l^pY~M{YLoF*e0L^14y4U@i;rGaMPnFqiMq~jV z%*%8KK(m_LW&)bz3Dfl}c8&HP#U@QQensNsH>mpOPdup1(N(^YF%IPM;F~D&7hKdivFs8yvC_jE!#4hb1%E)`b6nE$~x7c ziI3~+3Roqx<_p`htnH)3f}QCz+Ms%CKmMo)l!E9hyez{AY79~wh*b5oiHflX-^S5J z*kT{+0OQ@4)2MgcWTyUk`>|B|Vk(SNHA95vEh8^uTE>el;c6B~>19RZH`4eEno8n* zjVfLzf*TS*fE-K83W!S1Z?alt{3Qm1`SonNY z8r8Gp9zlsY-N?9BTeQ{h6{=Ztr4zg1`Ad~7#l2~4NF%8q*ZPFrP#j-;4^Wu<(4D%S zW0(=rxPpuBrrwwxb^0FX+{eG!s$!^^oOJ#T4ee<&=X^ZWo>J)hvz|NowplCZz!&op zv-Cz+##XowLLB|W(oPn!7N#g6HQdaE%EwI}^5;!yqRi9Qx<056R@0*n zIja2>+eBQrh@59U#uDZ0*$o57RTahjT~F0RWX+IEL~m-^tYwOIGMJkrI0gjN^A4dF!I+Sozl(3a*Kf3td-q+Kj zNj46Sx`YUSH7=cqEYCoJrp*H2Z#V+q_A`=Ua2~)N%oDZvF-Js^G{y|Yk`Y;kUF*ka zBRIus7(O-hWe~^D(IR}6u>A6YhiIU4HquRTAL;YuM~W;FM7f)`;SHbqbZI(>zrhvw zQJIK7)05d)Phgo^sSPq48}XUCIcVIM)!NSQ0nWDZV>$`KDi*lgty`?$)IctLk234d zxz&?{h4lAR3g3O+DG$s?2Uj@G{6f28l@TwxB#t$X67M}lGC4qQ$s+1=AsEH%iQIHON>npb^u^;2^$XeBq&*{Eqc^9qHy0jiA!B$}z1YQrB;G}e zXh7XuJVYad4&nAJ2GHpJtM3v^B##R%hjC+;xUq%TWAiIcK&vN%s1T*@_~J7FmtK!X z$yYeR4Uund^KKc9v&y9mlZ{^lX_NYB@+@@x{pc`)=$=`-N*ku}(y`oBtC}``QazJ1CYIpiF1Y^Y?HRG?XfBja52G8opz98U+q7MWtBoyWAsJ1PSyrpd_sD&*lbVNj$PEviM%o0 z@ftxYPwh&I+z`!Qe{RFOZoEb{ReiNRyfOkjIu1M$(z!)|-ObEHDKA&zH#VB^AfDLP zf3RE$a9MSx&&Gdj{O~awW(hh^Oz1wVJiW_F57a9wzqKOTt54&e1o=H(6af$JEE+^%K$h z58REUkfjrB6m9F0^Ld}U$>b-qo1lgg5~!HZH>R-Tr%W`@GiV;_Q;Mm0UG@S*B!OfS zH})aNN0RCdoc@C{96_3AD{#gav5Zrj}vao2+D8U z(T@MfByU^<=-e5FkcHMOnL6|D2>e>i0e)!)RdO$03v{%{_UhDdjn{0i&`{UU*G;#{ z)h$5gO5Ro9t*udY!4?J#iRZ#9uaoTbqS`(3-{d{ZTo&Lrc0yXIUmw)C_IP&vM7 zS3Al&?2-0A?E+1@QeXM_pbN%tCVKGSK$QHx!IBY&7HY~^DL|N18x;#CtJks}kHlT+ zBLzgxM*eisyre%am5*_y9|@C3uyVj%2{kaU1iz|D$?XRprm436DgGkN;M=E{+O2@3 zKbT`KA4tXO|1i2?AmwUHnNKK zzWEHs(;bK03vKEHtlE**NO8}QVCVOtQssMk!<}2oq8rCo9Dr3}hug8kZWU&a)eqQo z!NKDMj0&WQ_i>gc({*DyO{=SH>%PPd`j-=9^#3H9NhT(oe$fNNGG*9QlEi@&Y4*4W zWaH=xOOR=DSF`{6I23zA`He`7X!5y1WBcL^CeLEnJBJfE8ld1%Tc~YTPYjoTG_lYi&AWUyuIA^R3@z$N`@chP{pF zE{=M}7mB*&BTHuv-lw^F=*^)pa1e%#*A2CO(at1!H+@UR@qo>dw%|XiI(RQ{peD&# zEP_hGR@!{JBsG&|picylgz-|*!xK774KcQHv5PcEv*egx!twDM$$8-_YyIbwIt3nG zS@?~c1f8E}W1wPge7Kn(3W)9?Y5(q9{YLPe2kw)hBrTGaHPMM%;o2Oa_yiC;$95f4 z$BVIa%yirwvEL-I?&`f#D~@haZPN65Ul;XmynlM%!n<3~fxPAii3cB2Z{J%?ToYoQ zWcu3C$f+6#Q9JJc{`AbxDC0+qhLW;oGK>~dX~m#4uS&^|E?Zr+8>gfQD@BfHLlD2w zY^S~d2E@+R*f*mJ>+wbeOIi*ZiQfLw^tW#a2^{oliyI)Edr;n<=wkjsy&YU6koTU2%)1xQQ{H z)&fRZOoVBzU@DM$SVXzm8K$f3%P7^gx9Q@l!QRSyic()`NvbV$oTBLM!KpIUSYAgQ{fPFW~u|ya;3!*q>)3W z$4Bt%c!`&FT{#=sA^L6p#{V4XTIKiAPEwErw7P4G(54q zg+8?akq$-S&%O-x)qS9Ha3-+tbp;}$k?CWX!9Q$O)Zntl}wX7)=uNtBH?VOi~({!ccNcU(9EF+)SHJ!5odMhW=vcV3QMAg#*{#l^b3_J1zv!?8V={jxPum za2-Eh)A?4Uz9w(5lk3vU`X?ZJCTY)?PrqXG=0ug`_2t!Xim+#!+=5=_I1S#(|b0M5VgL zN;g;o$|qaRM-?BL-})_CG%w@Xc3*#n7T&*lc-D~7+gH{VL7oRprbg?{P9GdTWZ(J| zq`SGbJ1DTPGI;_YftWp*LJnw%Jp2RAVcS2$0r3{72B@(UG5~CF`JgAly-=-x=)n`6{?s{GCWV3chb$dL4Q&IlwR0k7(-MI^L#x)8xnUX zhCoWRV}MKYVEPOAe2TmGG3O6FoRCL^gob<^Pj(4sjBjmcx6JiuBx?%sKR3o7rHMA! z7THzC#P>@yWok)#3FDhC&av^xGaDZ%#rYSSkWUjv(ZS1#Xe$4I2m}(0erO^*MEGF6 z1Mcz6hb5Id>Gc->D*FUWD+E@44hCyw91&i;w`w=S*JNaMT04jpyk2`3zIeBgwj8&z zld2oQYX1Or?`j$IK_ppFVIcurs|f7<$AS%H z+@?Y*p+V$6o*<)CSj=wa z`KfzYV`#vf@&dae|LLz(aWPH0OCrKGDS>rxM_NA`dnN z8qplQ9ey3Xanu|9>a*pl6K3h3YX&M^9g1Ll@gsrMkwwfQd$RhwI5`B+AbyU0Lfr&w zzrDt@?^9fWN$tl`{^kH8uSmfUBHb!iB{25jxG_(a&&(>hUGPoad_=CCnKPUB_W&bp z6x~M@y&=u@s1O`8nNKXQ#1uX+m9_>n_?RqmZJ)-LoxQ%`$jB;A_I0b|KiLtyHu7`- zvQq)X ze=ssL{Pht+&Bar0s=rvon!UhH#A`a(iN&J%T#jZ;H~%?TXR9q;R0DRJ47+V{uOY&) zsWH=baL|mwV~lG&f)E{&W@L;HT6K8%?A%4gyqfl*e-H?WZK z8}))(1^_J0uFO>?W7G-XqAjvxu((9@PY#J6Z_v#mMhyM%>~UJ$CX7!r#&Iq2c$AOt zZY;WlrFx%!0j%c)AvYs|_`XygU|A{5dQ-wPFB-e#dm;fY0*fr=zsHL*O=)v?3-Rxu zLpMPS;Fn6xJXG5bgFXFT4T9B0s(a`Pdzj8YVarQo1l{le-UZ1yUs6ZsSG2Kr-HRnz z`jR&A%~^0wKODPZ{!9g>P&>-i@NJu2F|Dq72h+$_O-~~?H!az4@ITVxKg*x?UcEAd zKIxCU&-vK@Hr#j}Z)jz|>jDp$ir<3tE-X|jX(}norE9!$wTXNMOaHB;qi_6tkz^0e zURH8dTs{1AQL34vd%a*M>-ur(jM3@D_IaJ4IU6LRmSx3Pg#w5&eX2hzdX7LSbj@ zg;EfQl)x72^)Asb2(gk4IFec#a7Fq)hO@p5{_Y*vzp0TE^|J9xH5H=|H`Q>RyIzCP zUsC&GePhF;>eLUf`)(~KO6P5Zdgs-dy{DG(GkyECpXl?creTXZ^*{%= z<3h`4gq9CN4_S4UkL~&$CY0IN4v*gK?fZJu0KfF!Q~!j1{T!QRF>f6WE%@v@gl!#Z z7l5yC(9ebRLdQ1)J{s)fc44yIP90DGj`2&yVpCZXcbr$Bo;M3gLem?MV;dgD&<3 z1cvv&J?358>l$!cFWo`?0Z#gwo3I1@>-);2P@s}ow&a=za+K1d&uYDyHr1y}RuLM_ zCZD=PyKOAkHEGgMz8t_dTb_J1Oflx=?$7P`16h?h-KN>AM=!-q(47Md9`FEvsX^4jKdW18@44)qPI&zI`wH#8;0M=NX~ zDXux?13~=JPwk%lB;|+hY0S)X=g*dlfV5yXIms94IMUbfr<1dTw`T}# z#ut`au#>XZmEuFss2OkinDjmPwek&no;^R>k`!dAZz_nQv0i`EFZo2l>OF`^pjvd4 z#hL&8ET<;kjx7_yk>D5$isRt)cy?ez zTmBn?tjHkfqus8jOh-TybE!1?T&TRkw+4R*@@t)A4e_R#&v~%GD>I>C-|0;;=X!99 z9hAs<09wi0O0f0v1e7|OuGHWHUR)Zg*B5$$uI*pmBcypbZJcgAn%dlyHdeDbn#WIy z(^fQ^m4E5#vAarkJ%D`LZqc8osre*Kj+Wy$$J_pI$Jycp=BTy=luucG^J_83Nv`e^ zUyd*<`o$$VaZMERV0z%0Bm2h#9we?~8DX3W1H@x!!0~b1T962RNW#B9riy!7a0of{ zEP&g?cl;+qy3J?nD>CxM;C{(~b!5u!r0zE}FKaS+IiC5{^><`83>vCN-hCS@|7BVj z)G)agy6U{(e%Sh?pnBo%U&;{iI6o!=yo-apU^s##Md4(OhcLCkAo>hJy!vAwe(c8m zKd_tYAg-Njw-(C3I=hA!J(XOJg^FVzOfnr=ZHEb%tnivdDdE2)S>nKPe>G8{7RE0k zMRTBssBPU5@;gjBoVy<^Asl;PX zNwHK}Vof)$ZTmAP*XYvoc(tCkJ;W(D$&FJ3ImB>+guxV^XOx3el zr+jHyCX=Evtj&MJnwTOXf`G-gJQLZ;s=WZh6x8&X?X-hyBOPbDSm>a0^oD&5U&zL6 z@UQ=$mGBNdC*2Y^bj62!r4)_?m}MgHz~-l-^(UA^5_MZNpml0wNABW*s__nDhr^c^EYp{Ji?By3{- zuX^GI*H9omf=SpkhWg~j@1B|&_M$)gddYftKAnX`!#}#{%1%ZyeDKKF1+&v0ALHW@7KMbT7mS}I)$RPjqUhGPg@?<}oYTws>8BOX?j14y;gUkH zO>fnjRs3a!7WcHbcm4j`gSa)ze^Ia4cJJY{z&mxxNA}#g^X$6f)33(^3%eyJNHmr} zF0_qh6SKju_oGqN3@0`g&QsN}P7fhjo^T{z$@PsNDp! zk*eX0zWSTg*W#+Cu#up1+8bOiqL>ADK*t;*?Ma+)*SJM1E}D!S% zlOHUV|KSxbt@)u1m`PoAgXnrfJtOcZzm=aV^%B=J)Mnn@%Z|+}@>CtRV4oHf6$-i2 z@0Q=?&-?X_PNkpTlhRUl@p`GF@E9vW(`~O|9^#=o_a#x+N`EyDIghZiQ)TC?S39o3 z_r)up*$Ae2Nd8F%b}riiM(VSF1=xf-sC^RvucSzw`+9hKjL?w_hY>;ev(rOq^~af@llk~_D6}kKGa)NOr&9FlgDot;+`a29RN2R?P8in8Ah%P!(7 z5s{}k4yuX!Nt!rf!<`D=U}PDz6miERAGb$22$vJPB@I@vYng@ee=HWYjPkESO?Aq4 z0UhncwCMW7z^}Zxs`F?e z!m3ufKZv+WK%cLMcLZN{{um>l&1#;IZ42XCLb&Z_Dq zeDs>RxBaYnXS8gPJxD-vufly&NB(RdMepTY0ql|b9;4zX=tnvXXTHDw_B4i^f0Gyd zH`P01#{J8qnnPL{K~h-%Djt>YYd`^pDvMhDzrx~rZ~c zw&)K!e0kizKP%gIfY2d(>O4E`)McHtz5n_K?<&})&b9#C4=38m>d7c#+?3+cr8yvI zw-E{UH?Hs`SW8&^ZBU0VNzOYh1JZ($Jo{Oubct`2;&J_=OmU%bv=c9W+TL)HHVvEE zwXxbX(+X5uF7~3je&p}1Xx_8flSk+XPA>vcgqO7w7;N8QUwvn+WeOhxX75r=xYMqM z2e&O)4tAZ20RgGzPL3_UryM>o249uECv*R=y0~%jz;xiPA6oSFk{xc{!+fB1-q&CE z6&@1j1fZoWHJ59WT51B*UOsnCc*uyHOSkB7NdJm9-f4E_-u7~jtt5}tM&64& z19ZX%1B;tqV;I?mW}7!s(rb1IHjb?Y1R@UTaj%o%3Wnn~l?U>`IM0_z)GM)#ewORN zU(KTyo`g!)@oQffilS@%W>S$bhPtEU{?R!b)ZdQZX z(#vKvn^Sh)WST3!Z&@}M|3ZhAJg)Upf5-Fb{E z!4dK?Qjea6ONtqvecR50z9t0M{r(`TpN~C|jlz{*$+ZpOH2dlX#ci+sl|%KPgMnt^ zwb-oig0+b5*Ye?y$oH3gcavte72>$N7$ukDYMkm#yJE^u)7WE9sr=es`wIQ7OubZD zwcjvS+W$p7e_zNp3h8!l_Al;F4_wc_%K>f$2=4m6B5Y8K|TQ=S^ELizy=V_OGlgk zd4~69PXEzzSKr8}`)h~;47&c(!OF@h#fH|e=H6@UrACMLG*oXdAN+a2-VF}5fx5BN z?-_N>#6nZ8Mi$n3RYYBi-TO4uSocAR_d5$a?{0xKuAL~yPy6GQLd68%S(8#f#mDDS zp8~tDZ^hZu)wmmwdXL6ohB|MMJpExzas)T{${2TSS(M^+W(Fsl8O*$-Ro;zsX;YUv zz{w%~Sqd>pZp<5#Bt&8-Y}}QDea=j$31$FUWFr?`=k6h2glTej!hxZx348xFREFGF zsmxZmIfDOkiTL+RRA^wOR6)ZdIhj=DS$@^x2@W7IB#Bh>_M^SdwTqK7*$OLNaV}HG zVvjmf!FYu3$y?;tXs@T}hbrFNAB;|OzcvGc)#FDvUkh$;dKKn!|Equ1C#K`4TX!e? zCtEmvrOX8zm@?T}ni_m7-o;EgbIG4o93$=A8jI^=;kbvXk73jmn-=Am)LltOMlq0U z3cvT0yJ*{gN_EyCo48$BW!;Irw`+YO-t_XJXh=!mp2!%U;S1W< zh1s~}pwx1esi|aezDoQptg0WO%(m1VB`W{075@0WD9g}!ld8h@E?<{1I&&{NI4g6hn0b`^TN7=~mZZ7ne z_5bLR7Bvfl);h5ZFDr>|-NZcz+`~=%yXDUEjxTSxr7-65{wrb33fRYsXys|$jaQkC zC~BebWxP)Q14uUyikB?a7Bi*&Kt;|TF0qA6j5n0fwi;lJ)^;p@cg-?k(as4XWrc{M zxer}TfG++D<@!UoPuu+^O+cA&Ot&PHsy}FNZxz>Z!a{1+aZxy#EV-6AF4|)V2O$G# z-(S)5sbPz+c^qev1D(s|$ItOXgMf`;G<=vdcl&Q_OQyq4YfRujn%SKu2n#*Kd(UAE ztcw*Q+z3|IaX(odP)5CYU8Zz?aGCt&`Mi`3Erg!~2Uoqjf_yyNpjj2F*+p2swD)`h7DUK%@C5Bx=6 zt?t@_J4Y@b?ZhI0Ri`=HEXlJ6?B zfUTlNPJ#=l(vs(NWpqa1T(J)!lm)jCc0srpB#oV*u+Wdeb^D@ z!2%dVv5iEoFaZ0M!tgR_BxZ@PpC5wleI1SaRrFe346Z$M>hqTZh!+A!fjk*NHNid+ zwfY5?BMlc%GrKHtjqc1aWfVSpyvbdLdI%d8KPKI;5lQ$wu-5^SB<|Fg!M+L12v@bu zOP(7iNOe%;uJUqpVE0aKD!>enM`FQ*^;`gN-iE zpAi3ANXUDP=CuQ^P3?b-!JCw(R&YuDq$yRmw`Z$bVG5OV8*vk+VFZijYzP;&LOreH z>u4{r*H$Wy4wGnhiP*dl;i=hsf)$iy!E|@xo|xTRGz|coMd@KVKJnK&9hhL6{4p z`qg6k#1~(A5rvHE$qoBrbPB-)=~!rzp1b^tiow(vnZ_%8WyQ?KO_8#iJ@Q}V8~?m) zWNLP|~te_}^WDr530tShIfJsC|hJ*wO5W*Bil8_Jv6B5YCd()?V zdQRWx%YQ9CWG&Xp+V{G5_I2&+H*pj{@5nsVYSp`$lzkRXMj&g!W9MO$wET3qD4ugG zh>1d1pVVmuQIC2mod@gQcHKy(DpqZ^QXGVtB~+1BN@CLc!1?v973AqBb$dO?zHW-u zPA#IW^uCSNtSx;(&ul6A`j70of;L19a^`lfH})x*|4W=(>Imiln6O5=RaEPv+%?bNh!YVdiUUXs(bVtXU} z6K;}^o7~PCJX7@!ua3z9zlWW=%!n9jRVI)bwL+!WN8O?=Rvqet+};p+6$7C}Bb5AH z$J8*9w^;&-yQok>$hDXImV3je(?;nd$)kfz!=Td%7Tkedye@1J*Nma(g-vK2-#EO5 z+M0hOLCvD9WueW{A2|hB$a|#6=irpfn%^Nok#{{0B%^nC*v@~E_#>;)v%nY$rF8LZbSW;d>p3#!fM3$PiN`Sbh+J^?|d0T8o(xBo~_4M zrr+mHQA|%)UAS(SevfQ;Sm*S(kJ;uX^U)` znQS|Y-cbTA{+G#$-7)9dT)7q(#=AXA_cs44!4g!h{FR1<H(4)oi@ zg>YU;TRN|~aJ=R`Q{HKkvJXyU-DgfDlgNI6(c2H^SIkqPB7dkTPyCg5UDr(84ANLe zS-N5vki=LGb-#j`{%E=%wPX)I?CS867-Q{t#pjc2{vp#n0+`3Zxv|F6uG(*Wv;?Lt zad~d>6`Y|dVrnK+NuPIaj@fC($e!Ew%$59n{QzDIUy$}mr{4Rg4b88_kHSMuZz-RV zl9M-R7RIxU<06b@pVLH5m#*TQX|A4K!c?4XTQh=O(LuxLXY2E?^dK}IH_u(!hjhEzHqy1cv?Xk)Cx1hS$3#x< zlOkP2aKZ^^Sb~s+VC{ehv!@Z(=4pr66+uaf&Mo5h)R=rMS zrKwEGR~I}7J;Q$1aP8Ei``jzKlQmBdDhg90ZO*{B{&7yATE{YYb>lV20;WAi^E^3Q zz8+B%AtsO8OEs#7C%1Qqjj#NTGq_8&{S}IUa^$;K27IrVWCNb8Qmi_!9 zO6ZTcwOLr<<5w0tm36-T1X156^_uY7Kpvz2yz~fS%T#V2Y6dj7^PIB%{YuYTucoM( zG}?0*ixCRCpLFdHos-G481X5|>s5delg4~Hl}`E+3KkgX6wcfm zfV++!9vBY2aAm(Hg!IwH#z20ltRbI&xe`7r_+gp~PHff0e7?dxr{JXS|GjU~%Rc1Z zH@&w`H&#~s5vFef*_5({G*QrH0wp zni^eWQ%=CG0y5^;@R(*q66SsliNvNH;p$llF7bu#YZBJH**$ahS{ekLu|nha;I+e& zhylA@okMbv%RnHAyypyo<#A@)SRhs_@NrEXV}HfTTYtwpM)QL39@HKdQ_BGwwKQ)u zA&mjDmNrN#zy@AP@yX<$kZR#SPLEz{dDinzXNk|lFFnAtI$`jGq#`!r(jxFfVUx?t`kb)^^3 zVM^K2gz3gUuQb$`#_}eAgYEBgRRyOtup8TvYi{DtTy3X})~7#%J_j$X=ozwqs9pOW z`~V`|Is=L|?vHNn6)KCIr0w-hE>Q&dRT82RzfJ%BcbbC|xF$yu%1I?(#|Rc~}tOs>XcW=9Ib5q)^}9=B%s8QUsdx zZboP(E7k27Ne51*s3e8ib+E&~iZUk)HZ){BLQdRAsHB2PUSOl==D0EEk#7-z!XIf) z;Pu+iM`-h%i3SWJaw1lA-?cq;BQIQg1d^&g&2te@z!Q&#sse?AYD)RD0&S6DKQ7>S z+O}y7thQeiclBFS42_&pjDvXVXPWb0UYIE~_|aSHJY!ZGMIBBmlvY{UharZv^mFe+ zvLcQS{~znEq-=$zBu`F^C-R~9Y+`Uih2MPQ$8v;W%xFh}!?dNR$=2ow#9aFuXI2e~ zL(^lA7@xeUA*DifMd-K=36CkcrC;qF+5#9=?o>F-&uggMf9#XAtxHw zoY3dO^gsKG3YaQc?z2(+91Ew2Q2IU=J0I6IFu!T7A$z`DspxPHz>#+mnf0>JQ>>jT z`&dJ)OlUAHO#7<5VS-c(Aoxih_jt$LuKXvzH2u8(m*Q53UF_m7u+4dbhf*OwN39MG2>#7*Ch#eK_Lavs+^z}H|q3*-7duFJNHQ9Dok zmL8C-y#Q^5E3u3AsX!r|UzWzzR&X1V8qme(x!&zzhmh8k(<${N_)FCZZ}q{lOZ>vK@+r(w;& z19iK%SFM0sgItFIQw0XI3~(g&74myL1@^M$_sgu8W7^wvEPv-bfhj!?_i&x{GVJB= zIt}^cr)#f)?RR^U-zUgGpH-@iDSXD1@LyO0H;sPnyxJCz%j^RexhaVd7T;-UqdF#j z#K+iZyTpa%e}i?r_@j@HsV=d!rSH<4*KcqG()q(M?MC9#18&``Lk^>H7W=z>Q*r5g zK@>X++)YzfPzL!mu1Qs^ zZE=Pp|m_~GIxLViMm%Y62Z3~Pw#aq2&nl=bVN-v{OMQMI_wp z!3GWKNMMZXq(+e64DD7<)GQ&|DQhao0h*&jywwP=sX4bw96G7{!R_I7ZGmlukEFyr z*pi+&codoG>*@NUcSdikEXW*Bz`+dan)$*v)E za#eb?>Zs)|r)v29JfPMu!(t=r@E@+3Io=DLJdj<8QtwhBFCuX=4qD<{#&VR3*B;c! zx%^UW%G07quj1*I4+`oJJdfGP@tz&_0Ay9^D1(Cf?$u!Fy#CC)EMmPFiU1!aQy`~i zwwh`lG_nEx2W+|}qTCI&dLq;>K}+yNc0-(bP+d`%%^}YHgZ->zM*dOmo=MO<(z72j zFb5$s(Pa9_r9SjK(3Cz9ntwK>bu_n#5w(ywe`Mr;#`dkFzYlA|6c?$D`lS?T4Uloe z%VPC3?JeEsleT>K;{ssLt+7A+V9)NZa|HlQ)N)52P~V*kn0ATSC=!K4NKQ-DK5^WV zPB3|qI<-T3N7@Cc2of@a)u&OhC(;NF;IXfL0&l4?O|dt&Jaasa_-*s1eu8MM=%N~= zO615v+1RX8q1yHf&%K#4M5E0GY2Z$D>7((H!0EAdRp0qPV|?Ui8@p*=Rh(g zb=G=z&xE4*4BXFv32On@!N?H$%W>$stPL%lzpCYWE`IrDSbLpg)VB86ds`s_N3}o4 zTaqGcPw{xnXSV+@UXi>TdlsMZgr%4jshu8OSkk>N!t!9X@;8pZ$DH9-Bs9QeWqJ61 zcg?t%F|Y3qQOk1^-rIlusGP57h1^QtN@SgR-;C?fvV`@(G^2AsLIS)jO1`**h@UJu zIg^A;5P$!*diZ>YbZg$TM^V`4++Qzrj{MAU6kXuf=?m&PXn5+@-iZNa`j}`0$W$ z>wg;~P35ryjTgnQn;59(j9H8I)yN{B<%$95yj|v+f!*JOC-x|#cXsb|S*vqc^NpyP z9dxleoZU0ndhZ7tbnk$=zO&}h#a#=i-Sv3uQ#AUjnfA%`=5%OFuS(__R{Fch`Py{YV!iXh|+uM*v z*-TL?_pzN6IigOL28nEjQ)H7Z!TvBVkA&A=ILqyW@JT{dA&lqlm>ua1Z&iC9+YH$`OJk(YR>q8BroT_Nz**D7 zvRs_JGnP5kCfp8qe(4si?qK}@D?iRS%sfHvWeb^0_s}{S<<}z6)Fh63{!82C1~&3K zr!-WxTNw#co>FFM?5YJyl%K?L`tg6`g2~O3%MPa9NMGqJZA*9Gh;PmuHFw!7=I`7f zG_?z0_v?{iV`S=jf3OmC^Ze^TLtzoZHIW!XGy5DN<(*hws&tEjg2mIg?#|T^cqx~h zNYxgXlT!~=hj285S#eg~^$h`BKiu2ZPAN=sRQihk0 zadX*yh}jF|%52#f>Nkb*iIXmZcI1?fCmVjlar_1h^4PWYy*FiYr4|dW*}dNv>Lf}(@_4@ zEO0y@vr438+fK&_zl+yc`vzo9I~;yrQ1Pofb^9#HshSV3 zRa+!h!~3P%*>Pbx90hY)6*k7S}l$w(vL3z);+}?yja?iRav|&m7#@oPlfo zO4H@mb1C-a`>LO}Z32Q*u9=3YCYzoy(}UO9>jAcA?-KikL=fKOsi{w*h~y?_ysEPC zi0;qDev{JYQ}Z)7v?c2h(q+f^!!;UK$k1$a%6^=pjvW0HaV1W*HkFfKIU=L2iG(G! zD+cDgk=v^}y&m&G-YBByObvN1n#&9YUH(outf&n1oUVyb1<`r#(E}7;&E8g1oXCp{ zyic_xnk1aXdM^Ao02(rd2GD4I9{A?DnX9v=E7XxbUn0{itM~m%5BD|Zjw-Wlg-4%+ zqR7(@>7g{ra$L(gr^NiiH0t_eJ{u($IzwAL^K%JM3MZxSTPiB0g3-Zt4=Z0rrTSxYX!)dMV^b?F)=59^bmhafLsPcNQ)k2w?8HSafoq~VT-{uc ze8cnxGO9L17YaTPFD{nq@EABVcg(L&!@O31NV5u4{|S*U_O1Yzz{2%(+v(R`Ii>60 zI{1~wZQl1?=vHiP>8lt~25NZ%myS8`9dlH30x52mBef?%mK?M1dN zixuysF5HZt!k&oju0P=zA0sM{I}CYx%$&KgO%p8gKyUMn7fr_y@8()5Rvtn=4)*Rj z2PX^JlSB9C3Txh~9FW4>q-~C)!BW~cqO)6JgpkKnwPO7Z(srhdjVUl3c8Y%YU&JKa zskrOmNB7x%#|A32$#v6JKM^R>(i zeIZa+)Qv*=T{DnX84MwbgwpeaTTWsQ5+FGNo&?vnK3d-y2-~5hhkqCIv=H%}vpofg zt!`+8`z7?%=2(biw$I=9hPbE5l%;#Bjj6(`j4Sm~M@qTe`$%K&BOk5$F$~)GB0r1U z^Pi76w0+Lw_)g5ZF4v5&P3tKF$O+xQw#|ImjuEh(-M(>1Pgj@FpY!PT7W^YpU=m19W%9@<{??sJ$&t zo4WR+Ika~?xBOVeYPy-Mq(QR^##PqujWJY(Op4AFO}phxYE~gT!@9r=YU{yL2W7n| ze|txUqK3>sTFh}_WLuQ@ngfOVqV+`+qyj@rAsNu)&)}55l`@uS>w>BI&YS0i>mKe4 zPWy7=V}=uhV1IY_gM#MeRjNS(XoOU`zJ18!`>npscSavN_y;TYq{SfQv-DbD)%eq` z)O(Jz5ZH2U&A4lHWKq%`=_XKIif2BpUjUQEcLd-l+=GnX=c$lX>vsLymtL?{MZ|@k z4Jqo6Y{WC(egq^(#dB1qz=hh+#>5@Mn}FqnB!O8-!?FkHurlT=*9kRyzTbvF{bV5D zOR)tB$pzIBF720SO-|_|$WwoBvUH2#+4QrP?sk#8uO4`~^asy)J;hQTW4dD>e@O`h zth(g>%lVw<%i24jx?m(^{5RY?BG9CZJ-(5PKp%=(w@9{rx|`1_(eKv-@+w7xA-uwnSshAm`+=Kc#8 zcv5bR^Q?uLE9!QH-~b_IyfIFTd1@iiihzKHIv|O?^`?y%suTOUrN>Nnw+&z;!`I3M zJrPuWJ6}z=^`dKj0UfW5ZPUGh&I3AGae^Z$cXDBraGkcSv7@ zSEU!>4R_`m0p}=hU7k8HTe9$*Q)9}oi?<@&&ijNmI8Wr6f9+{_+WK49d`wm+0&G+( zPJj=|tI79pxt-~z(T}JilWP7{#HO;$b+U@U0ub3&SBm*_<*A(qvyx-sZ*by$Xd~TB(JBR; zQpy`gmO&$ed#`+J&gaz8%#1&v*t z+lg!NA3cQKfHs3A@;GiEyZgnu_cN6B-!uF((rwq#?pcl6trAFb>GK>7XI|=Mm_Vrk zSw!x~<@5QJkv0KnP?~Rnf?X^{#RsT1tQ82JX3uV}b5mW4%2tbLJ<>29VmtYt1P1L^ z0fyJwLr(UoZ%eTbbZOcj_lR=HN&B13J@I>2YvF9~)`beV$ER|BjwK*D3$na3eUqY$ zQ5L#o)`)e-EDu>e=gY_`Z?LQucl3)Who}A{7rX)kIT0*>b_Ex3F9?8MpKyE5bw+2s(WL5P&CmvGmI{g;8 zqt;sSJ_HEIwKD1lG7K7rMx@a-I>4kQ0@zE+ni^S+gJ8ZXMeV68K)Wv=UT>>T$Wro_ zK6bf7${x^v2we*mvFpMwrACuVPR7e2fyb9atj3#D-t`XNd``^|@;AqK0|bD5DTBQH zl2?NEM9m#dDID3!cWr!GSY+92oqO?(%YyZIW=-5#7cvS$gA+7|=Oe@~UTvb|IP0f# z4RZ^}C4i1_V#kE^&7!|t5!^TiXSDrs0oB|aWw@YKqG)3&oMsm}&`k0CA8tT|v*N7s zynj;Ljiw#CgNO+m)W4~40gj)oAN|Ii?4>H%gm9g;$Sohf?<3|28c@iI?}350cS6fpeb*7nClc5!8=!KN(2n`#w4J$^6-^OgG99 zKqKdCKc7ftB*skbAny~ipsEy`wNmfTZWwp$?pNCvGMFEld@W$Q^S{a$fpsT0b9c7k zO*SSwYmx<1*XN^~oYQ;NPr_@RwJS|oisPbP;X8jh_rOGFx~r-6A52r5mYPh^t4pL+ z!qaJn=jrQdQ7IM&o^DBxX+LpTRjJ4<;r0P)jien`h1`w!Dmb%nxu_d7PAi_5BB1QX zzLl9D`OfZ>l?lBb!XPrE0R)ey;Gr9tqpr#>kG3BJ9TXy8xQs|B4^!00B@bNI9?(W~ zC&y0vjpiWKQ!7O-t!%eX;5>QpdF{^I2+W{crb!BpL^3zA7(Iq$)=9rT+Em-4Q1f%Qr{^kIarYlylfIZ6d}Lal{y6-oM&Qx_J$iz&bZi*S7abA-G*d<=M8Ud7=xmq?{32MZWFpmK0u2YQMbO1sx*BqaZb$_ zNnbCXo}Q;I*9A)lY4(0OAkyyAb02QQq7G}pvju5)3hO{}XAtA#0c5=x9Q9j_Mg4dO z>K%_;e1aj`>e%uS(hjw`vp&#MWp}tQKTOK9k*mIq>bnYXtqWfs*Bc)b4igqb1$ zKVsu=rfKj=Iyz-59F}5t#Se(FUOpVPh!p?f41Oeyp%X{LP@mY%&LO&#S~1N;hpClb z(gvkIwm#qq?hu6%F~OUmPR58yE}N6k ziDKLN%n__?A2>D7y7vZT{ksH^Q#NlEi26ClOJyeO2$m9M-+Ym@8x&Ge^@|N2irN%3ZNbl_T=Lg+% zsMOMC5gaX>c?FGq;cO9J5-K|K-Lnh7^eaL`VrVvBw0MjMdSW{BcWjF>5}Ywm%2k(0y9zWc zv}1l`OCmWHn6qSO!0Se~On*|LegmJ2?Ic^hwAXeRL;2}^mLgGt^ZC-pym`&;f}K~- ztqAX2`rbiSS`@!guHme|VPHpt(_+@4EH4g}&;~@2(bY&4$(_ z&2jY0e&T7i#Np*V7`{JigX%RK--xL3JU;QGwclh|kq}D(^a} zUe{r^Yt`}xv;i~S>=W27>^Qzd_M$HJmOwUlSH4d&bjp)b1eRphXIz1Fw1{ImbzRD0 z770HF=l=r%Q8`56pa7g7n!LBc*7psGdXIw>1Ih{Gj{t|0uURA^vZ`FoH{iucN6r1O zH9y;UD|**r*sU0L2}XEq_sl;v^+1}C$0F8^2HVfe4o=RGx)?`88hz(KSQ$SQ0oI~$ zdQ$4d!VKnfRvaL2<_~$EYVGP<;n7gEZ^!vI&*(qwMp-MH_`TR+l6l$@rtRmBG? zPuLO9x%9^jOPJXUXU2X!&Q9fpAG2{%9pq}3b+yWz#XHsh&@pg6`MWE=m`MgzK{kw7 zWY3)+I9nh1k_k6{WAAw~eeJoEyiC*mi3dMlin2N6XWvgTH@RcFc{`zDc9a!Auye9) z6FGR#B$9N&S>x(WT&=ESV?a3QL!oU0#@WQ|sG1jwP;_**fW z@}StRAl30(TUdeHi2PD->C^DI_8SS;eYK+##V=*+LmKKc=xa7^2r;TJ)DqD23aJO0 zEYY_uBle$U(E4TMvDscU z;yrUEBW${SUdby#;#7;Kky^zTUe2KN@s<#$xp=3!$M7sQXvqcL?k5D(CRG44SynSI z|Kn&;9Dg^{h2Y{}3E`*mL?fd{Q=0;X!%weg{vp>?hiE*!mx434=k2)zD@5on0J``K zeQ}=6t$Jdv#y!->brujD2#JcubxbzfXAX_`7qdq>Y~D!Df1KvGM4ZiG`lZV)Q1_Cu@}>3zz} znr9+>v;D}W=(#Te${j56#urj=@WSTaMN1>rQFji;dFooSm=gO(Pbpe^jrtCD8@3<7 zf9b7;^j*$?&Hyf6QUW9xFPj0qIJd{ukc+WPtRklsT0d=~LIk6M5NL0wHAXxfwF5UQ z*Cg3=N5maX-Zjym{4D=`nqI0%Lw@iMbQNt!0-!%a8`JxkF{CG!`&uzXtra2O-MPTC zM1l#B^3)r0I;`W^;lq$rY7V3%B3Q;hWR!N7-_SmAM!NLgnEeofWfkJ5=9(U~8Xk*op;-=5G)LEtd<4lhvOJTt4edqw@!%%6o1-k{2K zW8*|c2J?+mIw9hBdRl@S{g{KA2OB>1QgMTU_xyAG@$0vvysITBAFI36A)>P;LcGN#ldMBM z*tNyCCmEc%{aI=OgrqBMHTDG7IZ`U=XZ!uV7u2GHcu=6>O%OLMKU$mNgqwdzuI0HP zw3=6*5-u<>nEutPiK3_NpW9LQD+t!zDM=X+o#k5dIno1={zhN!&Vyux?uiQm>Y5bE zZ8ZjmvFG)&629=;z~>;dD3UZ=e~ciiDQKRNIzu7-QE<@*UUXL>(NeTES#pq3kkXMg zD#57_c>K>Iu`^9(E)vQv>^Hbk|ND%8z%HiW{ODh9`qX&EfBwud<%Evm9ydR~NTyUH zxUiH8{mz%OzE8v}W(VL)4mUC+fks^>{yG_ktcgjE%-?;ZBL^5c>Kb8Jw{pGjgGF7K}Y3b4B$h^V!=Xy}|5L^+!tk{+(^P3zaEItrBA`4v1;Ph1+LcJ!!xD1U>Tb&P`vma78I=TGST zE?2EbyX_=f9Kf~AOoT!b2Bv>`Sx7~>s(V|`v+$!s%FG}$8nd09Lh)jIqu>e`YmQp* zf!+F@YLjT2BV}QBAF`h}NBS=r>fD>S$IyHAYWt^uoH;-l0NRpWnsaNuGF`z5Fu65r z5n^|r5b093^j**AEes(1?!vX*=f34eS|Sc0OB-vmWo3uD2W=$&m`T^^Bh!a7i;~K2 z#r%+>s7!tVLp}7ybR_q&qT*JgE2A`%f^uS914lneSu47kepllB(?@TFzx#8JT0`NQ zYC29#erWA8R7%eX>m3xp{HyKpyH`{Y;E*ZT}xPv*mi!k^5iNj*QtQRn*NCmr;v|%51q5lTcu2ZZ;Z_z zc^KS#jy#6$TnJ{n&f{?9h>l`4Pe5;^H;Cw2SO-V%O3`E{ozl0KbUba9aiq; zBT<%PMcZ|5w!M#{U+;c0G9-~~BXRD#{d?`5L`|g2Gd*pSIOqr=r76ts`X^XY6*Zvi z1oiiU=Zu1}WKepDGjxHd>QWZPJI}V<(HvQ(3xhYv#|uBc;I2V8Sg%!lqk2uns#BY5 zQa76wS_zoX6UK7Ai>cXiwUzhG>&aJ`O*E#hl`aTYWT0!O7sBQ(djI!lbT)_-99p&< zNYGe~nm-+9dnf1gCmYm*@GI`;tBzT!!Tklh$3ARz&h+)f@%Rny*GD&O658^x!J1A` z6jj=yCWvK)Gtc#|o53O=TqTDB=)I}EZ`g-AaxFw6{%GLH*v&17xvP63i;g#j?xW(| zH3M*=G)?;pn#bzBj|KbOvVPl-bh*3>J&wIPI(sy-b&!_ue6qw7u>YDww)uAa3|JV^UiEI(MO z@xD!rbeZnq=hLAbu4oc8VJt8%((q#bq`KwZ>{fVcqOaEa0Jw?r0~rr)10jI_(25Og zm=JNBKCcd_f0~Q!+godjQ;SxxgeYlY1QcP!bY$pdakw8nz(SMFPIi7Bhn%@Vyl?Rm zb<4F?_M*Mz z{~fr;?z~iGZfEEI;Mx!6#p!2v?n7?AZ8>Z4?fCqx6uNt6bD2Y>f`id?qPDKp-7IpQ zq`pANW!~*DC&G_R<28VC*3PVlWuYS4S&rz7mvf? zOS6`GVQHkPCN>f+jR>BY-WX;|moeqn_jnQt89aV9?!b|`%4oc@S$ zN@R4Bn$&hnFX%#>f_$&sg78PnEL+kT^9g6C3*UE2^0V~;p5>U9agT)<)xBq-(l)@4 z?Iq8V*ixH%u`=OJ%8ylES?5>#P;I)-yyHOM4we5M;b84evUJ*%zV2LG+8Fq50fV2u zx_4d4{X`1x$Fvo9i(H6q=rct=mFe3BubE-vWe{@eK@Y65FlCz#a~dI3W54DxPQ z39%#VZzK@VP~vtZxOxLw{ZforXk+qikyE6Qs!oSV9y(q66xlvV+fIRyt(mgwebBK( zimib))g>6w9z*+x|5$~9)H(_C zI8G@%d1rbS0Hz#|my8@e(%=t!ggX|?NbHmUcEm|^mh3)5%}@NRZ~;Dj&67+;+{><< zV#omiL|lDI%zI!GV|_}kza3XA=SLpTpBi{jmWm>iX;(a>`>rP*=oaPDUn;ow3y^N{ z;xEwP^|uy!ni#?R0_p0po@T+(%B4I0pU*&P5JxBa;|x?%Cvq?Nrm_jN{3ozzFQtF- zh!locZ!jhF6+eNIHS^vpbhdls{TJjvk7%W zFf)fswK=htIJ?l3lB*G4GQ`~!~077WVHxX^(DQQu|YJS4t97YDz=i$2E=%46Q$Ko(Kufks za=8faOX_N+$!iZ#5QJ-Y#&C+)V$&ki2Xr77t-crf61;iTHI zV*ypH6M+!E$m#|F7);3s5(0TNsgw1aG>HhPrczARU#le3m=>Zpt9SBX_ z>GuzsyNa)wJ+s(6u4oSklh$Mk^?B%ZNplI1_Vac~)Z?rbvYZ|uXAZMAwaYOg1I2q^S^B+{|V zY!vqYsPt+A*&s(QVpo3*0e}zQu2baZbkmh;3n%kk)q`YcUXwXF-7#;UugNNRo$aU4 zu#M#&XOz=1HGHmjK61)c*_~`X9n-nyau&XZb`SZZdp)7$9!gwA_NhyF?+ca6k6B&^ zw_9u4P+GnXHeQvcra!}UA31-vPF8rU@}<<@A=Nr^ZX@~#O@!bQC(FUp?XlpxvM?ti z+OR>G`oo=0C|MBF9NE>mribz>5flh5&}0>tBNJ=qPbNyUT#~V!7;O?KV=8z-vuAO= zlGhS>2}vMF9>xxA2%_5p65et;PF(Me$}Y@j{8s@RPAL3o_t3f5J2SpQ<%A3OK7?R> zeuGZl0AuzwTdxY_%<|J6=10OifRc)%*`g;qw12UVv&AX@YHxU zB+k7-x>C@d@TkuDJ?-`E*1Wev%?wEh0>J;~@`6Y35wzl0kbFfa$jLYQrqBPKjHN&JZF741>U8tO^bND91Fkmo-qUYp07wp<_N^|_ zVrSV7tP%D4A7EClOWPBdO_151uFb*}junyD`LVNy)g<1A=N2>2VSwchkj{vlQold? zEks(gCHW2_rTqP=G|Pw_h+*u$-^J9L0WzEa-1EWKvONqn23<)|w%okU6`&(Xm9ixK z7>YvBtd5gjE8W^xKhzd0MMKeD8(;=bqX6k^R6GdPIKLP;nP1qSVuCXK z_@mON2WvYHx*#F+=4I1RP$1}yd(4zuu6Y2lYSqNtjUmS z*j$)Wy&34JP@3IUhx1SQZMAnZ?uQG(x(HL&Rdc3xZ$igBA6yhkT>Q2iDORt9DWd(iuP0m5J{{}A_E=CV_o^&A}3 zs*CGMth}H~PRnHqpToyI|Qv|AvihEWV}g-+kQYlQ(^X_2S?&RViR3Y_Iw9{~Ig zfb!x-W6s@%AG(F{0*0IFK3gA>L=6gaFh4dE^n~A#B|@1UH|3=# zn{AQ1$eR%}WYy2`v}(mk{nHZ`pNZ{-yv&%5+AT}i*X|hftIqixCe&-LM~iZYf1((q z$sG!5@tTI2!?NY=n0?3-RBSx~>BnAEy(ju7(rgPGLl0BZ?<~wJLs=Ozq9zBYeIp>j zo3+Yz93?iVAC#Ed7BKQ4oRh8=r}lc1*$$vUV`TI@FJ)1ZZ2c*0zDpyv zl-v4s^pYOuJyP+ybMLC)gL3D!GD*)p6ZQB|7bQ6LYZFOO$;mFTO~@q8rFw)$ae-y} zxU+EwOjw0yrb_x#v%Gpu>=!ogAQ#g5pEN(ItLqNAMB@I8kJkhV8Z&5;rO0w`(M=Ha zU?4FJy@z}}tulCX9(#YE@aB^Ysh4zHvQ8Q;_;hm;DrlD-iMmy|6<_W4iKqeSh&j&~ zto&i<0Kyh1fP^WS}U~8bAfE>M8Yn!`RQ&M(pq+r#1Ce{_*+uk!3bW*)1Iw^zmVS4CW z->!Qu!f5tOwZ`wiNaMqo(Ep0q8~!2UL)U}IJH(i4RMF5($;W>IKR{j>PBHtuLkM1o zV4WJSkD7|CE%ay~SrYwj!`k`l&Tyu7?`25vxWjN7<0Z#}!9nh{Au9l@g*fR)@96^w zV?FZFWxlOVL{xTLU05pY^C7cp@~*3E8sxmdn4V_2uR(jjMnYHEz}hJez2y3VT-9I- zZdaY-fw>Hf=(kbVGZaG7cn4ta@um=l&?&}XsJ&M7Fr-DKbI6BiaDF4SO%^f0f|H;D z8ZQYVroP;Z&nB|nm4AX;i(Ay&b_&fa8cEbxobbsoU6BjEa&G6+?i9=2A7WN~FGh^$ zIi5txgR|OT^`0{=Jtl4Gn{o@!h&#wJomY@JnjfUJh#NOBxd98!JITF(5B~5Kb2P_- z=9B<@ynU^Tc7l}f&X!zS1o&eRXKq9stq4_1iPM1Dh!u4H!&&BkY$V0^fJq+AE{uKc z?F;*`-LvPe$G`K+)yuP_-Y5xj32#LirgvRs;>zbOIol;Dw_mDV;*eX-jYpaM3xhO| zjfCd!YUQHK0V}m_R#q_mOz+Es^f^Mm=#zbmUxV`k_?NfxX!VAL*>a)2P2hBjTR~7o zBSr)vYJE8w9xu~%n?F*J}ipW|Y!jar@Qj7ka zkS`wbDZ7S*A09UOG-qdh&Wo9U9cO8kMRN{Ea3ayW`>#T0#t84k)*D(-ec>X7sFD`Ca2 zQ$H8B;zsJdhPK4jYdGGnO6$NKgwMlE+cBD6kC1rvMmei6CVMK4ltCbt4D@bhV9T|t z(<(x5G*3LAf=0J-uzwu8FBec(FXVErE5&jflC4!%@DU1!CoW z9Gy%kkGpYpqL9*@682|x{-1XU%UEmSAeVZXVbjckLSbmHw~M&Gb%7nec~{2vNXTx7 zrn{OMIDg&#XKgt3F=Jslz}%ooOC|gokThi$vT60ewHL$cX za8ZhldBeiX#EbN~NzqN}LKC?$#VDMA&N8lT|DC1Dzw+-MVV2PdAL{m2{qCU!mm2?i z*XT5zeJp@0r?0f|@pBsc6m#G`#UPi8KWu#aB0?P3zqCOO+O)tas2R67SH>+YSB54W zZd?swAiulJ#}JQk+F(o$3h|q5hCH&S0{qKQ{6a)?O{59*`X~R%f)uocCl~&kwJ!{; z5>*Y%NxRN}g7Zn+*Ji>djtt-Qtw%fh^9w7XU9{?_Fx_D%o|C_|voB7a=OCigk*mLH zEqxi_Dv)_JV!>t1UpcB(nyNEu+eu}7z(kmS4o^LO^hO<~cX=F@@^yNHP_==1MLKa0 zu+OS{G3TD_b@Z<-J(BbiZ+S`#m0LL5eHUtfWp`p>1EvC|Ghs96x zu-KEPK^&FWC*r67ueLJ}YwBFvy_Q|5M}f8uC?ZH}MFl}j83H81qM{Xvihzt!L{b4o z35aB@QlWy1iV8>u5o&}05hEZ7i57#52@)X8Q6vdr3M3(r`7G_XcisC8*SXGhef*XG zSSxGgeV^xf@B4Sx6Xs69V9Put;eO{OZNszvaFB0fbzH4#QswVQ(9G~VzXdTzF4Had zGgV2svfhO$7eh(z8|e7WitvUCyD9d|b)#WDrY_r458LdMNzKNlPKq3>>qtoJy3^S* zs(poJq(ytEvpk4~38H~y6!1fIv~%L^H4$LdQFukIxh7F`l2T5jR)D73_H!VwE!+-U zC{#pRsB-?qya!);4KO&)UTysg-$kMT5An41doM$*EC;qQ+aV{*o4s-WD!4<)Ged%N zg-iV!bFKpFq~(Cd?dfV>=bt;fA0!+KxOTS!Wn>=xeVbFTI|UL%wd@ye_Z4G1M-o#K z)hQXvFsWH3Ku{1mD4tUem@(?0z+}XET0VJg;>jtX_JP31C5mr)#M!C93e<)40S*); z!RAwI#y!J?dFrbSD`EVuGD}beiaYRdl1Ra&QqN8x4U#`q{vO%1CTVQwRz_z-t(vPz~7aqT_x#Y94iyRMzxiSQFh83b9E2q;eJp)F^t&2+BI{ zk|p+0`*-g;Dh)ytYZw16IN)$c-Zza`(#@hh8tP3ndXkoecx`f+rZn%PN3zXU=wqI<|Q=tR7KLZ{|$!lKENu>~tNRs=XS`)>EY?x>H~X$n-$`71%9?hdN}KI4l9VoMVH&yX8R=VYEQfj<*> z5Oy@jzg;0ED+6q(a9s2O1gxhncrh2I%yP5QUp7e~0r@K;f)-&utOqag=>z`*+fvgo zBRWM<*JoW%GV^H_L&Sz;Pk^yKK72N0Bz@@zKp~oMp}BfOnoF2MIZ+OsN^#9Q`T@Zj z)14LLdg4Z~>pc7?R4w>{-j^$TE>4G0e0=)kBlliOeOM+5Ko#U1f#z*Y7@g$i(sZ^I0k0XJdPqTRC08x{Nxf3d zcq6+xTp2!}Lu`g2xa!~0+gL+NEmew@b|we!q^PeZ+A-{eIk^okI1z+_oCHo=OkdV` zR^By|kW>~qBNLI^#VYA;|GKCtq=N@wHV{6LdTEeG7Y+G)7oYG9JG=8|U@u(61#X2;8m}RJK z^Omt~W~ajL7Zl{`M-VA;QjPJ0IWa=pw%)7m%~Y^yS{QMm2|P|rQA1d&VaGIy=ZUpt zk&S^VIf72jNAY8L5^mdFZoTGT+o4P`icedXb|u}`)ZTLUk4ddkz{LH0{FST8D$)n9 z!J5oVx~f{aqYat;7RdtQ%_zxJ&QMUq@Nx#K*Oz=XefxLBtjb2zriA}ztRNYh^ zYuH>4a5cf+hy;c!qRnnKY2Fj_%&7v~GO@;jqqa{;_0P;r5RKVW8h&7scin@N;sKB% zFg0#{OS-Ly<#-i)-NPjl85UBNdOetczyZ} z@k?2*XVQ=3I0x&=vpWvWJ?bavR5H&#bNwgk^Trb{vseK^{&>DtaV9~l2xAQj7Di#`r1Ie*T0)^@0T{6$fK5<&SBxYuv zIffZe&c=?l`(}(jDr4fFQ9Netod&0T$yzFRD{?zKZUNu?Ov#CJ<}n+8fVZ` zCKQrZ#LTZ8>K=^;ng$Pr_P*@3+rb`@qy*YzL2cK6(z_&& z40E$yBG5DSZ)N;#B+3`#Jl5YuGcUW%=8v7x&s~3cl5p;X`=#_XrjDYQUj!sj8XyHd zPm1b!*2)Q9u3i6wa%?~@yrHv-WsIvrj!c9m1?g2mG$=!ug*{HU=(Z@$z=~=itmx$` zZXM4|DJNF+O;Ot|QqcFvCVge-Z8tb%CXzpUcp5yrEfR&m9Q_sJ2Du*To?cVt;isOu!$F zKrt9s8oAAL`UF8)pjg4amoOnKv8Yone8+4$>z$(4k5|FQlCFQk(clI00XrwtKwNB+ z2s*iTty{(t{;^yu;^mn60CJ!wDzAMSwmA7gV&&(d*_xAV~ zSdOi4n9 z0*&#jB2IfwvS+{f?-`M{CEvz<7gV98T>*~oZ{5Q@IU&kVmLOt)9p1d#yL%(|iR_av=xP0#zJcI*)9=ML(K}}g^q?B}iA>P3c}Y*=;`Ts9 z>OzlF^`iKu;iG~WwoM$uvy0IDNPYi^{zmho_~d)*^t{eofv@gz_Qi#^hDmN`03y%j zCDpdnGfQVd*R$JfNSAHT`-G}`Wcz#YnGeJ}Df8O2$a5J10#NwBe(@i_?M@%_h|S-o zTN|%1HcvM-wGBlr*_pA5N`g*_XQP|$6fIpwN&jxlYV$#G2FTVJR1qFDrveL3+lX=0 z^1LLh_}93f{S2}-VcdP(g?298gO4tlKU6{Hw~ON+kB3J_i!pY%of}en_o_YF7jl(b znmnZaBNNb>&R|8>bq;$_zS1+9hiodguMuBV?)KnW_;SP;k^N>E5sbX1bHQ+5rs@j- zCU$x+t^vlbx*+%cnN!8w*!rf`h>=EbLuH8>EP<{}OfE526bUN=ywo2@V z>ZLIP{rYITveDa-4Y%2M?I|H?Q^XDZfOY>~8F;+Le0evM-+9cZ^oJwWh zzlTzy|WJCV|8d1tWH_0h$zX=1rtiOZZ%WAP52K+jFk^E-+18z;31>=@@C=;tj|MAQ z)thxEJ4X6$R-lE_`BF1kNt1%h$BX11$HrY+vm2~-5q^gLz3~Dz`1C=7khS!+)i0aM z)9oMBxXmu67-j^++8lxmepWvs&|usWE;g<|3kB4{ic$GTFsGXo5EiG(*$6G$jWV~6 za$bJeX8y1Ru5y}|#!yz_jtaa_nMLkP67e5gb;5ZlQ|Zx-qEg?MMv= zEwO*|-?N*1cHkB{7)+}#4#am3a>bXlgWQW61&I5MR7IaIQqS-iFo5w=AYHFcn$j%$ zTsrp&4P&|vC~yzOj-NPoDSfp<3B9UjN;OP3C+z#>33$F#9pPpWvb4FrrpIoxrfYQ7 z1%L@p%2M63QQa!|6cVng=W6P+nD6(d-uh>hNJPT`e|^6{tAVMbu%dnDW@L zo_rs2A_vPeTtih*rxN?Z4m*v$bWK)9F(}|xSfS6HyN+t^(MZNKtN$OxuMH;CG?Plz zyw_84SVagGQi4!TzHndVxj@RwF-f$Asb$ASC49~nyz+OI^;X|+*<#d;9bb_&AB#xX zgyZVhaW6KN|Ni%pT*y7UCY`Cf<-aJ>xvtn{t6>1wlBk>1#c4m7d)kvpRcIjDNf4)TE!X{xC~e6C;S8>#eVG!TjVw zL+u>CqZp-~R{ePTd^3URbdx}{D!vlcJlZ!N(*a6A?uU zl&l7Q=2BLypvBBJnrV1kEFN;W*oE`-U?a9eMxrUwQepPZqcA^*U2Hu zpgt~<2c7)m#k~~K3{;7Aa1Sn8__k|xE0duF z03nz*!&ng#FA|y`5*n@x7O&^R$;>yH`Zw%1HYF3h(plaTsHys(Kyfg4?JP)<2RX(& z>vAq1?M`@Uf_-^P%A-GCD4yRgkZsR}KZHz%aO)fzBhhsqm+D#-k*gxM>46~OumnQX zbQ*L#?X2Naxs&>#Qyo?v)Xq}58ALMq7m4aLS6OW^V=1YJ2RS#D<- zqtxTLaCI@fuCF_aYEpp1OV&GHB643r!zxi518=lcEh>difZ?8J9B0=({*eeJxSM9; zs_$)&fZ~-}ku}4n>%P*sdE#91WGcjkvraNsXj>egJYMaE}lWl6V3<7^eC` zcvL_}ESwQg&$PLHfcLdE`iH8hluG63cZMih>JiG6_GLC+dHmpuz=jfEc&1P+xK~B(fg+rZRn7TGobp4cu@tY9D0aCh;q!nkHI(a>z zQ?q;OBUct-dKJj=J=Tbz&D{#n-tCo4riFUM}+B!x}{JCm+MT3=) z9(i6pqq`#GetG0Zs!cSY`)-zxYREzTJjJ>#{TWiOeFYRNnauUy4cpZ zkE9blrc2j*xaQ3kl;{uj81w>zW~bl$>A<=j#2>?dj31NcB#FQNDjHl4{wnjd#biKf zdJYsk$t!|7x0)d40};t`zCn#(sSdIvZV@xR34f^jzZlD4_;+&e12oZ2*4PhDwc5(< zt`z@3I-GNx!`7*R*y;qs)Fq7}A0|gSrgVlu17wWFW3O2J|Dk%@fedokr&f91E${cK z?75Sj{d~VFMv6V0&?56_>sd!O8lzdX_ib4dO=$*Ls&L3hdMe)fV{_s!h;M!~VXspb z=W&Ac3i;6O8fIn(AMfZc**ACx=> z25Zs6Fe;o>;r0l;0_P0V`bKQFtQp-{@#3yqzL}EUsdBp+aea!DUfztTkQJiysz=kTC7y#~cyPN* ze!~lD8uIAbZ&mJms>aqPg`2Tk6IUm9pcAFn2nKZ8G4ae2d^ven_2*mWi}y0$k{ub# z0k6mgOTV?dXKjJiPgj%+f1odc%~KsIU(J{JsbLzVVM-W4yLVz6cJ+w#H}!@il;gUO zMb%&V@&eC&MHp3bjrwIPrt~vcT5YK>`1`Ng}gHTxz(+{p{D1i zdUit;e%?qSpc`j11@ToG;^J(A%E=%U_HTS)8O`Jj8_mBuOZQKEWbD^ZYTIKWToWfi zC2{EJX6leqxG&*ti!5(?vx)(-?nD@vSX?4MDPd`HrdvG8dyFJy5 zG6LiApNey!tkaAP$P2BQWq968RX_MAYv!+$bFT@YYoP$_w0(E7;rW)2^@T7+h9m2T zSlH<&woPC6AoPZ7+{J5ylqj~c z>Xb07o1x#tg83OZWUZ$dSx7v=Wr+{3h(LR!BCTX63vjb2038Z1y=MVf&mf!MP6jz9 z&Pf^r5{nKP3IzrgIDU|<#6N7;2#``be$ldqVVBI4l= zh3fB_f7{a`(_9HKid|zF>rT1QmT(K-?ThOcW;@}A-r$B#9h+10S$YwG5+3Q$00sVt z{`wJuLgI@b1DaknK$n-b9Ig%hrTJ|?-t5pmqs=-ZGYP2hZBjM%IwnUNre*KiW3l$|Kd^6c2nCtzH){H`7diZ(1xvql98 z&mYnc!2a54J$h_j@6?u?jS+oZQeR-`%UgnoAj*E-T;-z%_t~vZX#MtTEp-(iuU@;E zL!8-JNU25_x7B!tscv(yw1oMx9g{K0m2O-hl8g#)7x$G0)8}FG(e4mQXKkdI-_uj< zXGAm<9>Mdu@j?087vzQ&4 zpM&_3@E#e;1RtQ}>S|#ro^Y zbo*<@y4`fU<=G$0e%ZLxCkyqUtMgClVO&?2P4su{zY031Nsami<*O}R7t3>Z{h_P;LRj46X}4&I5zBruRpB?8MHhQW4}Kh@SU8!7DWe;mqyPWL zC_BvmPh*rSWJ0ziw?qD%$0E#5#segErKjy#(Pa2FT=Mw=8O8lY5j3jzk`>Sof*duU zFXDEsICB649A*h^hktPCTM|(XzWEFMa>LU9L43QTDdALU0MW%H`1!rGj;9o7;SZB1 zMP{nj9Gih)Mqa)N&k0ge0TlS<>9EdIzj`?Pxg1UJ!`gC5kD&;zpnqcMWb#jo$9&}dqX{!|)Ea<2WO>VM ze;xLzMX){u;PhlUO)?|%(%fe$l)WGC4Semj8wj*~wEe$n&m z2dnTgA4_aI!|GjubxXSSFJFP)2RoeZuvE3*@3i?CG3ZldT+H(iGKyZ98bMZ&gDdS+ zISe-@dsVKq%%_@CwHbt;5lX-hLIX_d@)^+cBbZhND50_;WgHVxo~Iri$N>=&cYbJ= z@KN_`Z#txRjA&Y{+2qcSaJzoHBv}nSh(&&Ka%d_0?D$}R1gH2L3aF`Lul-?=Ruj&ER- zCN5nktjguKhfH<9?;Z@3Yya`nXZx^x@tI2@n~}l6@|S8%`vo zeU+AO>|pvG;PTsT#M%!qY#OEaP}eK7}!mzGD^ug~1$A}he?$EL9Ey3__2+3CTzg&4X@XhEmHleLmO)fRZ=kk1jr|dEEg8=qe8_RUHsQ z7o>UoKZeZb2mtwFt*QM!pJg6CziYiI?c67q+wU<8_oDqGCd=aHoE00zFE_0Slbt!C zB*F@YILa~b(N-$%Jdk>e8t23_a$CAP@Q0?AkKbU$ItG7vvm`gHdU`HjOvWV9r#4E;IK5b1*l0O+!aj2=HPS14 zLR4U*y|BfzHH*BuboG2^q~j5YJKv|)uIC;|GgUGK?9a?iHXhEZ!ecvO$<6T+cBsTT zxtvkK7L#=U>6Ks=zP8GHu`rtFkp#}2RBV;w|g=29wq+j5TQZ@A<0;BEX@kOgu<<3h`(QFl-dZ z0U=AL1Sk%*e*Tc-SZ;Z^g59D0e3F{dcxv=GFf9Cb%nG{J@0js1l009WzJX)vFy`t| z(sWH2V0M05qIy5Dq!?E%yHs&e6QWV1Y(}2_9Xtv6*j_vvlMyZV^(^1-hI#Ct`f|og z_ptCb8=#u5J#uyx0{1(qR<;W~Q56W$@C@xfRBN!rYhFfX0*hlqZ%)J7Hl~=(oxrnW z-n56E`4$^mxS3ElLB7!G>(YvtdUlC9P$Z?1_-_ADe#kV99+lfLC%6{~>J*~M!eBONNEk{V# z_pH;t(D~y8W{jk0VadMADHPYY%=6C4-UmLex0x5kfbbG&-41DWNgka5$eKOhIZN-A z2U>9!-Er`+_HczbZo@~`!Tj|6Fvk9K)_qr%AF}cEGCkf>-CoD*vR#EMpGSArXB1zH7{)X5) z=BkkSYg_v>vpLaB**%S-3XNBB`;@UHqelu56$OnIxfRmiOhq*(HJc=X_+?j9&mzcM z%T@XBnq}Ji> zNB|Y$A>Crk_e~^O5riL)Y^FjA7+#Xgk#uxRis)50iOK0NpV{rE;bbU!fFKO+HpuPa zFR|iv+RXn7)rFYrRj)?kdZao2o*||;hZz`3Ejp4-9)oj67S{xXGZ|+6_}=^Ni?z8_ z@vpH5H;l({)UQ*eTY21iwsNEp$kYAKAnQX?YTICweMOEeF>B*uLuuPN|SgdBPzr6vqLIa}FaNBr5{>$kU!!U@YI2;KDut5H-n;=Z`A@WS4$hwn(Iu8<*y~?0lDNXN}HUcIw$7+`r z{!=8~pf1_#M?shD1&7)KgS8IWGU%{T;tA2#rk^099Okhn;4t(S-)heEEds=La8m?M zj8R4>wB$oM?(Il2LFX>FPvF`FAi_N=hnG*wJE+g&g+8_Z|8|)L3#cZ5arpTr2N+HT zfMN0ar8LF~AEWC^-d<6H&~rM-)h}d(Qyx+@ge~W=y#-1jB$NL9w9kcT#u&{luD2K& zOshM-aJ7ScLe~^>z)K{z&8l>2dPfZn(g|~H!sezKg(HW^g|)lB@$i zPLvnLy$zcW*MS%Br!?Du;L*!n=MU4_ef-Jx(-dNsBz(7+I|P{06YvVDZ^5SThq6;4c5BE-6=>&sm$D!;--9#KFTP2w6@TopeX zD}MRd5<3Mj70g)6einpOge(UkQ)+7J;OCX>o|Uav*CBx(d*y{Y!Qqu-QyDj=!0r?r zAUOp@i};p2&CMFi!%j)@oM`~iaf5?1^#X)A>b{X+UvFZnrk~146=8Zn$ zNDFbiMCL^I>S?vm*5g&+U;!CQKrZij7x#x#wWlxmX^~YB_s70Z7py1!$L*c1g&cC} zdm{S!&v!s-z>`yUY(E2dC=V~(Pl?|$>V>m>7M(MAU%e$*_3+ruX`}-n7P*t-CH)2N zHg60j@sizW*e!PBW5po%SR3{%oZ^2FQ?0&FyT1wJ&Zk*%it%l$mBPJ7_Recck#}o= zo2w1o5}ZZ8#^GzaNw7r^Y5p*R9g;NM zvMm_T+nXVaQtttu6LDF)zHQ}Gzd=^W+D}+c;l8`)hae>d)lQkl7wtk+HY0AV=}sq$ z3M2m?Q2?NZ(Lx!?nG}PO5`?K{Js3JJq1X+i^j~$DarCi?2Ud0zy573 zEb06NX7gW{`v>B)9;bHwSws4^{^JjE?YpdiTKXqd8o8p-{|@Dh88{}Qk6IH0i;_h3 z`Xj8y=lg1zlEeP$33u+=x_A)RYmh51b3WMx*ZjtGi93cw04Wx^FoCwK(rx^{hs(qt zXo<>yeC*xI9w&HK_C-z3Xb+e&-+smk2D6XA2?vk&Jv;y)ypuDXGVZfE7u(h;n@32Q zCDM4+l?JrrQ8r|~q(b;}^`Fc-;kaWo*jr{xdj-RB$GUT-KS;Fy{;QjLUaK+~-B>;& VC>tp}x&-*!zsG-f#ZSjC|4%mx*cbo+ literal 248019 zcmY(Kd0did_y09Br_to;X-dt7n!e9iS#IR6Sksg<)1r;J<$`5OMy{mh0%T5Exi;mv zgXZLlpc3waW@0IerGny~3JT(efP%n}`SbV3{o-}s_dhq+xz4%Hd7saD;c?yV!1qVL zS5s3v@Y}Dy{Gq0{ho-vXzuTvJ^3Ts?JJpXm{13OE)o^s9W!24I=!I(+)YKYtw0Cc7 zs_yqk|LO-q+rfaCCrhNC?FBfh;3R;nCwMO{)1s|~Z{qwOKnjioC?unn3 z8Rt(n`|Oi)FAvKM2REw0p|En=u>#9xhi3hQ8U^Y%JZ}E=%LP6;#4F3cB8bE0PM(&@ zNL-XY0|X-pY4BA9Juta6?s_1%%Vak_A0;hCx4ZD4=0`=B@&lk43-azuqA)Z+uvyMU zDY%!Mj#UhM1HYBj`Phl7EIH3lIJGk$dLLOB#~hn59RW*hByX=9-0HBZb9_zl-nTfe z(Qw(7;V<9Hr`(8QK46TV2yyxu0^j4fuPwmIpB03yLi@?zt!#t_aYDr#e*_I&Njzn- z_^$I!e(XnDRP?y`9V)&~;3!F6cx|DiOS>mC?QC#&svuCb@1mvlAA(+5WOQEqAppA3*_ z0E#ut$5waU;pJiB8+PCBdAc~1KB_a2DZZCIuK-Gea0!W@=zN1zX!4L zwwK}VWUs4MWc`cRJ?}Ip?olDs@on ziW${#?4eka6r3>cXL%MSw+tE1BHFt%xKW$P(FwW9&Vr!HtR%>~P`&R@4+B>wZSE-! zCND(X*orcKNEE%T1XWo4V_VS0?_IfPE$4fXDkZh?mJ`d{pf(|Bhw8FF$#=Xm zGS72d7<1KG%d&Zca*`ps%ku%3O^?HaZysTd0%;!OF0`Xa%wrOe*YANpGpyx}q}9`; zW!Gi*zl)W5`WQ^+!+e*^)?U@MMo+~YUl{1~Qa&#F^Vq|^KZzMh z&o<0l*RQ@eW6i|H4cUj2Em=)3&$2mZMqdveH&gPqN)vfpY*2uN-$OiCx%n!)90xWl zE%|CNpVaq?5zwObOtb}effg$0nivj$oZd+tcw*tm@d|K5l-xe-KQadr7WlJWPx|<9 zB&+n-%nwy@?tS)#!$wb5+7q+PM4GJ8gRCxE$&-}#;M%l6gnX2>PiT|c#+3ZdYBEq zbsG>I*u9Tdlijv6n#Mf`bN5axZvwxiuI%7e&ZEV?O5M0^AC_-pi!_zQ^N!ix62)W1 zgTD3UP1SrptCfPKt9vI0KQf0dzq!pW^-oL1$ne*FGsL=n%X!67s|N$zjb|Ch(i?es zRoSWJCMtrt5BvGXRybJ8K0lm*b9mDyzYXs$89e36C9#TUl3XqpBu8D9c>&mYx7o`f zd3BCM%;Ta$M8?J?ROk|z<^>d1Cmg_CfTXuO0LRPX8*MH9;ZkN*61~IfD^aHT5bF~+ zLPPT^x(a|3)WIQJp`#P0==NEGhu;?FW|Vxn>bm?spzZ=`)Zry~fL^yd%m8V|ePfUP zQG71nXxwm3O>%$DXa2)xli5Qb&ECl$PJ(2#JKu_r`U|p%2|-m~PY0a1HSy$J7~_ zQR7~Uk?2mTp$3H*6c_!*up{KDlnq^lr8#_h(aB~VtXknXnQ4i5=?~nk;n-NVB=c-m zF@7%b7<#vE%r9ZJ!fI*aiu^QQ-1ebUP(%F5lhrDmb?9D^ce)JLl0Q?&*&xL|i#pQL zDXrCJi>F@H`#`rb%*hH@BAK$~Tx;PbW!f`>cmRRhM6EZR1x9S} zk$3YBO$t}|Kjfq=oM^Gwequ33TFM~Z0|HWJHCpg;HhxN>SW_wj61Q%HM=kjM&K#== zh(Dr|O`-sIO8F%yJH14PKCQ0gRZtr_6dqIps9(hQs0albX-tR+Z#Ev472g%dJa9 z?H7_)&cKy!$al8M@Aa5)qYIO#Agoaz^al3=*#IPY{~;-M3tiIYn0-u7Oj?6>74{cM zFNUxO|3T(4zMVAflJNIrr}!jEG^p9u3@u(VI;pO+;cL$;ld!I3Czi;K8RUxK=(ugn zN{)$0CYMmcEtkwlQq=^;ir(<@)NqSDm#~u>kX2aHH0~xuaubkT@nbFLU|B9;Cl`_O z(Jkd;{BZH~Ls{v}PU#f#6jrL4+}>-v+JK<3QfSBx9Yzw9(44bVkTV`67!8VmTnX_B zh~HWCvEORQg~o(!2|bSb7%GhZ(!=mh7aO|X{Z{I;1d#e^c()a6C(AA|@dTvKd=}hA z-e-4MqZs)(lcXqH`!nN)km2m9#rw=Pd_&|;w10wMD`{%WD>d$Zki+~XG6rShzXlY| z<+}W(ClVBf<0gs`)j0UPp{IP;4vVF?zE`~Tx_+L_lmBGb_Bp=Jf9gItI&@Op+%gr3 zl1)G&X51X!iI@3BJ7IPmQxOus##%%O1#)v0UhJ9}Fos)+lKu$$F_cP&1tFFTU3%#^>QgX`Qp*BPz&w9nle+A!e15=T_>vXg2|P~UzM6(;&Jj^~BGa{{=< zh$rPZ@fX52`KgT{&tR&?Wg=gW*>o8oveynW66x?}E!XXyiHjzixfy94J+4BKE1U>= zOTQn12^EisZjjBof`{oTJRL#5d}isg9eWj}ltlq|dw`u?19hDPV%@cM-44Y~m)3h^ z%f!RYX1}dI{qvF|<9N{eW2x? z5$EN<1d3e9UM4k+8kfT4yo}cILq?+!QD&2aTaDLY^|5VWcX#eM;hcAyOMPs;^w0yM zlYasyU=bo3A?4f$e(}Ax``&n`7P3P~&kIZ(T^pfwTJw8PV@g^SH(W&2?8BqL&kZlv z5>wYwc@uw3|p{F%NkdAiW(0%t~)#>YYv_WfjKqY13h6TUX=o9aD?u3FE6N zTqlSTUUUmj?AkOVZ(iAEAOqZ8sAFCcJ(XS74e5C};Xm@u?LLcX(wdAEC2Pma+6AZF z69>dgZm!bb2aA~FZ4I59dg_p-LOS78+_~Y)RcPV?7T)phuKtrC6co;%&^AGIR&TCu zf9#}ba`q-ek1@1~6`kKSOB|@fN2MLBDUUSg(5I4x zH@PQqrG{%J?>3ei`5+PHxSeh#sz%_9{WcijPKUYHRe8!zVevEt{Z5_?>ryf*%oOq$ zey9>Zs!1*?VW&4s$MEe0aq^LR4LA9x0VLA^m*mJ(7Fo(LE@0&JB&QJwpc7nRvZwVw&R+1v{zFU4~icR0FWgf#|npeOAO^lZ z0QTKQ&useo$uJ^WYFuh%ByxDn1|_7-FB!T_*Esrp6~L=yQ_i~K<9DKI2kQI3wK&Ht4~BrUmF1GjHLDV^|jo< zvD2(yD_wopZk`ooVPd+Sg=rgfYnI2VJgT>!M>Z5xNr=w-nInrvmp5)I~ zYuG2A^MdMqiv*wPWp527ePRYv z^qwD@uLn@<%dGOQz#k{p1Efp+4-OQFeECu45r06Q5w}9oRHKFXnK6BFZ9O=6m2>}^ zi2hMSkE#HgHr8)Gk$!%Kg4uc(8gziq>-46KQMG9YvNY$jLV|XlH&=A^d{I=Ic<-!) zthQ`OEg7wz@9F<+Fz=D;CZ*Sk8(+6o5th(Btu-xZsUNo*r|?7@EuNK*9ojN#PcPIe z-mJ|L^1gSdhs<~Z|46)JRAMTw{;7!s2XL4B130&-&e1nL6Au%9CUepZPF?#M;i&*(Vsw#RXy_Al!@YYz}yA5e8f!I-C_8}(9poE2VF;6uGthHtc# zy)tOwRmtt3jgaJLUbw@QTbM7%a$=R>%oe22?+|Wx=HA+7-xD2+=(ztoSb&v|JI8#Y zK6aKH2oHY$fO*c1Uj(O1^QHc22BokEYyoh*O9K|V^79%+gCJgJuuGOEJ!NW4_}0}G zhC0Vu>!F3LcWgxESz=FKh&lfvERiX_rpjzM>3)p1oudHaAy;8Y z-E~yRX^H&p11#91RO;8u{sZE>h*4Na{EUTGV(|(@U_*-qN1SB=n>V(ErP>z4_^FA| zGjOdX4KcsKMXjjn_yn*8kJKT^>WvL@8|$FY!IUR$We8&{ z7|o^tQk?W9sE|F3Nu<>F;_(NoL!MFof*_!h%(eTG+{+$TX|D4v!mJWoq+dug2Fa~Rb;_?Hxx#4;zmr|*ARkjxQN3JEse86Vn74)&( z7t2K#4u}SpL@|GhKQ2vulY%r9fgn(4HO|CU{%&K`ojTv9UxB2EchAd8rtobehaiSh z`s0;EUd{s}$KXJ}k^PB{{{6S;Y|*G2r)akmX&KSYc3u!THQ81Ob7^UDu zH8XapjLFp`R>vyp^(Jk4h1R?#pI)0n%U7UlV)1>~C8^`*Nv$QPFI79YaZhiN!X9Hp zN7Ej-2n24K;q<~fqh{q%VDCADvQq%AB*RF|`4CQkYV zF?f3I6c+9c7Pu*}{#VF;N-RPhOrU2Hf)F|OgCw4RWfsxpI4A|s;v-z@wXXwwLG|q> zsi)MR5sTk%CC1`!=L3vXxi?x(7m?vV~r`@muW2oE{Sq}KeXh?UhwQg{2kVkD<1eybb)3BCWE zg(GW#Hsj3dm==ixxaAJ?pJzT=^a>C&5`@Hc zR?&~z?Vm_U=}%DA>w*atb>^rHD4The@^8^5SPWWS#8Kmm#Brxw_9zzrxZ~ribVm4g zD6)#1oR@!dXDfe|pN)*ks9Vm`3vrJbfK2!$t~+h2k{@fM#ftzlf4@G%!4;PHRQ7$^ zq#N=Q#v0y$!@%UcVPC8G&@|5&mN%-VJ=`hE`6fe>N&1_3T!TMg7KZ-(ZsD|`s)Q%| z4&hDWF4t@{43u97R@1i)v^}G;4O~MVUTSTb$*9NK*LSX({|{A2JesZpKLA~fd;lL% zS(fDa{zyq)6smIPWtrKYL=fmZ>qqp4uc>+`mJG~z036Nd{&3_qs9*$#89Q_jp5r0A zQKBDpror1S2)ycOqaZqj$Q9)a%n%Z$n*C}q_m+oLcMxc)!LtHA@ zKC`UWS;`-uwj!h4Mi}a5lSIS!H_E>7*9=ySsek%pbRhQ%4=?TqBzgCEzcV#~O*yYH)9B4oP^<*qjHPYfAS zEmUslNtmSK`5)?hAp~o`7W<9ayg;X|pj*m;EIgd*P>>ehKFl~iWWds#Ph|7#~>*Ml$>rjUhdw{J2Pn*!u(5`H;NWDf(bjm!=@Tr zR+Y&hJH8in1vwS49l_YEVsmX&yByt~D5I5X3Zl!gM1uSgzkGQT0!BONvovgN= z1Cb5#9OZ^M@ot*ZYm{A=A7)}t)e*xG-UElTl>m?U!)6Fs!H6#u4s9cOmW zGW5EZF8SbaADmrKmQnn;=dlrpu2d05K8}fSNANr)aR||Eu~E70mauD@^b)4Zgl4Se zX|CI8@~E6WQp!WDm~=}xY$%rGD7SO;X0EJ=WMribFAma>{JL6^0uQWo7gFJ>H48L^ zxl__W$MBT*arF-(J#wADCE!zlIRf3U5HZPzoS9be#~W1;u{E=Lq>nT; zUiF`Z@zoV>Ny2k~f4TLf^oDVhqiCThhQ4q_n8&#@0_Ek>d@uv`TJnZDaJiLk+}o%^ zq-gGKVgK2^t_;82K%wcnK6K+>o;X34Pmm*2{z>k@kGsK<3`q(@Jg4&Aj$P!M1UV66 zA}k2pmonATWnG6c+Np`kbg>t@&8xyGDn;p30F*TXJ6vCWs4!jX?i3i0z!RiesCBIb z18kLXZpXgluiik87$0;WLu?IJF6Ahe1U@K{kAw(*O`)ZHKnI2l0~>5ihD0R_)ysQI zNRL##PElWFQaP#4ctin-SU+{Vx=BgM(t#4=~tBcmBI=gj)oXfO9F+`n=^jz2e6_Uw3wA+rRIulHcMxXcr0x-N7FDR!+Yia}o zb%~=9n^L6?`Qoex(_e|3nXjcmXIYy0gIgDu`*g1(kJppR_WE1=+(6hjpQQfo!GZa8 z&4{wBwhcP(dBlv4eCtc)bV*i??z)YHYAU)E556PC^1er=94k)`KS2SR@d|rL6BwI5 zXYqO3a@qsHr>WjdXf**%3O)nQ>dPTEjkx6+GjqkysA_R;@|)bE+mTWa?$)ZF0wF(A?Jf8MfRct<+^*|M%oz_oeFeF7mzKuC1asOB}#FO{c{16Nze02`z1W zn!`r*9s>7XP^dV|ct_LXQBP1tkuat0*S>7DaAA+Wi-vJR%Cd&5=zJhLzshxGtGB`o z4M-eHPVlAnbf-Hhcky>$ghq3=t{J6GKMqw|=ChL-q8u0#MVM5d5k+K4y~(u|7R{#;W-YKA z7ogXN^r#j@RV7O2ST}D3mslf3qhvzcXdWk)2^{g!3Y1B0$caU)HVqDPByIE3RH&Yq ztlY@7S5LJa<&?cB41a|42`2kK3cf1fIDPfYw}LF;`kbkpzRXQ#8pUXJt~MEXwP=_>NH zU~*&B&}5Dh{ctULCK>h1M>(xaE$8ke&%334TgO@{F^ z3>=H-p0{1eVr8+?NuAwX?9Ok0+Q=_?GLE(imH(n>8UND`V$lb=_%Dx3lKq>t$Up4( zlSTdshI04@tuT5Hrn?#|M9%4qo90YzneI8SEHPd?xJrlry@COpw}ilJkRpZ0Y9>UI zFfc>FD-(~A+VmHyuX`h#R2G$ zwC;t-h=?WX;-q~@c6Zq1CG#^D0d~D!m%4kyR-bDA=9@P2{H$Z~{fnP;gojfq@v-tR z`O=YRE8YFmfxyqykyr?Q$>7P#l&G)*7E)=l^5W>yWQG2krAh0oZB-1e$^zz5HKpoU zbUgu`18#1OW}6saY*V(l4AK7sPyA`N9f_+OjuP)3SgN8S_xcMwN}Jk(2c+H%3t7x< z?Im{A&UkZh~;wVY*FC!^%dC;@Di4$J|kO!gxt^NJ$K1q zDEZMMeffmR#`CFsC){>4^gq}h<6q4G>kzW)9NY8R!YVfP<0T_Kvb3E{igd=)Fk|y? zb2BR4TzEHRniGP^gpMiX$7_+Xue%^eu{J)3QT4K%TKB-#)iTb_XZ&Q9JpNt#?1=e0H8y2ed9-2{d0y z#CWV-bltir=@<|A^v9aYdpgA056yFTLa&2QdSoC{2C7m9;wL7i<5@8q2)_SJlJfBd za==29D>?$Y-q|@c+=7^B5p0mM|6R7ODb-(`aP??(1vmUBC%gag(r4}`r4+ABLY-X! zxCTL_^LPABRNFo<k2@NCX0-d~H*dxq>!0YFn!psG4KGssOZfw2n4O_*-thvVWy+#Le}_jGxQ<%EnS-Q4O_V zse)!uniQIT4%kErtP_?LYfO|FR_I_|uEfz*@Q?-YWgw~ewcqr8#E zy$(r6NK{F(JZ8VeWr48T1Z6XSIB4#$IHUZDGP7rGYFaSWj8QCONPiF_{*5*bUEfrp z2ibUHWCi{eIXiEW9Nj41v`}t#m;hn+^Zeu&84)Jhvp>Jme*bUQG&4PCJbk-k`C3%_ zM8?MMujq{bDV&Xx=fCmJPJcTaZ2vZ=-c|qZ*%rxzLid_>BcOaeOG&!d$ z3%o*K&V%gaNwojie62mE4LsKRc;Uxf!nZxIoW>@fa-#0S=jegAVwG!3Iay-Ax)clD z_JWAKByPXArhT6ht#-#Afc)>{(vBSx69I^g40zB4G5@uOap@<$>fI+lCH$3|A)T1y z*vg*TxV(}Kl2!)Am>;8W4Dx&VpW%H0pM;+3;JtxLDQgD)$7}evNboxAw^lw?md$!j z)>?%a&P{Ij{Z3ESjsaV)vxSa73f0qt?BRD3X_JSN#ip?%vuQevVz_u~LmZ_P%i3aJ zof(;z$IQs46Yv)!r{R;Ol14xQ-pMAU1~}D!OOD#w#AL_-QxoloN~G+K8OCHx=lA zY%VAZ2jdWCdLmjm&fz@`{X1N3^Gi|UqHCO+(awLO7}hZAm}lEv6)4%P_8$+!OhQQ8 zEKv7bDq>zOiIixaD;g$A`!5<+yN>z__gJZj6sI&O+9l4c672|@S@Cg#BMJqC_=xWD zbC`Hb@7!XB)8J6lSQ((gRwlH$a2X0R8qi7bYpkv&*Ab9ny1L!{W+cGF1{K^2QPsVisY~C z^iXTt*=vtB^Y^!DCrMPTj)Bo4FH}GZsmHLh2U+z-`!*)zaI#3J_3`497up`k+Z)5G zVo>5lnl|A6xchH>lW;4qzzAz-o9IT`)Z7OH_^bQo;%)lcF1_PSz)g7L=Mx%}#-YcC zwN#s)t*64rYre>N9? zmG74=q$HkoQHmv%s#;ct@mkn0oc(dqY2$;YBd{rD?LQMNe?NpkbO^>`;xAlAoCdw| zNqhr!7T)(|8DySi|FcmiqTb#e01MT`;y@K2&SJGl2k3;qmmo9JV=bl;qZdOtet5XV zhV_YKT{)u1xm6ow9xCAZB;GIH2-J%JK_GQaykUZdyso&b_f1DL3jWYFPjuT`3s;4M z3m+?t-#Kzu4~FTKRUElEbdXQHyzzTvf_1t2=*9tbRQ&GqR~g46bS-?(Wb4>QkmzMm zhDRO}0M*xBKuJPNQ0Mx8cd3I90^|imbwZ3sF-aF-P}upHj^=v~g-C!{l{85RJhyen zonRj9iS|vVOI!ABQit2c84pT8wnCMZBl~UXmq)OA-b3b$5m#MFdC~~VaXG~Y1axlB zOa5&I>#c=7+3E3JeHojO1EgsrNtj7AM&Q-eX2n>Jd<-echI-8KyQcZS^N+^Tp_Qi0 z=%1cxUl;d;{AW^>lAn;6FGr18H~N^!k3DlLO(D;Ydz&{uT1d^fyxO{1t%bUFvEAdc{GA9CJ-+F?dY+4a-f?PBd! z?Gk?PWEW`V60nf}b-N;NS^7zfJ@{Udg8TMCLPU^uUvf*OZ@;si(b;+SIcLUKcp!!J z+0hKRs8LkkMLPki{^EQ5x{{v#HKi{O#?o>TeIaVe3+3w`Lz0HZ;(lUVpoY~_X57>+ z)B8wh*uF*{FDEmCSwcD#(xXr_PD8C2*0~FdDv<0#|BGZ^UXMX$4W7#kGOU1vA6UR$ zYHMbv#t9~47QSUbsNWpi;VpLNm)m+jgWfq4%s97KZ?&q;$7msM=X5;ZEkG*58xE5s z)WyD|YtROh1dCC1(Y9t2Q2qrtg=*u6fH@&zZL8yS-_=Lc%hwawp>r{s=ChBE6hUE$ z@$n>|lFz-GMLXx)pwWNowM#eWo)Et6Kvttck0w+5zi$=NE%wG9q$z)R2I-#9Kjm;G z$x;jYaS5g+Ud${d6i44442%GhkK^&0stp9sSnA&4R zaY#Tt?%aewV~f(Ik0?6HH_{=ZPnO9?LW;P5Kt1xXb+>T3J@<@$x>S0hMUVp9kR_#SVAY zu`T)3lrfRtPEiNaOr<2``k1Hmcg;qZnkjB?dHDaS9fkqyJ_c+*mh0uV7SC#)=xy~2 zaG4oXk%WsxhA(qu9jId4uA5X!<7Eozt*x@$3K;C>ZX)wq!;+CqyCa6yQmK`lyL@95 zuXj?aW~<^wx10C*_M?C4>V0$pdR2fU8qOD)1a_brpyFpa3L5`trpDdN^Cj;#beMEX zsuf$nD$!ZsJY&g;a*#=kkOn9{eH4b{sOc8 zLXN-w-I_LXJZlZ;4511e-nqb$0S}Y8|MgDhIrtoj+x;-Fg2s$BJ<11uH~8~l*^!*Y z@5p!i=M9j7o8^B(3*{Nd5r9;fxkpfbG}GyNlYh%JZMojlgHNP40>}OpsrDgw(8rsFgHU zDY>C1-5Aw#_|aBc*T(Io5zy)(@w==-A-{cg0#CLk{}lWV)ND(xtgb>EK-`iq#2ckX zj8^#qfOnIJnB&sGG+4EucYiy`F1UC@bi#zXe5URZQ`&A$G+?ZB zM;>_K=7N3p{wGCQsb5E|oYr^D+mJwfCD0y9I4h-_d@o+^ZGV{czyx+b!G(|I?NKm8 z;sw!UoqG|or#zME?qn7tJy)r|f~q+6Vp;!X9hk6a{z+a&*c1GHT~n=@-JNIK4e2fq zl+XCWgcRWdP9x1JWV>+kIIa=mwarTkDeN&og-kvs>DcYZmKx(U$BnWgT(+pp)KmO) zdWm@dsF?Lu>1y10D!{ z4s0JSjlMDJ+E3{#W+>Pe5XSBuzhPft3ouCJXo9|0Jm!=&5K4H3T{oBR8&2Y%(LQ)9sY#cJhu3C&pj89qo)z!V% zJZWcEIIbetKC;38%_^3kLfhI-@Dq_kT8JUVy$KEAc6SDHr4RCw;I7a)mNT|K_e59; zL~dl8EP1uIF0SlYc3a$xZDeSkwb|g>{P;I!-#T|8b1qE{_;s7`a3z(n&KQrGqxIP{ zX5n+I?w9R>7K+4=&mg-evbhruX0aQJMVAwu+?3KkRULD=6h1>Gkr9BcuE#+T4;p~mZ-C97&^Qz4 zwHL`t{4b87hb@SzxqvFi5LF{l+les$oK1Cr`i`a=`=Zl_0td(;ZL@{MAF@Dwl1+sr_h{phakQz!q#9w?E6Dl8I+Zp@4xAmmy{_%PTalJ! zbT0TdYiMlz|BxfjFN+;5A@W=&L%SXvAb$5Jidk_#SO8`2z1!X2fjtkl_)}D96>J_B zV!F@-2o00P?h|_1K1+?H+}tO}elf}_bhOmdFg%%Ht2ha;=B6K5=krynEo3$IQh~|{ z(t0h5CHpn#J!IdQHdq>C)q~-DGe4u3y}NZe^AK}Yqa8o6yE!(qOPg8IJ15w`JqU1~ z8R*lGuF3+S$|pbo$(F>~6m807q+abWg-MXRHvqtBwKnFez)ZZW3pU z72`PM!JLkk0Ic+AGw{A*0KYpxvP;>9{bzUFdUHMFg^LFA#a|iGNP{ew*#6htSKJ-A z8wNcztTn@WuAa2u5P@#v+}MXK%#}{gEhZm}{^ADMy#`y^`U-w5b6S96>!e|GW zXl$Ui_Us;r0M__*9nmpASJRW8yPy29Kg40{vPFv8y!>f4oYPzKbSkrJad2Ps*eBo> zLe1s>fCuW3wV?c%+0L&QgzB)n&^S6F{d4A;Nf|5@AyR+H3-s?mE>x3tzN9LKeYT31 zDwJC=-ST}NTHf;SV7pr}2gFI<3{Q)CyLn%K&o_0@NZrM^=$MfXU;q0o+mKmgPKvc2 z&Aom1xTKvX-sM7KjziUE&g^JC>2OARigmqS?@?B-Ut@I~bUUYfaJ2SBOOqnc<#}Fx z`{7~md;t`(bo?m(TBgr4+^fR8s;r|W2)>;={HEOvh^t>;S;*E^AJ94Oo4P{~vqcIu z$)k@ienrSH`&7E9 zuh|>Omaz4Uso z(j9%=Mo6>XyqYVMa$eFM9C7Ae!r5WnrImMa*msBlD(7P4nFh*rh-R0lO8LE@{y^4Q z}FbTKFBr>yxWer=63hOj)>8!rWhvj?+vQPv#>RKJ@z)aZgJ8{sX0+PLGF1@Vw8N z6zLTruC~Q`YY&J|*Q<=<-4$c8!L;G2v;PeGiyXyv4o{_#~m z+fqQW&J9e)Ws3JK{o>*%(O9CD0|-gsDG~MR@UxUO@aS>S`$7niFU}lzPn(7s?Ks}* zx6v?AIU}RvT>KyYLWVw*xo-1cNjkzST|ate8${jD^zUmi5!Q6!>^Dn^+rr3QfUo&e zPGrt3dh$eBv79PgaTsO!?o$wnl_QuhgjEAajYKN#9;B%@?jyFx8OAs&o*nY3Bp1{v zO6Gn6GNw`}9YJ4GKB2=Udj~k@bldP6zHmx0isy4PO3C|Fu6sH|)G!W=MdaL{Ppgl? z7Sd{P;!_!_V~slXC5Sq8lwI;JMs{w6&3(UPA5W3Xnz7>%FH;`kP*qjBKoEvwT z`%(L7&ZONLsqNB*YeNU26;kn~BTV+(w@ULel-7GKS*SM-|FC}27rL(jExX7BurZF3 ztulU|$F8r)-mQc4A3(6LXj9H^q_@-nm)6Lj z@Brv0gWdG<1{y1Vi?_*yEZXzbv%m3^Pn+7#`<$zKSnnK{EjC5WbiYD{1moV3J`TJ> z^`s+t6Gn&7?>PB_k6l!km$KBhsAH8epEyNQTqrNVT{$3zFL=s-*Qzrq=jRy@84GS8 zlJ~0AoFjFf4Z+RKh_P19y4?Exa(#KAAb8R}n&JEFS z8uI64)}e>0$vB)SWC@xj?$70!4l{0W3K_ehlnI-{5y6rkA20Y6BdTlE`sRKwbbuu8mwI|`T-a!qTT_o zf2byIU7G3SwLQ1Hp6SDKrUx5=ti(?q=niRZfhsqc8h0ba)LU)(6P-E{(+H>}d{+-<1=fEldcF+e*yBlftZ zm-}TIioD#2Zlu>q8wU83W8r!!?|qKIeM6)gO=7egA~PhCJZn&PF)~PA0xO1x$_J?a zsGj~uqOFG`dX5o1r@QZpZIa@#hP~G`6_M6Ss$tR^yX;AEhK1A*UuIY3aQ!xN*J!Af z{b^i2Zm3VF?br;7r`l8`*9C1^*})jU4#lB@Q52fdC!&FBgwckeft@M}#NV^%M&}y4 zoujjU#cFddR89MqyB5Z>XyF)Ko_d?8+nKtwG9L7v<;^DS6dGeE%nGh_q!CY6Xvq%U zO+Us02Cy(UI>45Qb}mm}{7(?3EfRTm9-HM{10--Y;eY2%fo~nkbsAZYa$$)-d)QW; z^s!q8mpQD^b~RlYM#(In`Jcx^4@7<)*bBeW3#aXlz3R7qei5J3`}PAn!-4XEslUa} zaueVAy(|60kXA$Djs4QPkbU1o2jM@Y1byo^AMy=_IXpJ#(kO7z4ta0LFZ?-zN=(G{ zxqQ=J%~Pjyeqb&TvOza}5Pqee@)S9noO@_xwAIVF8{jY3=QJ}uuuXmeJ{-uph;tnQ ze`x{J0>eu8JKllH??fUPUr$|$8wS4DPI|`8K}fN8?jEiPG!~u?dpqM7A9{hM7`*_0 z(!~Fke4wE?W84{Mh%Y@(WZc3*yS@fIo;o_L_r5n%GsMyEau@eIcHrPE-OPh59*?UK z70%S1=CeSa0Fl{JsgEMtD+LjT=G|T79yJKlS<)WHE2P%~d%*C#n&P;lLv1ec|M1-nYi^`J0jbX|(BtxJhcyvtB+Jqlo`^TA^+st0tz7sk&3Rl6{6Ab0QL(wer68Pls|6??~~tAv|z()!3;x|V=u+5e0Og5X7!(h?CTu)kk0C5 zNL%J)Tn-k1V=AidhcCfPoCAmRXz4*!i|ltCm#DYI1cF!?RlhHo>*>@VnGMQR_%GjH z;$P>%C)n*x+UiwnA92+V^Bt}wyBpr6>qoy&cq4YY&;0;i-?448PB#Wit2BH`b3vj{ zr6?EO33P4GN8i!y1(4zT)!;fu-DSz7Da*+Sir(5`#`cvD#D(?TmI&Ww!u>BBZQORM z*ZLh1ll({N38x)B=0uqK`FExkCAHe3N^Rg$Htq`Sw#OSKU;iZQ^Zs;+A83}~1CR@3 z%Qq-&p1uV=C+{~b%E3pSA0^29-Bra8tg38%y`mU{V>COPOv?nv1mE`{2quqE<&}&+ z3cSK-ZYsf{s1`z95*INP!|AP9`=-CDNRhbdOU1Bx&LZOt?xP9kGAy`9elWQw^1`u%FYNfN>8kCnNz(z#FEwhrFhUAcOpi(eNA3h4NZ&3HeJxZE56iftq35JFL#>}Ej0k4>h7ZgS*R&H)DM1VeW}>pyjIykT`gWM+_d6ITgbR1f4frlrEpU9Nz15FAsdQHkD|L(`~9=aiV#t574wG4~a2zW@vqU1zE+ixIP4 zldlU^&JEDI)QaoF16=dhOVu3)#m1DF(nC)$cJHr^ru~PTxp%(j(*<*CZGwJI8a?$g z-I*+)l@B5cQu5h7ZHobLUDRq0ic4U)qe7>1^+7rDJvu$b442bD7;E*KZb3phvsS!d zAk>***|m!j56?gD;GIHKBMd`B5}zT{b11DzcIg2dRF>nkNUHj`iUyiCoyfXH{Y#-L z)>psqvROX{E<{=hsfu)cS+CyN!qbJP*xJ^d_NOn zw~j?++M_Ryj#RZJ`oH2gbsWN1;Dpls&xSpQII@SV6O@F3j*aY#LUl7ma8r?z)r8yq z!U!u9rDX=;czf&KwTo2SHc^iYrB4i;4;1s6TL0G#VbQz>HIJ84WpBG$Td{TeZCN!?_35GtE?$E zo}u))T}hOCfSjYQtxJHudoe>*y#zlv=F?`(r@9D*|3(-*@_QV5@8N4b-LdMcydT)Y z^5erjp_yOUyFc8D32l2yGxFWr@=2(et>(Yq%&BdD_Fr?Gsid0M<-Z&AT# ztqJS&G;)iaM_K*g#s!XRvEh*tcklQj?TF9HaAgA5n@J$iAZG3a@r|l0cyZ&GnCFcir0T2xFJ#WtR%EIoCQv@z!M-fR_MEz1 zSbYu5&s)t;)8rTx67 zU(6nXgZgNpgq6SoPdoX-E*9NJ#5Zftw~wa2Qhg)#vaEsWooau+OIUCf3AwL`e=Fd> zL~{JE8~CGokJ3mLC*!aC%d zA?ie4iDS@@M0oVZYV5l_inGXiA~=MAn(+z;DqX6h6fXK-kQJvM)0vQMP$EeSnHy*U zK-K{6(1P#WAuisL=f@o{&Q`gi?& zPt*{{4s$n4GzLq!%;KQ8$?OxLH=xnILPA1l2YYT;r{aLz(-G(J&Xnzh2`ILu3R12a zxKM81g-8rJo&D0i+&%J)WWw3Eq;Ogck=|5V2sax_#&!Mfdcbw37>>a5fGtY}Rur8( z&(lGB(9T4QTzv$%POM53dR9ga!Wb9 zxQiDe`m|ChP*sjm0HREa3ib)+Lwv$dAX1N_))OE4%{L}(eNA#mzEV&&tQdA9K#n5# zK$J=w+MuIQ%pP%1_}vGjzuB3!*{N77gJE9{H~*r+_65$F-`ECnyTGZzKh1`=l5E}9>riz zJE^}9D=5}>4j%532SsR)HfO2YyFA!1ciBnY$Moo=nwIljy^z$B(a%lbXC*kp@?F_x zJe)|^6PaE+)$p_sb*m-CHyRQt$@XtQr+k0^;M0$LcbYvg-CiaCel6l=!2Jc+;58o@ zx;aK+P_I1Ge9Oux)m~HF`W?V>v%!(P&JDI(-w6Lr(;;|hRY~huR=NHfQJ0E(M`3gc z2YSnU;ilEDey$vI(cktXRu{|?!hfe%3%DUiczPuBVN<~5C9DwaAuj(RxhPn>*su=d zq9$+>9xfcS`l7H!T)`>0JoRPaE01l{j@XhTA_2LDfZna>-eOHUl-T(lLErl}ws~x# z{-0<^$bkrjq#$zM5(n^ZvCKfc81OJ)FOs9XnOkZmVzGVPA3TT%hD273yN(I%v@2Qo z&9Bf_WOD|wV)w)gI>4(<-oVg&Ff@O?FV}fE@r4HvKenq8Q16y(jE)*s5j-0>Jv!nWqN7VV)M zR2Xxz$5W`*y@t3{iJc(jiLc->KM^S?^+!j^705|^xHSwujOaO6AU{0Mc1E>#IcmJ) zKmX5&c9H2d4wsi1_66lhkIGQ6_xV}a#o&go9ij1%O+26jL8`w-QPRZ193{K|n*1|X zdJO?r9s;jb?sB)|ZUF@9tOR)Ol~vXGWlR6Xz%iA1%y@O3hq_Lq-uSQ~oN5^p%v^=^ zMPv?Za|NwuLQXI3FE#QLC47AAL2!KJ!V8R)r{0EjZ-q=QYoIFz0(F%WV>#=+m!Rc- z*#F(M4fWNn&HC*E=(3~Ueoml&fncWRTTh-zIYaDulELVC1MDsoX|?J?T-6yocUVWv zFQ%Ih>)NSuO2ieZA{~02Rj@pW!VuC@phBWpbhGNyxd`9cd*w(yP5Pkr>0X;yxVuhhm&mPyMv`HStw1&`Jc8|37s1HBL9t zyTg$IkmWx%q`J)D^2TI|V*u%j<0*klfT-ui7w|@LQ~J0-%=}qU6Jn}HIL`R0PGDO1YH>m&E>v*H zIDU-{`(thMaOCP?wI#s3n@J&8^nu`-Hc0&y#FPLD8EL~m@MXmP5;IA{QX`HRi{)8% zYbSw!8ppgV%!JJSjMdvZ-TK*#@wsaHxE6R_6pWKMK6AL)7K88dB-YMpzux>4TRH}+(}kmrH){bUWRCQkpG>Qo+a1v|X~okb1FzFBlv1`6*_ zD3N#ta-Bl^>RM>dTt5Z#|Dt!AK=-DyX+^MTy`)NoC*$3EsfX%s5B}sdWHK0|1TbmI zSCqBEY-By6s7cIETGC>#E5I$s3UfRkkNiQ?#fCrhT@@Lyg;yVOkF#E>dd(FBE^oxFD`m82$%%gK`onD6 zJ?i8ijjU@gT;|6-YYMsj2n%*J`eG}s#}lHdbE>edCawUl*t^F42E9|oih7lmcFE?d zGIi=7H2mP#TLq{7c)-~6YmAbC{VJotC9}^dzCH#uUos-!1D*<4&4gCbAh29c(q9zh z*T}NEfFuM(^FX8vozjhAe*JU^q~FOJw`uNv{`hdf828yY0zfmREeN+_yjE7ooKqDU zsfr|XxTU$O#i%jcJ~}!f3o{{kv7#D*(}GA|435+f`=@A1OTB+9aVF$m#I)OwO&0T#f|NbjBD4t zeqnH0)hxwIn*|TQ{O~;OOn`y5ZPrhz|JcE}+Rp^v29WYNs9)HXxvy!G^+dmoom-7H zpry5Cml~f%(E2@41D1tMWNEJrxKerm6O;R*oc^6Knr3O-Ff>hGnf>8aE=Umss>gl> zIuwqPGDr1}wpQQ|YCz{cN8`UP5B~VC+D91ZPE>!-M+ox6Buo(ui(wx6nEC*Ska8xM z?w7erKuvKy8y)*yjTiEDC=Qe#LAjl0JpKv0Lbg7vM+hkInxyyUF@C0?IfAaY3w-!A z5zsi^AZ9ao(Gp=->zZfAl?g$`8gGJi8;2t!+)uGfhM!l*J~LX{>Ip&1UGH5|6*5#t?^m z=q|k;FKb+zyrHjGJR`;zX$qDy;BEMoDyXZJmO2`1~Gm`v4A&aUKssAOcj%h*7>jI}rM}6%8amXpF7TDR91Xsc0aPwne zEx90#c7^~SRo(Dkt#;>;eAnLbsYxoI`h6%&$WQ=ClhYGyfebza$4l6v%3|C2(-4#- zoj-gqPoTpV7LeDte+u6+?TsJ#E#Kp1r~Pl~hvkev)Aln~WZJ3sdm1rmy=lKq<^5<3 zOZ3Ej^hx}v$+Qyq((gW4`hNalK9D5cY7~6lvGi!b9W}8O(=dkJ>HK&Oq-T@)(csF` zRn>f|yz%V&9Tr>F%UKqf;H(+_rDstG7j5Gn*lRXUJybT{ed8W=_wxTNdsB#wo}0_5 zutez`4S0O58^E>CzeLz+{!GCiS&5eB8^yj^$eN?U(aF~1|8?gSId0vpHB#yI5}-Ljo z*Z3bB0Rx}(1%!eAT&x==tDw$U`B-fou&n<~39G=2H|sdigfxGr=P2PC^!w4Y_kfbve! z4%=*3^Y+00`{g~MP;qyUt{H50I>kx3ahH<{ht97S=jU(U%ru(W%zJzXf zIt^Vr3%kGd%lO~O9gyDw@`&oh*6uDY&zpX)^FxoHf8MLOSw&sK*1zKG_FOkrG3;R| z&7zTuwFi5a3=*446P7G&ng?Q@6OtTC+C)VR)e&$rJSd~b9Beq``ZI)TCnQ9nok`%x zXt^g#2;J5iUA)5X3MA7HWA~f_dc&1)$O)3H=W1a^Fp#7#LRzz4WWhn}^Er3>?PMP5 zC>XaQ(=M7=(ypnu)fCsxTe)kw51h}2OqsdHUZGF79n$gJ=F+$^YgTIPme?+Q{UXhC z?Om3-ad7o$;p$QK#C4k_dgHVibe_k1Fg{+Oa6Ys2A&7NDwzn5t?fugrMyu2O)o4fg^wHvN-o#?)*jI*EqMRql{|PnKeEkx;lA_z^l=ahH z_Z(iKyK7@-1HSiJ+7}=?vbC-tN|i*6p#YJ85HnA=rwU)I0i~7odRn;6$O4MtBvcPj z|EsS8c*`xinMdKczp&=tir$I1NrXzS`D8)<$E#s$61Q8qyki8*T!&En3h3Ur*I9M? zoVO;-RRTRIJ7vVnzZ|D}cbUP3t|r6Fz>eq&%5m~=G|?s4zk3MIgYSohhlI%7yp?N| z-SJC%nZ1E62V|dLHZvmEV6aj@z4f12qfdVCgdSOC!)g?s77Cu3uBVz^H1U1id! zE6r~tDwW{=*9PwWIqTmGjRwYd=!yO`Yt0J(zWbr8z@YJ7+c_8Gw#4dLU2D)Cdiw>) zstTLadSaflnJ8J+q#4{{AXi$GJ8Cu<=PemNE7(-%9|7jXy|qJzkk~n5O%wH9RwE%; zaRTeDBzcA|sYT=wzBf+c)hXEDb%Iy+&S=Xkqg(MGwv_rftCa38IAg)<|#e>r%(?ZC(Y)+$~A>2yqnIK>Q|@U zD17G!5{k$jPVR!{(}p(oHE285!xOO?hbh zznQ_Yui?`rV~O7%!6kE_zAl7IoPW!VER9n)kGue32S6NYlzu_;Nxv5CS7|fDV|Cf+ z-*dV|GvgjN;=9!COK+pjq;2T~TmGfkbf|V3hGUKyjEwAwElBoTEJ(YfO`c|NtQuan3ILvhF-k#p4kSMFgGeE{w`*~ZUg;Jk~4}0E^ z?>ENwPm&z`2?`hg&K&7DVz*%Lc z?F@SdzgyhqA3y2&wbaqHbtETE&yo(e6STjh^UD(ST*8KRo2t&W9xyXPPmGiDvp*ki z#%x0udU@nFQ%mS?oO61zDEB_P@qsV_%Vp?{yey|RS>ya0uSXC!`=D3aT&bTykZ-t5 zr%ai(_M1uUx3r1VPPl39iyxQv$s9gTdeZWLsaQdnEJZ)hnjBFFJys?thi!v*Yhy;w`dhi*`Ubj*K44>z3G6?$v( zb!Xq<<3sRKhq~o8TX`XlEh)QI7$q?GZ|Hr>&**P(L>+Z?W3uKwm(d=HE1!cG*Bp$s zQ%&*DO$SrQHB)wWspt^&i1h{h+->WnJ&>s2T(bh?3C?S~KAQZFtvn>Ohkp0omnOEG z;)gDl9S5t~I<&}XT_t{b{}N$8V>*HA+8RWjhxiW9R8?~J$P6AXrr{54Su62kNG;#V zMNI(CJFERRWX*mX))R!7#YyCP+6V^%`qtIwu&xH;it9=p7x-wOT%8hc0@;J@@i9#= z6s+H5736jwyX5QR6dssQ<^~e8FIL;Ry-I~F2B|$_8c*zi9!J-7P2UcxQ;~NX#gK+e6Vf)+IyieUd+n3f>59S*9a2B*4 zLUWGaNlIAnYcei6fE#f;I@8+6to**s@fc1gayyjH59QCeI<`LfXm-28w4DsG;+Y3yh zDS0(n%sT0=q?zTH*9%wLCUS1QAXK?W<@3LK05R)@mm*~pV2yUf+VK%w& zD$jC=$9US%p@@L7bYlYag~CT&ef#H4CBKDceyXcX>?f4rcA;KN&oQb)r}#G;=O*lSefX)I6V$Kmat*tuvuHm;u%ExR_jK}d6$FFQVOLiLy-pnL7rfAEWI zx=4N}u*J}f*xh6wWM-8%Fw=8Bxavs^)@3Y}2GrYyd>624zlV3i{a%J8R|ly%Jy8M9 z)so`uLYIt&K&?LMm5ioCX66gsWC*smw)=Vbo4Mz^h!~*_dh5p|Plro2Pdz(!S-W1v zAB`7^Kanr>twYAlJNZE&D4P&Xk@Fk7z7_@%>`sXGn59H=+FjUv;Ad6YKD5SLj71k8 z(dGI7UAYN;c<=M#R9hU>i!OYzA6!@!_B1Xv{;h84+8%7NcIr_^9)th%qe z0_w!DkVQjgKV5J0S;6oV?5`T{lf0K!!(OGKm?Yuv0m}QV2rRFw$X}E0Gq;~9>&x#7 zv^*mf?;f;qR|)kty&3XgZYn{Z$oX{HW&sn-@c5fdtKFZn5tnG5b7S$;5AKY9I)N7KQd#uTG&fkgoE&d*F2SI%GW%Ky!>Z=ycSs8SD zK+(Ut*cL5+p{irSDW+4%mKt_O>*1J?&8C=u%P^eL9|GobXpyfEBD}ySA*j{Gm=mNh zK>KG#J&DhDJu9&$H;amE*nAI(N3OvZ|5*Dm=`kMr=SneAP&D8S#jo=yoH= zTohglx*+LEVOzeGOdkO?NTNDX27->P1C6D+Is%vL8b%m*lQQ+cP7iKfHCjd(P z(rms1&;#5);TC(!EBGVXfaE7BhAa$%qa${m6vWpsx!2{jxo4D5JHQIW_7>GSY6{c2 z)3*KYJ)OhfX_OKV96Ear?OQVUa9(E~bLWxhv5!yT4GX5p-|?=z^ZCYqSR+E=qs6so zb(KZ#p0%UaTZG>T@$z%zR^(tb0jkn*fjva|;Q#ZYJHR)^9;}POB0YM(t#akKs66tN z!+ylH19Sig~=Zw<24p zwNUF^&Z)aZhaTEf)aH<>{vdKkJu$o1@zm43nj(icNEdW1u@(xx#Iz4CmA(v_^+_;% z&nMpG2C-Y;U$)2r+N-@Zi_7ZqH2N{n?0`2u2L)GFMtNu!SB_N0&mM`$K0C37#?A<| znO~mmh-Y}Dzo6dlV!v0-x5EEo{%bz()gMsV=wY8VW1Zxm9HWO8pJxWi=F25b^`_Th z;YF?B1HfCM7hW_$4GcuqU6SdDO|29o0X@K$E;S5#f^o}<+ji}`WWY~RY+)Ar$oWt; za(!FRZJTNGZq^qhj@vUwwn*2(_O+!C$FfG!=B4M*Vn?eSq|gx&0{?hg=Djb`RKX+G zrNqk%pzc~xo>?j5Dl(JMu=M5FtEKpb+|gvqzsqi_Xa=NeQ)&j{Y|7l4f`JuR`(B_Vm3x60yzgg^GL& za$aCn+0Zh0-0#9N%xX%Sv^w_ob=Hm?C1PvU>3e!y#F?GHXbRdww^@i6NR{{8V-6r> zk84iId%$+QuJh*d98=+2isSl|m7sSWU~lJPKnQx)%zQQnO7cB}q^OR1)PaV#359zAM||dQAKm6= z$q9qKeBO|}Vnen@eS5DiVDxY3J5?v{SVx8YW_Fn!pL6Z3I479zqn$UAY2M(cfzEXq zXqwE66>ggj+Uwa{i#P@rys1idNT|q4;O^>;XMvR6&zFt}$qwb#gP^`12Ov13aSCL0 zr9VGZAQoPm&560?)<~q@?`csntVQ0Gg`3>(?~n9;X~9L^LG&fEHBAqxUpP1R8dVyo zhPFBl%Mt^#Q=>H$z>ZSQY~DO*Y?BK(nn_!crO7b;X^_qe81u7%Hw4D zWv;O=W%Y#9zB&@67o93R(LhzQi;b!kmtbcL71MnJx;&@nO_t-0o*n#TgU}^Mu{HUO zg&p_iVIL&cw;{6$z_Zc|pl`G}?{CvI~KFibV(f0?B zWwG~nzTg)-5a#yh>Q5Y#KDX=}o2&36PrOih8C5^sp{5kTUCB3)`F6eO1L*faNjTJ8 zEPAZZnY|U>;;YLXJ&UbuBk$_L&%jU@M)Uiym4JXN3f>NPoi}2uI^#vaYUI+Ht|-QJ zS$i|sQ`#cuXFl@KAGxyh&3=6I0Iq}oC{G7o=c)^ao%!sL z1W=PY{wR-Xq>3;|;6oYFDd+&CEgi0MdVc<#7ce-mso2sW`;Ws>pS#&{ndh}n1AXgjesfDi= zvrJ#2V*O!#?zy_X*V+>~YYx|xK4pHP=JxG84}T;F>$N?Da9Ci^XH=?^{G)FkA-UBBbHb3&GUaAx znU31!TuFVa!x#I2R;wLfsZ`s~M%v$e__WBOMou28 zb1H2lYWChIHF|}M0;!WbznGA&y-|2-+TIdd+1J1wcR(3Ip>>bwwmUS}BeQiapd`jN zHJnz4%@&u}Ur>)z=W4ppJ2#Oq>Qet?)(I^+;L_|c*Bm$rvvY**0keM$^ACQA!E)mp z{(?%F_c{k1B_HMexS6YlCj#b!gixaoYi`<^3fpn$mho1Ix}^}$S9IewV;86Y?=0aw|Q3Oo^^0{$*ItmSpf;!NU)ZD1 zd^y)AT5btk`9Y7q+v%06D`~<_?o~!{OofV`4|8&hCIf1yL@3FP|BU8bL|@yZApnUX zvyN>N_KcSv=1u{DXL5Rum?L@NN}e|vWTFx?ZsUcXoVyuJ=&o`cmkLY#a4MWOmQ_1t zFk%8MvVfd>^pyM@Mq_d#9jnu%sK^56ciC~O?sXBVwb)`;7h6q#P0S@}l3EQ~Y92{%c#XmPNj0*~hd~47Th*M6pc>wHgtJoYi`Q)IK@h zIdf~0;JH7ISpp;t6kdiiqghcLZ~ipn zGv}AKA#Y)4xPu;`J4eL4xLbyt)PuB!vR_b_3cD4FKF937u)~V?{ZYYdcrrZPpkO_S z;jtA5J6XxlBu2_vJD})rMqhX@JaYjST#?*+ir43hhPMYD4?c(fW!j%tHSYA$?GRSj zggh{q+9JQq3NVwA$7BPPqQQt(75wa4rQcT90J@(Uf5#a6b`Sc9hj-Ind7hmlYcx8w z^o$xXi4&*;|0D~*H{sw=)zR=zy zHAWvN3M4w^Z2c>^AV?LAZrq3Qw*%@eDWjKto3r@YK9~VSo|x!vH+Qsi7}A>$jzw1` z4E6fa!6)kzL^T1kj}#@83!^mq_LfetkF$v5<{pK4tC1GUzeubs*YhP}foyLBk2$fs zp&>5YEZiur`+B%j^XKk}tc_`8|F)S?gVOTZbFw6<+f#XDs;hBU?;? zYgT96}*kFX2 z@vP@;JuC~ijkDwZtGT;(TIYn|0e6&K0j0sDdxmoyBZ(8jZA9Ct49AezTEqoLT`HH zn7)`bS2>%bRh1VGmD(1a<@PS__-}B)E|D&O9`J~onUsWg$=zd21cd$R72wj7?%|z7 z>*jR_NhHf>&BX7VYR=<>jGldxLhFvYE~c1od=sSswmv*!s$C#7BwVhOSZbK=e!hvAL#6wh8PLx1)7eMNQ&$!Pr%rCrJa3$ zP8MA+_Ag(-Y%M>K_}KW}#cME(_lmkX?VLiwl(7v=tLD)+wj{K2Qjb)Jl;f%NRYR|h z{xQN}_I%r=y53<|fj~J~&HLopxz`iincq5#^d|&ey-f*1xY3ZclkNRV0b883^!ZEn z?ykdks>$~q$Kk$Xj~yp{cWE@K_0Y0+h53~Lghx;Km-S*v<6-XP8VV{N@dz*Iw@y>B z=B-4Px@;=){;vD!N;ZX&(eLB0k$lQ8vTd>#n+(Q1de)4(b!pbiO&ou|50^o($G#2D z>Dc6FC(E}tn_QnbR+=+L@D0uJ z!xId6yJqN9_!kC>_x>{t%;}7JpO%H_hCIPkt)zmZ%90ckWnUz7Hhyt1nR2UU;>)8~ z;kGSbe5!7Rsoy!p(IvAH%e7;96IwlEQGiCU2Xiy#CGknEde8JYRUsT;HVuzntp1Fg zR2@TEV>P9_@7Qv6k<$|0p=eeq_8b}zBJuWzi1Nx-iVC6V-R>^>LosjepDT7rHa50= zaP=?&Wftmh>Ptc|oqL9xAw{AqRrmCq9)a2$Z!m=6hPPT5+OJul*H3F$w@`*N+!&yM z=!flp?BrA%{k%2pw|wN$PS)-AR|mO69NK(jx;<1V4kLpT&_A3FnQv0-g|Rq|qt;^n zb5khCKTj-5ibi)0nKrD32P7O5&H06lmF^Lv^n?0 zD-`On_Jygfzms>oDBqNnzvh{zp$GKG0ZyP}xTV(bTxI3xAN@VX-mLwIoseH%Ix>85 z>`oym?pAnUh8r+%Zr=@d8{2v9c&WegF?I0;Y3b*M9nK-sU($xO++Y1hD}%p3K?0H(O@+ zBFXG`pS(|Z@?3(IKcFn_&bOkX-R*j*+|j<;1LWUn39Oje+ZhU=M5{_ug(`=18)l zyU=qnb(emO<_&gUUrq`rrL4Zy8`3X#T5o;Yu8-)eqCkF=Wqaj+H)wtZ5po%tdnR6C zNKzTTtHN=mWOCMhe{4nT*|&MhY*(HKk52Ih=<2^_AL5$TX8F>qy3p7c4P zL7e%E+!NQ~IvJFCV`SW@Le7+@OBxC{A4nn^ zm~9G0Y-7K|pQ&a`gieVBiD5&_7kr~aYHX7vjU&C90GOZt&0gcE*0%7-YOHz(vryAL z7e+~ti6a_X12H|<{qdMZ7~?KRo3@1pp6gHyronY0u6bQ7Sp4Y`DFDRkUk~Xks}3k= z|697F97J_q*2SXGm0_2nOD9o|>bLz`()R>B_t2RJ8{0B}#h^kz?e+`Jx zl3uw(w4=64{PvR-%ZFFrzYqF9jn9zL8btiyXTaDn$hZ^C4UGuSp)Hg#oQLzw`VN6p z68cJa32!=9fsb6jZn~y(KcB9=rW+a|8Gr;kd9-!7J9{g0d9usW{UStlo>_WZR?sH< zw&iqAPf8^Udq-b(RiAZjY%4?2MQP-gMR%5^1Lsl&x6kL8@r`uUqp7$(a$$i|rLV@pTtNRR7Q2#7_P^E~gUxNeSCk2VSw>;E^bR}d+Xt(- z`ViT37)tz8aEK5bP)GM zQp&a<(mhx!C%x1yDFPZ#*2K+IjIt2j?OQ z1#wC#NQ0GM8g=1*@NP~(2k+5ToBF_R@@C3y?WvCHZQ-mWMv)m&6?w@^obQE-EI9QaK1krNYq< zYX;=UdiN{zxOpgS&uxyRxjH72=8y$G%k&g4AeySOD0y3`ty|)hUo<-J+SExSt>=UUmgbhig5)(b>Yclr4J@dkc1Tl z`rj$z0c%L_eQ2lib!X&LaFdRC;Sqci@k8EZB4*BY^5&}y zC&2%T-j=|ry(fA{tOI+1!jr-xJtN5pn4r@V5x?2F$R%-c&zhLeyDQWQu6!f8mG!`I z>syuAV*f6#Lsh)Iy%d<#rK&$1m^Y`d3Tp1$G5GP8(cd~~@8b%ZyNWE+SAB zo-y_Ju>R=F03|Z)V5Kt5aXeF+=@M$wCq8>zEc#oOZIKIFJXc+uhYJi3sjy8zI04ag zLVF81hNY9Bd1?AnI((0DKV*h0eiF zMn{}_FC(I({^N1Y;9BGjBLA61_1lNLA;GF)N9Tb&-2~Pk$W*}nJ@)76EZ>jU+Y_p2 zpWyPgIDu5;J%8Q1DgIJ{&K8{*$aBX8msUE5GQ4m#m(ahh7hkA41k4q_>=O@Ii>mbm zGU?_jPY{8pTH|WVLC;DUfR>jg@A@?rF9#-%gT$;MgauljZB@Bj81opl2rk48^AH&L z$0JU9@hbBD2Vr4?v#$$+{HBYYljOiG$Q*gqhHH=UyYCN`81D_3y6Sjv$OkL9$x3oy z4>!KLwfHOSgdr@r2o)Oru#sT4Nxi$vrlrlHRr$ZCv?LmxuRD?=?hP36>A0IU2d!Mzh3UN`z}DcyS#&(H2$Z0wtOlb{M8(rdI&`LD3n;M}*x%!` zgLYkwIL?kcVivxI%{`b18`dJJmNDRq zOf{hp*FSYp%6VnZE@@IPISI?j5kAarRr-I{*0wrQWbf-Lsd%rb%t$HGDQ#`N zC>k>fgkY**8_|dOV%;j*s5S5=ArmN^mp&`MEB{RuCR#ucLH?je(9Qz6^9{bYG%Ar>jxfT* zqST$8n%DDZzVpme4&`;2i%MJP$9(O)n~2y7WJX4QQDuCx15`!^JpDrN$b5VHrCHrD zFoR7LgVp-$2R}amciH?&=5OT9E(l+vn-2z|L)t+ibC@J+4mLx z|BEUh8FCB^3{FvOa)swQkB6qP@(iBE_vh-uo7pW~{{?nPYcJzWI?7^tXAHKkp)@`_ zDBH{rg>=MYpV#!0fZ@o6D%Z#0_00!;4ay{%<0@FptEn}Ul8>v7okhs_bCW-}(&5b> zrv>|WVODnWjaU3%u^eAHA|*u=rcK6cw6^p%L1G5vhVbORx}JUd1UW*o zr5{)(FZIA6FVuCv^s(!cf`Xctk6o2>U<06%h? z4U7ll5Rxn-IQ?ukE_b%T@$$k4+>hi$RZixZuE_O+!x}o-HR8aL9o}8 zn-lIK<-1rvsjtg-b`?l~jy`dF{2P5aduCz((Cx?{%P)ZlTH@~Zd_{`i+rs$aWYtpt z{=kcY5#)Io+FRd~^SeIHAPSSBI@(Z=N&SB;oq1G}>HGg{oXJmFTGN8&R^v=omTT^U zmQzksYGrP@V3MMdE1@9*mQz-4m6RHz_Q{APW2m=%yL}EPLU!Tkk(&7U7?!hG+FT8 zG(?5(n556RYiCL3qYtJQt01N>uKto9z&ZqT&xEspHJGjr+bln3wOR5Lx7}YW3*G23 zd)Gj3GhH6E$?XMT+<7-;!Xo8?fqRYf+vI?h)k@OoZG4sJW5{Jg}LCuW2|g z2$ga!*9sX&o2~)fWp%Twsc`1`98mEZ=#Kb)o?51w2^rE?1gm%i&NrA=eUn-rS8kct zl3VgxnR}QkIi=r%Cm=khJZDlO?~XRs&;Y?_J=5fsi&0yTvYzJku)G<}zYUeo!U)?x z&6bNtSI)3)V3|t}6{(*-Ku6W0Uy^c{EyEfj-N18t#1)|>^Dc_k;hRx(D!>SSiV0W#pt>{D~mVH>k!<~-Vro0zArF0>h@vyY3w#|J=IqF zrOnX@% zGKUMqogzvKI6Aex>)!a!YQw$p2&~NlKh6`&lT^Rr#0~K?J9PNzdG3~KbAE-P6$Jfda2 zEeBxo$pj?o*;-mljQ^glD&z!7yFbCKvGay)z-lq0IJIUzl`8MVcFHNKEI0x8hFDL5 z7*?go85*T!Y_rwt(85jt>l_r8zZsRMg!Mg9|7RM2vxsJmcwzyVl#7bi5d=zje(Y1Z3AYIQ*VE?I*mm{$A5iXI7OxpDSK zVPlT*`AWrLub{f+iteJAM^=9I9Fys9i)9ByoR<&1MYU%AiVUsSVx9HJ;+@TgP9lh$ zJhL$uCZ@KtvBVEmpG<9+ixu_qGFMI!UBq9};_wse?I%-mNw-TgH@Nlhu%FS9K`W-v zdY(c0rD3V*R5qalJzkoe8pHfiyrA>39YxUE)-Z!1up=b7u4M8o8Y3l-XV0nVPifRN zs6`W2g{Ih1vTwsd!A>-*2+IjfcC9a$9N`sel%P*KTcQHteR@4~&JZQJ*;rc(6`b?O3Hz0UpfIl9> zo{aYKFwa20Hx;$@sJtvI>HOlI#OWY8`e1uaswzj>y*tbJ6}6$th+-D^N~;Y_pp+LA zM7W0MsVVvB<+ya^s0fRk0*RB?^aVL(?SJ$K+SIrbJGpba>Fe0*(16C!QHRX5`$OHd z-n=*H{3UU|Gj%+Rd;H=R(xD51Ju-5_FL^P+I-IT&<=x(cXN)66S?kA|{bvh6^q1>z zJiMSG4)uHS|16cymle0Aek3y%g-c~e=>s?YEp67Jw+M(0DjGU z-FI>(PHZiGA$g1&*5;vsU<>vLH^=IuxZNQTkKH^63k-Q5%JF6%b{VZsH>fGlh?}!m zF2M`ZhihqEL~MX(Nr&}BAmj>*yIYd2@-k0!RiB%!V5Mgt5M&!SRF^j6 z)m2IZX!y_l2U%W54O~_E>QC9xuF}W!tW;%0aABX21{t3cR? zs!Sq7eCKm-l$Z5u0*(@K)ze>CbiM*VQpRuQq@GFfBxX5# z*;ZfH4n*kzeap=B)XobPKStSU6v~!MewAXV=+`sq>!IhRD9N^7%&TYK7)R`81!?qZ z=O|z?QG`#k+!Nd^v3PfXhj|FyJOQQK(Sy1wSx4H}X z-n;1~lh&s!7qe(sx>_zTc32qS{+)14)H?555`B_hhh(N@HHm~JL^BkU`CWBVJS3wR zxG;yvKu7KiM@I21!ZJMU%o`55VYRx;kCpO_Fdve_W)B-ktk`CV;=uQ@Zgn47?&`DY zTD?Yk8Jve}G+GaLsGo1$yDlODxJ@UU1kVOkUia$IQyj}@J-EnbwwKhapX?sB`PPUN zh?ks!BbnPfrVw9)02M86b5_m$f9}VPScRP%ZSt)tn5zFW@f%Cpn@hKCA4Quq8+zn? zduNk5>$_SrxF<9`K5-9pA%;DOVj=0Hsw=f_^XjU_JLw-;Bx+ZoJBvM(Z?j@(hwp+* zzWlwwxgh~eoj5zQgz3Q*LpODMVYhGgAng{nIIO!fAIdER1Yl)&gldsfL$Cr9xZPH$ zzzDGh|8L~nk3rDJ^?KYj5#3gs+V22&geZvC^OJrnu%} z4ef}X^Uk)|)F6GuGo|Z)+QRKBX^69CG^An$exe(292hG=+LK)?Qy@r4(GDc?$&#pO zII}RLKoVQOtC9!`k*sh$PI>sj1{L0iB6Zd zvVy|$$_CPC?boogCgsOQwzDWZ-YdWjclZcQi1x%_^2PzlS>#LZwZPKdK(|b52!nm; zUg_E?(Ypl87g4fc9IM`@UUwD~EvkvfHQf70L0#iFor8T`Pb=Nl!ZXUFBir~*qW%tr5 z{v)6E*_Tn(DL{>_K8ZGFZWFA)RoEp=&&KBxl^NZo7YGXTG% zC3EZVL0{n;kN|N+G45A=VltG)oYjkA${Z>7lh_S`3Us+Skw9^5e~ z@`OU;>1pMV;%r($_=hb8_5bR&4;Fz48aYz4gSe^a5|xdF)OX>br1#* zuWLbD&cf!%F#7A2Q+C!XCuy`Rw(Q0m1DU1CF1mgDdg>@y_S*8vHkM5vbL~NLOuNaU zUcdm-iGE16N-G%ks(9WiD@hpM-s}%lrWM-x2wk%MM^`A`L-cPcj@t{QsM)~!7V7k# zY}Vk*4Kip`M&!bFE9?YBmN$8S>_O~jGk)$QLF(!=*ojRFJ zw$&JTnHqUcK))}cmoC>a)M=x-*dLft5q&VxH`diIp8D66@=8%%d(j-IU8{XdW+vED zP*pM|#Y~RD8|XZsI{rAo{heUlyJdT97@j<4K0sK0NxIVjfCL&^x8?{WXz7;vN05M< zPN>{MIB-T5_lz#yZus{&kg9y98GuWB4@F6iBNm2?Lh8`6pHBA!K{GY+F^V1t#p+Jk z&9x_&My{A?z3g6P-1r85CFzWv{t&hYaA2#NxMQvW-n$=FHH`^b`%_p9U@6k}-WWI7 z@c+;JXUn;U63{=N}5%Y5lG~d?s-2 zwwr#B%1I`&bdLwwH&JJ_FkT0!NBB?G@^=dJ$R~pIHmg{D+Fz%NZHlV-KtMHfD>q}) z6We$G=WvgQ_&KV_RN3y>dCaIZR9kdand$|5RFP&|FRs z6$`dT*ekbwpAmv=Qg33z%+QvNDK11)@N=!WJ5mx}LJ|Z!V>sgf=E7Q*x85pj z3(wLZ|6(BfvhkPV$`-&Rbc?L9+G^7VbF>v)NejE(R`1u?x%cjxYN|n$h_U->SRVbh z0`h=>!8xo`oI3vFePz_d=K&ML3-$d8=x5->tV{fcbJiwnG5IF$Fi{I@hz@Xrg=y^) z%WM*^h-6wA zKx0o(IEgTK@)G3DdUaWH3{>rz|ItGLed)UUjZ#0ZNdovT%U$z`wI4TLjeXB=cy)|n z%Dd(xSM4wf>B4@9#{Lr(IK_QF-x~AXBS0R|mx?|-I7B}VV^`s>X(Lbcq$2!Mxn0qv zEgB9%)|_&U`V3$hFcp^;5!aP)oIt3bug6rBn;Fprn2oWU7?yr`bjJKh573R+wow#= z9D`}Gx-6!puOmA7=e-2uoLoI^q$P7zr)hO=-&$sES*J_GC!mPUeGf#++3j7T+ip7o z5DHcSyqyvquiz58VU?3SpIYW9-4)xPaOT1Qo8^1bepaGiuR8S4@8imggLNH)bJ4j# z5*8E+7*ICrM!To{LB8@nD0YkNvHYv!)ql);W#|031~z+}9yTigfCxeT$ZUP3`pDuV z=|h8<`9m)8H`@N=`FM>=Ski~q(HUFJ6dbe3=XOlYq>eU~OlUn=tJL z?3TMYy$HsLIH4gjVQ)gmgNPZN@(mu=d1KUKKaya+iiW~gg;11R#xlwpLHK|oKyFA+ z0ZT8)yM1JgGp|U*EkF_xpGe>3B_k?DvW#mh*T%^L-^ptLsb%(2Zf>8cU}+lrry$sC zU8}{pvu6~I^w|aP6F`_B@IU&hPi8@PAN%-h^L;t3BP6tZcnN@c1Wo)@U2(+NQhNT; zWr%(hakY*oKm^jg>RP8Vh}X^Bv}MTwA&y4G>jX-6QGO2UHHEvoW44^Jd!oXgP1uQGKFXXKRa^Y! zEA3=)o@XR9jTU{n|Xdyptv?{YiV* z{M$@e5R-CkIb`+O#21ny{Y&>G=p_qw>-oTbkrv+5 zVpIdCTsCd#VdD3qu)`imQbuAwfZQMsZocMPPX31%TF?S!nw>d>bp||im9|<>7O&n< z{^jt>PnWDMsa}kS3ZOl*-+pZQW#^+ax{>>qwpdDoTa*^CxU#BVP|CCH`p?Z+o^Ruv zY#W_F^RS_9X=~Fe)kMrzYP0pSy0y|ngKDP6) z=6ZFPu5FpH_530)wv#spEhkHB$hDjGQLEK- z)%5EE^y_QgPE|0imzNQ@PWwWo>h1uI$bNsS@-0?7?mvPYK%t@qEX1p$ApB{HCgmqQ> zUrxAASX&5(1e)4X|y|#3V==+Smm1!o8JS~V;4&QN0mVR>{R0H{LA8@aC zf>^&b8H@RULu8da@aEHod)*J(yss~+7;L`(sbO22?FB#ti>Ee>c~`ud&^|FoDJ?XfLQ6`U{l{k zwCw7L^-Jnc@H6kc(G}yjA>LLJtdGcambZ5@!VUWSbJj&BZXVyBJA$d1o@rqZLdD(# z8hl|DH>q2@cy_FQLaKCF$p;u$aNT=1p}-O~ys!hm1z!CWm)K#|40*PYUb4JtP*WZsS)UwKvU~x*DgQ}xQ3@RF7Ugdas#D)@Cky{3S3qUuD)ZSZ6#3TDA$@3D10V%chZ=B& zO8vG!_Cs!BTBBoI<@Qow@}DP&(dSarIusMOP$DC%Yb@ZJ#Atwjw65xPrj&EzsSNgB ziItcVuakrRxLSV|%vkLZTKjY0-YZQfp{O2cAjHlrl=U#HsLXJ6_Zov^ys|H`j$iO; zB`ITutpV5#(4EUgu^-4TxJZI`S1iEesQ-nW-|q#ID*n1Jo zrM!`uyh>*oz@1q*vU0~1lp*uo1}giHzrY&@&|!&ZY<$1uO#qTPV*eH+DRMI{&HGdZOJ@#n^jX;4|2xe+oR?`mC;R%h{;RFCag4MDDr>0+&1)d%X(C}cB!NQax>obb@PEt^X_o>%m{$utB3C5= zv_~If1QOr(zHL3L`w*l1yE6M`Eu|kpZ~;7?N7E{(GM$GMRoj3F9k|T`;mQcE`R8CD(sp%OsvTHnfS(s z$PFU$Gu^RSZ1ATG;@zI+ok$kQJ29d?ucJpJ8J--5ZA760_&$S*LXiOTvs)wzz$Y}* zFp&2CVz{k)Ep@gYI$$Jg?AN30oWx3g}DxOY`zVT|e*u|xRlqW4UJ3fj+CFikYN-Qw24jGtIRV$! zm%%F3_M2^d*I;$~x(Y}CAc6^rin>Gv4*Q_FFWBd)@h#lS2*vLb+b%s zd+LkDqc4?kS~^S5pPQr8%m)mr1LmuGFFXwmw0YojtA$%Gf3*A`orXT? zR4-=wdi{#OG8d7?B;N;WJ6I=+jJ|;@2)@_mwU`;iG2T}c-_-j2tWVF1x5)c2f=F6+ zI1iA!lp=jUjQoe86%Bdo3hxZCN(lK}rjX16?Sa=UVi@%lDN9cT- zC3b;s?&tT>mVN4>PW1_${OFbdkp4sc%kHr&{>94YJ|b_vz5Kc0QP)c9T?4|MD>=oH zeV_pwev7ww*n9eUa@ny;SA8P_)!;z6G1W%tZhEq-erZP&=Wx#`xI^Wb#H6TzNKiOZ zWL{MUNHs#aXH__H1O1#n&sME2^6isN0A3yuavppadY+hGG6vt!u|=NY{cE*xV4@1B zD?zC>4{95RhpTexT1%>0A)<)EywHdQfy;u}XwYR|SS&bie($TwzAxu_tH2`w`1cqx zL-um&fAW7QfbZImP{<7{S-GbWoq(og^AZb3;l-X(jyX_qZYHC-hE#X(CZ|;=N-wZ+!E@;6LE5g66gmyZSQ(P)9Bwp3Hqg%To8s3wtav zo>gj_c9UmUDb%Aq)k*je?)~&6mAhudr8lW(5@?zoQyipS802n}M8{-NfNQq#n{Q9f z@iRFDys_`=)=pes)jazGjQx?@P5$9!`iPyrmX0`_)69o-tAA{ z`A+0(hQSVL4Y0+Ovo>_4)oBdP=*`25sgD-#-`_y*{>Qpc_GNL4@3{~mJYHOa(GpS; zT>KU=N>qeJI!vNvgz#2BJUWshoZ_%vxo-4nZR+u}CVFSL^-JpoZJX25(aGWwXHogn zyqa>ci6wax%`5^U9U6Ml6FC(LuC@+Qx9EjK>{qU~X)X}4N9Qup`vaZ{BXr=;ZxkXO zOD=WTTJ}kwa>ai@&qX!^_qL zPE72SAYpSdp=x!rFqNaV-PaIy5w9;!KSF2?kA*qxm;OgCg-(xUh~g}m+I2d+ZK`Bj zdq?Sr?7YJdC&Se9i$iBXtFqs2GN0NM&)oNo?Rfm-`EGs5x@}UVuMD+2cKwgD8~&|Q zpjb5DFxlE-8vfdGRHl-#M$}lsE4`f`qzMK?7nZaZ%7*3h(WCNa_W5GL?AQ18h+Fd6 z@^iNSji&E`m6BA$hXZpg{?}EKPnU0cHr;ECW?cy^4#L9X2JQs}mja#^CcP+HpFUW- z#8;0mruDAA)QlnYWKcv8Q7cZ`x3G=ayFf%W#xMa8=-paAa3|&B>g)QIlRG*m6y{O> zyDP={VFKe>4|O8fayiHN2ovaP-jTRJLPv>u%&^-uAuSZNo4xd@#Dkc1AIIu}=9J}o zdm&3=TTE$1_3ESe#Knj7SJWLV9!(y0kf&Gi-MFK3R;%d#G=2PZeONgdsCdcjpTZ3O z>^&$VMA1?$!PUP(;1vnpiL2Vm4p{e zw|#5*ALy9)bqL+nz2O{W`SM~|lBKFd2k=veqIM+lN!a$h*T&P(m<=1Vv6eB0`O0Bk z$r)`#$k^d(dxk-E#MPKuuhA&X+h|O(z*&DYQGg1?W(b;mR~4#qycaIG$N0)mZ4?FJ zH>)z?cTdPh`OLb!J|=q)w+8d!4gs)8&gd))>UDmX>#OUhN&Z zIMO1XRywHIn=*G;d-Y^L$DQ5&CA*&+&U!b;(V)L~Arm9?r~tVVXtf=h&QSouy--19 zgTsbADo+Z@wY7|{RRVRm%kriU33j(RvQTn6qNFDYbT@9ZupTqoFFmgeAc*zk0{0) zo%~}aBqP=Vk-rnR1{BgsMb&+t7f!E-EyddK#s!^lF$EmMSa2)pwZ8y*< zHX}2z&P3NFKbQwO_h8ir*NPGetoXLmqQZpRrwZkuoCpRj44@if3yT^w&c6((}X^+#$! zY|071LHNW>Kbt%!<~yApQVWVhB{&*YC?RHkOv7^5tudw@p4xVe#rAl%9GfThamdzS$AffMk_+<^rS^i*vR0&zfSB z1w-3=GE6fO63hsv(euN?kw@M24=M|h$ssMmv%c#bq&(m)5#wNHfS8+n$@$lqCb*R4 zX*&rx99ZXC?Reo~jT|bDb2e)r;$;&qP&sSedNnqG-OX%A5P8%ltV{c2xmikg?sw6N z0aFud<4_All&KewWoMja=7&wx?m$|=?145PmJz1R&L@{c{IENs0%lLJ;Zus7Mp~oA zRNwAogEhn0Ve1>D%#2KyT_q5*XLU-9UY@rG{5N9W06Fq3%+1UYWG3yUGp1+#m6=W8 zr%@}0#jlAg-B}MH+-|n4DE3X*DvM^N0GS^~!G(gpIzw3CNMyR;98K@-@J@wt`)Bof z$3-`fy?W#Z>9?}8oohY;3xf#O%(a9H6SuSuL?K`Dxp#6iiBw7=WYU$MdQ;Vw-mdpC2gU-Dr`~-QuI!kP?XK3jq!F}7i{?~KB`w?+ECr*E zt=Obke2CV%p+Kd&p`H7_M~$rZpsDYq)_U{V+|!ep@O!&tWJhSZ?@HdmXsvgne2NVs zH9$h>Yeh>>WgJGfZ?>_JnGi}zXP|`GXRzLeJOOp+@Laz>I@OD)d1?*3x6t;fbr`Ln zUhY0AKbn}$QeT>$?{qgyTIDS8_eu4uG! z*Z3Or!;6jVM0FCaO_(>Naa=iVG!gbkPE6kA4^Wd;NMKu2aT-m#Eqz4r1M{Q)=ZmZpr28d zyIEz1$6kpB^4l3{i2D^6Ei*w>Y`Y85Lc2r(ya&AUH~rgMaAGk}Z#szOr!m#8vHDk@ zX)kB)`Cuk|WY;IYUJ^$7B8rpQl&jXGDwGsDOOu|<|56D?Xa#WMV_FX)e@E$qH(w^p zp23qPhVI=470dAquwcR{4Lgk zMx;uQuPTCU)2hRrD?c_RY;V+3bs>sK$q-Akz!bf?vE0?XM z$}Az9J7x7!gnw;b9g@@^={CToCH3gYF=p*CH8l=TMDOZA3Kt^V`h9gS^3$>#B<~<{ z#3_-hKL2rs<%OmFC>^j+*jzdrPnlEMTfk5Dnq3{$EsSY>Q%7>9n*OWdeW^VrN%&2c zzIylB2CzUxn1wrU%RzEwMNf2ONnP8|eC@vX6@H;U#!iM{AtF%}2IjhIqvRm+o?8vXjN>ulM*z>Oz5YptO z99=!{nQZ>s#7r6ub-4*LbxzZ@6x;FKl$0tKw>Mh!K`z!?8o!DONWqv{mYOwM@Sfl} z7NoQD=|;B=Iw^|sV17C^baFe&P(4$9h@G+X0Bq<$x* z6z%?ARay&AyN>2Y_`{ZzHZ%_hvnzoc2c6q_DIrG9PBz8& z{L8U#2S%Y2uZ(27Y^vbbnsP?039H}n(!o(k$xf=7seb-M33$Dt=VvNrXMOfu$WG!0 zfFp-cz*8rjgGT`v|7H$^M>TsdeM3-r6$7;CD`tvaU}BacaMd2;t_}9`JiJzfz6KL^ z9Cdqe{ij|4xU#oI$_jHrI7=G41vA=~@4%~A2MWvyQWP>#h`xXSe_zheI|y(5`GE22 z-ZLY&(7(kqsi#!zB!R_;6)QmI-6IxHkV47etfIuN_N8lm*=u;yy$Yw+LKl5CCiVJe z1*qQ4$DTlQY? z#v*UU(u>*m_%GQS!38NJ@<)8w+&-k$=VKEdO(%P0Ny$~az=KJO_4R*i-vz7xl^27} zO6C9QJAvNQbeuRAHph7Fj5`h2L>jptg}Fv*f7&28=OL6hq~g~1DO&w0{w&D_^eo~U z&(cim({slMb#(PU#9XnZ+Sk`~&?IAamBV=JJvjGcEB`0N&3(a?Y;N_<=>v~c>Czz{ z#2mY}?|8gMxptki6ekr_U5#`CTacI$l92MEIA?fGg%(%7xHm}p zW*TFGpPuRiB-L_m`O$8G@CiZ*y8(CDo=l_O;O8pHN9Dt#6wL6fZx3eHOXs?m9V-zk zRq_SK`NdTY^1DuxE`ew=4pqnfCf@(?>+HMLFv}x4m7@yD#7a&VJL1zF+LM-RtdJ^^ z|32%kN`j<>Bnk;{d=5%fIX;%wdVD?;mJ-~mjh7u$%YnTpfJh%ZqFrlBZxc`OM1M7y?5SiMrs*f)98VY&Se!crj0WP&95K&35K; zC2`BW?pb?`-P;|IUt=$FbQ$HHzhgh(MOT$kxwHyb@}II8QnK3gdcyN-|? zB7BMYtELxV`glp^?db& zaGzx832tPCz*e?dY>Wat4F#GJ&HH$5Ulo6s&%tdGL?H1&s(l~ZwJ$n${g#_@Z*0uT zI=(CUHW~Ph2m8o4kvNxU1Al=9bSSr-?|s?NY0?sZjA}nYssPaz9||~ZS`-G5vw&xa zqGCA3UfJ?iy8|}%+AI^0MMN<%BS=Z}wN3}S)49*r?)CtE7imv|@zRr`krTXmD~fE| z!S*&0XoPZrz*vvChFxE})&IT|O$B0P&mFWZ2d?Ugz<>&9w8FXnQz#@tTuzkF-Hpz$ z`mvQnBB4I(`7S-3372KI+Pw1-eQ?jagUwspd#ckb_T;IAK(U&Kt+uMDzZDXd-DCoM zPE-fN7s)9A3{~+iI?6~@^9@>W;M+~<1i z3sv>c31+!C$;{^IeI4;Hz|iI|)$L2GO2Zyws+tiL1-kxUwjnR$6AEv*_&fHiK_4sD z*U=*hV6o?Z0G_E3$VY^>#d6M;7O+ZHkjUeTb0tg&EFL1{wy#NEv&}<}uH1GYLcZXR zeA5sIFXX;cF$Ar~b5+*@pGQQVO2U}-Kc2EcJuwb(c{TC!Y&!d$<6BNZQOv6UzvRM^jU<2CMveR~Eaw&XQDjZ8cZ4ZD$ol(*l>r?n$}r+T}J?6CqDgGonE&Ojr$ za5>i<{bD)bbm8(GLIGNpYu!n3V=MD7z3tEx2r<6^2Wx#zD^w)I>_y6`yv0^z2>`cO|fgGOs)}RsUA^X2Yi@yOT{5&F;wzB zgVPETm(8R(782v$nay#t;=l2PO=ql6i~?65GkvQ*5|vD&Au#(cm|Oz zHVvu);52Nco}xd0YTMttm5Vg`w-zmDMVC9C`{8Gl2b*i!T}zGonh{@)W@{g_n6A}Q zZk(J@wlM#5bn%h-WktW+T=SoR8Y13QFmp3O(`;ZRey8onkLV4$4bSxeE#HYtUD{@8jDej?IiF=ze*vf*9zO4ru4Zq0Wyj1!HONb& z0G<@Wzi)YZ;+Yip93>UTaZC0X`9taBjeFXbr#6$Yw8~TN~ey!+C;ip{Q zMv*x*%;}Q$RbI6NrEH%8vUjahus>uj!{`%v*|L^%A=0alcf%#4*Ye-`>73J3-+Odj ziR7~!D>s5wtoPt!eov0Bs|pJ88x~=}`PYV59}&Wzo9(wux;rVFLHHnUgKGO* zj;SS_nLmllcoF|wWJ4?R_*AFbIsv6BbQLV02Rnu3(nbMD@o-o@?`8D2N zs5u{=aFL0Aq#!P>o#$+Y7#xiktQ4XjqDwR5b>T;qKgA|(KGeVadgjPFV5#uCJz3yO zWd!K=;8tr#9mR?o;f;5B>9rrN7wV9M(W6)rHs6>3!*6%-6IGkaFT-AAaUELWWA8$> z;n9-HJyb1OFsN-g3{>v*}KPi-FxTx@ffC7Buz)fHZEKdp9&Ud zigUHkd8kK!UVpu9ZTo%Ijbn`_|091Bk@512^gSm;vLlW6V>ach#LinlTk5`aD@O5e zmGWZtnCL6jY+W?fj}|0v4`%CNd(1Wk%zF_eH8a)RgJ%r^`Rx31JdhBa`Dsk|jBl6M z(DBwxhI(4%z$7YP&6W8foydM;)pL(uF3S zh~AwPE?b1D$;$y6(<+^++ZbNym8Q3U&j+L8<0cARr3#Qgrl+cM6UaLD#_&n z5nUt*g79>L75Yj+1(H)b4I96Ti%WgHkXMCu@8*k}H?hUxPLw*k49 zqpnx!zKswoVV6D0auoW6(&J?9h|JgW8ecWiRsjF_XaBpEJ>l$^_J(F0pYdNa`h~kq z;Tq!+;Zq;Kc|Nq)Rc!tS-B|8X+o=Xt{1b`vn@ll?e)R+oxcWkCtm~xnwa!vIeS|3) zMtH(i`QyH7ak~BK`YYxMp2~f>Me{&_^s?o;j{U94ADvb_4WXT{I1@WoYLFWCEP)bE z$^`RbKbLlGBl}t1?p1_C)S)Q~C5A&!5rX^`t5X>R23KIVXwTlkh)W zUZWBNdB!_@aw+_;rj*R2fpFz)8BAZ}FnT*W!ZLOx4P>;wa~Je>b1HN-+)ft){kb`R z>QPRHsb=(0go{4T{}0>L4~FnPvIFhpaErEaXB~Z`$6vSS<+2>T0UASff5g!SK}cAR z)}lkJ)nb6NY5|;Brfb#^IIebTd8O!ALdI_f;F z=(u*AIKSqZbT9I-^+t9`&3y+QTpg)wrb89@#j>>hk*V_s^ zHvy|sX6(aqb$wc}DRkO8PL5X!T_0BUZ;c;-o~%HFL5 zCMmZ0M;2VUJr`X)@$F`g_DOxrz&EGVg79a&h&}w5+M8>wJ?O;NzpKBt<=yQ(U_(DU zi@e+u8wR5pDVM1DB{QOrqMO!Y%39ey62c4`}if6*<&YD{x zKT^Z;r1rI6WB&RP_w9VuU}&u){^8fN9ZlE7{nvg*9^Uj=@&C9a`}-fIWi{r#3z#;0 zE#u+S+?L7TXq)l{TTSD8b_9ZwXqS8SIm}Wb)MjRVXD?B?Fx}vc{uP|h%3}wcH}#W$ z7-Z2twlQz6ZdbY2DEwbZG)F>|WqbFWiI4lCWw&s_Nq=lZzTP=+MXU zdLVV?#$F<&9HPJLPIXZAmFj*=26D0b^PW&c`N@Y3g!8Rrm$ly}l_98)sW#fp+D6;( z==K(-*Oz>rQe5`Bs}jhv;qTX>;(vHK{nD+huwctWMhg3>INm@*{LBC{9~yIX8|-k@ znE=Z}z9xbI;o%-@^H<15`n}HechAep6tRq>YTqLKQyAY=)uwqWF5C<6^2|`aQ(bA> z$tLX62>_LGG3T&W$hhL48`~5tqxY`SF_a>okOFq#n&VGwb^K1JJlP`M+}qckw!SQy zR>Ad$%MH28dvHS!$2xzG4qH3>B4&D>qAnh~e?*b}KijzN(MHwWdn3t+SEFrFGNy&FexC(ReogF&KGunx!1lu;9xDm`GvSpz3*p^>*!(o3mf^R^SVj? zff}L{3fwd7ZNX{l#<)`T4?cp|xi|Am``uDg%VSzjeAXxo%-qfcS>!}sG0c*9rc zv)}M`9D*r7lBqKalw+NLH?z7e+MA+1>b_o;xj=0kh`(Xc_!D}az*vPTlY3txem{oX ze3rUUR-A!+Fw4VO8(ChuYTkeiOd>4gY4onIwkuc|^T$RHEbk@WSjRC5CS1(vi1*2{ zLw_jVDf@9mK=?4B@wq|0m2J09CY2=C%9 z9h~>mr8)yeHs8TMtq+2rQ$UU*Zkc1dmJeOOx8tnYu^$Z&?{~^>{gD1Iruru1<_nNC z5h@!Oy6nnHR{pfL1DI`BYEJy7#Jryce_S1BaajR$P^AyqHrch)+s1pFO;wZah)me@ zaPnN?bNHLJ!bB^}*ku)~h_7Fj+Fxfu&xgnT&=zeSAc?r-&rQpdlfRAIb%ORmGXaU1 z0!is|C8)nSc1+No=jhTp=Lg4uPWh^02b^s%x?b3OvwzI5T{9r-Mf+Hc z{e;u-Uhg}a5PoOP>PNzfjn88oZi3D7qJx?S<4G%u!9Ky>&;Fn2`*OrS{t`lct>y^G zba6;MX5M0vp@HlD!ag?Yv95E79$WDHyo0Tzd&Vk&QL}!GiE3B5-`^9D;Q@W8NssT4 zrI^2yG9o_gF-`G*YSec1bCs{{MW1*iGI0KIqU9c9h1bE@Pu!%dvmb&6zmezaj!b;{ z)L+lGi;>={>wUXt=>u_s-&AM(LP;_ry6Ig=<)e-ynLs5aewVOqF$soP&@C(tJ?~ZsuPX5RMnL*@TS?X36FMb)5uE;dlIhRdGbx|J|6QV zS(B0pwG9ow=XZgg^+lnaz1v*z-sJ+V%;c~4vy8&UM|V`?ZWri}U$usb=C-eUWEi!z zT7I?>HvduzQm*L#bVvq1AT@1*94X-1Tz0V)&lwm!-xg?Y)Ol|b>xiHX7O z9ShvO=@ij9e%W8k$U#%LjY}gxkdDnh7y664RHVgkB?c$g7q*{xhCj2e_@e1ITg&i| zx8nQ%kE1j3XDfZ%IHQ$crqaXz@;0c$I;DR*CYBn6f}KiA>mK% zA#XZIM2V?hSAE4%QGJouC^}Z^$L;l`n(Fl9uU4@gerHKgX zesb$;eE7CAhhKGOwRn=&Njs87*}}| zziv>EC=(T4Yh4_eL6u>YfGV%eq=Z>PKclQRI;ASF(JmXm+LS-G6HmhiTt9e0=6`{t zpJnrpwVrv!O$wxCRbKEg)FpxLgS+=6fUU~U4#xiqpc`s+gFZT=omt_?dF$iE;B5(| z&|i0(*z)JTWz2TwdX4`_J28`!xy|pKQQj!E4cf?-t~jxF7TL{KYueNQ3bNZ>>@l`= z#xr}`XCmLcXBzM5GBlZ{pDJ79(Hfh@n)ke%KSFs{@*lT-vbR_5fWZ}&o4M}<#i3Wd zK?BrE`W@1L%9uRe!H3Y-C4fazp2NBxo4(8f2QdriUVhygA<%RjsD6)lTr&ZI82?Nu zaUT5|P$nc^MO!$L3U=S4FeAE76itD%8~IW%e?#7WK>RH#$VB)@E|M^5+MrK{>V~+K z>Q!zPQqc8%arl+7fdiYvI=Jlp=6_K1iy`zo14zG9HYCW6AXAkYZ3!OLnkiwij|FKz zNN^1=-V}43TCuwNnr+w`FuHtW(0J?M_@&S{K>ek>Wr!~j$Am7plU%MZPO$&glM&lC zbPoJ94{=kxHXDB>(&`^YD6tW`6lgR5siWZJ!DZRZ(D_d+n(~*f_|7G#>8&)2L2XN`j zgJ(B=Ujnzm*4^gZ>u!KKA^rSP5|zs9RK%JnJztaFCr^a)=oc2X(+~@jN&v*A>}@KL zCqjVnl|&6&leMglR|3jv>IG-W!GjnB3iugO5q6B44OnVa+yY{u(UrRHYg5vs>2n=; zcQ7v;K8OAZ!5ub$j}n+wy6QfyeiK;+wD(OprP3a?DHf?vf^K?iaHXt#cA6ly zw$9akU_yDI-@A8$5|pC@WzSq#|MRrnkc9Sf`cY=WrlvgdCgp8_>pm`5Q(cFMHmFjc zM8#$s&MgzHzCBlc>V=z93@(^r;0yw$1`ax3&mP2(D}U7cviZMbp}l%3TL~8iFWMgK zSau0luDwWBjf(snmh)%i4cPS;vn&bjY z070(}h7AD}w@?IZ%=O6jU1b38IOhu6pyYf4G-6*W5p}Xp;D{)B=-T)sxo)>ZCP{1A7uUG8{_65 z7&{L6>$A~rv-oTiTNh~9Il%7%#X9?f?=%|iUHdWeVYF1(=lIWNpPl+mQc+>o-^_%( zfF;G?gr95r6dqUTR$PnNV6FV;Rw#zn`WwczTQ9F82_U;5f7! z_bcspH{aDOGb$qR%bQNxuWrp?-di$mqf9>7R_Sx>QcXjBA!UTDH{0TM(i>lYDLKWG za}LRW@*!eCIs<)ZBHG56omgVkf2iR?NO?Oe*40JlG21JWDE?4ie(S(F?%Cid!|e~# zf&8CYC80SH$S|sEV1<>yW{2>;-iAfvKfrw8AS;Zot(=cVa?5%SgeG)l;SKtq8a1Iz zD#40##eQbHIEbYO@Gp%kY-v?4c=d084%Rhu`wJB1rdC`JGt(I#dgp+tJ&rycNeiU^ zK`)96DRywcT)sq`rU5c&pW{DJj9+x0I5;j4U;F`+#Ug=%jGL;#;gxsCih~s@Q zije4doMC=JuYD_A9|g=kQ2uKM_32DR?|)hp!(_PXSslQAVCTV4JssJf56;Bo9Gtaq zRjka@iMVkZXS(R#4=Ogq_laj3ewmLN2+-FP+wPQ)^}uJdV{hVqooTsq8FtW%;(;Y0b2wU=VdC@O`~#@}FXVsF^#Ok%!?Yk4i-T@AKH+(bvQpxSnUh z=JzVy$g?e^m{{*kPy_ZST1u@&owQ7`&~#LYK`!mR(UepBW!qD2l=&{RP@!L= zaHiXM;h-rC8u}{kae`D__&~>jeR|-EOipKxtBWAs+-NkP%QPxY_aR92O9B3>ArdbYF)cXfH}eBGIsW0JN- zQun_tPiciPLrUuh*BG_LP(~5=69DqQYRC^8is0Ts1C58J^v{JlZN0MRufa*oLl(U?r}GQd+rCgT-7O26lG-TIi;qf(Dm{d%J( z^WelrNFvb+!Wvlt(4$vg0;jL7=jT?{n7Nl(2TduBkgI}6g8F}(A5XN(9c}so6GM@^ z`?ISR?c)b?%Jt_SFdoJD+DOvxJJJPNSdwGxicS%6UJe@_r+uZ8QWVFMbAml9 zz#4I{aK;*em?eL0WsFWR%oeXhD&F)___uZ3PF~1qUTeR?9gW}JKV$^pgG8NgWA2P# z2EhmsLUd$;?&L?uOP)JB#QsW&k%~P>7Cw5zYPn$xoYWhhwQnOgjT=&<@x6SX4j+y&@h z)r>=lu?>=w?2HDjmL~9m`pe;FIuxy^biU7RHw1s~%~lhHzhA9kmS=}&eL3Ldc(s{? zS~nMte`U%fZu>AgW#~l-qq`OZ=vJjgzhVBk`tNPP{PB6YzZoR>3Uv!MCd8a*u9|>^VinhR9 zFL$rm_1S13!qr^$7d{E74I-j|ax!j!5ui#iLZ zJ1z-4%VtiEAFx1%QWN)4$T6K^AjtwH#{e8UD@ZO;jm_f+i}_c-)xJ`yW51SRcu8U* z9*tu2CIqWBjU*o>dlhK?1KGI8Jh=y>d|rX}B}-etSUsUM=!GkK$S6C=!f`Fk^L)Bo zjV@ev9`{ZMd1Smh<;`ux8x+CzwagpT6heXwRwt;8Y>?3rSjUD{YAIi=k8V|iAh$BP zU3lXn%ua*65#q7O$xHjfO1QUqnK5!p^b3(;Heo=S4Q>#8Foi!i&lM4-@_Lpo9!kLr9Vb5 zBe5<59bJn^-at)MAL3LGvmR^G+nll#m*3YSjM2AIUMf4G86U{chm7TD4Ee^iX;g8S zb4tw@v(6pX4ax*RuX*rjy0QLgckrLFcUhuC< zCY6!FXxFG8@1AIRA0o>6%rshsMBXPTco@!myK%9i=JV>9I3`Y%Z^f+I|KZ>a!R(bZ zaBEX>*}ebzlTGu#MvDf5vs63{%}5ZnMab2Y5UBwO{71pEum2^9?I;A=KiW924-`<< z5FO|p#+5e>!lB4K_x|qhqpn$}?4ZXY(Mrm)c?4Of;|%eL^l8D+M6@ZAp@0LX9m3#2 zK&7hxs8_!%BTz`Mh363Bkm|2lyvo*sKnnKjPCQPL<81smCxS;g>)&zs2V{|cX=XJv zWPc;U+V9)O+X8yr4x`G2{luWQ@=!Qh&mAwHTKy&4SdQ^9B4D~ta_?zS>mK^(_448) zk?#`02qff=iFUHiSZq%68;yl2!^rK96={C%$Pw2-r8Wj+>{)PMhhcR|x-~mUZNO3O zaI1<-HqYH2e(<7=nasR0(c+Np$&1ftJCTJ;4y*?*1IuVZyf6M}&4iMB#WKa$!8ba` zz?!JR@0S_VVaM0Sg13KBt7!kWw)%Jd-tn0zw=5lj*lgp!60lcs;Mfz<)z09-J6fYA|aD zHRk1mtX5e5{J%sCX-aQ{g&Bb!Y)!AVXYKNAHT`h)6M9`DwZ_U7f!2{l~f2Y$*y&!icXJq=QoXIll{j=7!-7P+x-u zztb$Zt?Py@FpflwD{0=xYWQz9Q_%TZ?4_bY#`5x1FEt2eHMxFNt><|us$?r z>p}2xugfE&G&$&t*?I1Y9@Z8TdVhFZk-`a^c`+@*X#JkIUBHR%-1x5WS%!7)oi{Nq z|E0UroUk?izD0NMJA7){e?{-Ftp~5df4K-5@7#|%sl9=lZ^0;R?%pz8yM_Gx6w^{^ z0J%Mg)<(d(NN8jLN!GTDbq~2YXsMA2B@3tF3NN)VuCK~+b~)#L3j5Ldl|f~`uemKr#=wbE zTSIs)nwVOav<#f{BpoLYc%HY+s8Jbxn#0uPCQYVzy0z(!DbH)T{c9yyW``H9C!x6B z6`IMa9X}coNs;B&xxp%2 zo~8TKkw!cFf-l)?lR%h&Cm0B*RH6U6;v0*nM;z@->0UJ2qb4&3^*`YD?=Tw_nm&e3k?IaSe*P8*Sfc{>rk1&GZH=vmkE;ylHWq(` z>}^_zE?t9aayS;sAh<04z^E;!`HxLEJft?ah2BJW*M$Zc1T=j8dA!9aUtmFzX(o)N zg;Bz%s&=xHQC4D_E5B?H`yAZL70~%}_KAFs$#e~1fw#v$Tk-d6qYj;&n?6#q$bzRe z1=+U4J?`Ey));D^b{ z{(LMXJWDy?Teotx9S_(Z4}FKFzGcpnDrwr@CxP4Tv80Vo%l9+@O>(=% z3`P5CyG#uebc%GBcW-*dTPRYaO>1~u8#8w-$G>*t*S$pu%hVR^C6U|u)@9^~Tl|=m zvE4CT<4To-YW#3> zo(kSH<^3)_cvZwt+%|{em8@kTzmPq)J$6ix=Ml2wm%mY-d4IcUhfG0D*#iR z%g86^8tt|6EZYLiRS()C=Zm=o#`;yTuV(04*csoJ>8=ph`2g;M=sVPWxDfJO8fJ{w zuF6lFHWJ@%3fATm5F~E6&QrUi=uuj?+%c{R9J}WA}nmmNQ8z#Uj(sJ zL7HFNFRY5k>Hz)1s5JSwH6OcDSqD-PdeRo#pl=B+t$vZ4a{;S=2Z}82=f>i?W zhtNC4BAad7{!6cPgW`4tM_>)}?QzAi*)`2ZXJbfA0w@#}R{nO-WTctIlx3g36(F(> z1PG%PANPr$KA2UQyAX2LI?-0uNNwE&rQ%4dApb&nGczIKX8 zAxS}``8r7(H|}||JC;MMksqeU&Aka~^XhiS9c%Wi^1P;jMxQ{k{FG$%bj-(S#KhX@ zvZ|3@TCc_<74=H1#=~b<;~gAD8D`0URF3yLyYGioZ3j?s8((MY6r=&uPO88>_DtaB zVOTz6L-}~Qi}yO0!DtH(Z|?UD@s^$lTM?~&+BK3vgBKH3DPTKH9(3+{3g|_crC62v z0=Rz7;l>>xEi&T?>_DF#5FjLNQeFJNb~3D8YFAwS2wjgcDekUO~ z9y(bss@|AmMv(^JtexOhm8h=@bj#M={pF3rE>StAay8($}QQzU-NyG)k+=A-6qUW#bPLpQ4$aB{ln7pmiG1991U zgP+?ccDtX+(#Yzf{^_#;abi8`4unK1tpbHS!Jm{jbrcoO#e*6e&|^QejYl4?xXpZ5$}g+;h$l%fze5r0MViPs zDq-=Sn$?@G%DwM0cdNnORuPUX8yG}72ApMDMI5jo#<14*ugNr~>3QPdm1gOvoKD4h z@JJG?H$PM2_ZKRurvGn>unKLjT1foE3OxEY76kA$QU!+#b~O^h`d(iAumG6~BxFF& zT%JFt6C0?wK07Qa_}>Ald`7-SnMg_$r_l!2css7nv&PH`^QXI zmQB9>?C7*;8MY|1%>D@dqH%Ny;OQ)}D2bXMBM5uDNg9C%D0M)!$FI%wj*I3LzLr}Y z9_jxJkM7ad|3r4Mwf{K7erKxnu&X)Y8C{Mp+lwDG^aBCpr@&u;?RS61n&t@|O=b31q= z4DV%zh=0@XMh5>AhMw}h`eb?~YP+uO+wL&e8?RRqs3mM{XuN^u(&Bv+4%(Bb1=8PM z)W8^O2{263dMNkAJ5yd)2&3L5GH{}Gqk>V}X1Juw6};;_aC2KZc-OS^48A`)?7v@5 ztIJ+%qw+qIgw%oO-&PLI>+Q}Mi!qO?4H^v8#(7_EV|NsT{(G4*ZL=>K1j=6vv)vh? zT|wM$<0QA9h`5As_JnDMf_U1hyn{sVwyV$I*9&Pfl;o6!)^qTg+hhJKr3$+fgqgiR z*uGw>sz%s7vX|{`&6r`dd*FbKK!{a`(|%W<6&F4)Hy2tVc_m*3f4y<3k3#Ip??~3B>xh!m^(;k^4LvK!)8)|5O+6 zY|cH0^axl-OS|A|9pH+Z2PKe>>XU}!cP>J zKNNju5rxo}O|1Ihb!2*mxz3xe$Jyjl0!BdFa^@qPS_G|mT3g|VFrb{gqQvak-YM#L zt(VhH<&NCowHru>+}$W_a~<=;0)KWu8(;$*Dq{zw zH#0qAR` zS?K_&q1TB!ya`F;|9x`hcm%vE`wQ~ZtCxS%(x8J8NcP?t5#Z{&7rwE;YS4A7=|WiC zXw~6m*1f?x4(+G2mY8_1f+^hSy*&);=P^((a_k_Bw?;ee%*Z=r5)lvWL1RU_@XU+r z#I#giWyGZdZ?AQk62+3MD<)5S!vg%=$nRd*MaG?6pI8fAaA8bIdnLWQ3jDwbsIhMz zxE-3c#jV@cNsf4|x95tg+1d*|Ke}HMj;G)O7?u8f;^Y zQ*(V+RUeW8`>8R|IiqC4fiC>D|M_l(iI&H8ty>P^kg zo8era{WbM5UqV<#R@%MtO#a zq2z2Mew`v}k+Osi>ej%-5C1F=cGyq(0L-u)gO1OT3=wh-109X5@Z2bkC0}q>W!Zj%mlbrFMRW2>};oki(=L6r#{4)mYU-cV4vc*o!XH(=8C{Y zuxi-r^q6Z2S{rvYW37QJ6LydUxeY&U{WaBXXZ52BH5z-EFDgJyOdRx^=c% z36EdssQ`>7Haf+Pz_vX-Ur$5kfB#Y-9&bmj|WKa1Oj7fG6W)<(fPj8v8 zRRKST=D6)N(Q*aJ64zJQVhQo}G*`4$>=WP-_%F5Z5>|8!&{&Yl-@gL@1aQ0{Z@Qv! zrpA>$_7y>?m(Cc!5%~wisUY1iYyc29vpCzI5d%%A-FOJt?`xgcevc%z8~V%a*V!C? zkZy=@8C{`Pg?%7VG(5om?C??cXD=tjveI($S;+D&Oh54tAS>bJEKbI)adT`BqrA|F zr`wOJESKU#NZr0-U@u^>1*JsMjdin5J9aC}t`Vm96lNoG2n3%RGuru;12!`nJCmJN z!^vb2zIC6eHI?*s7_OkJtHdKL(EcTgiQA9Hv(9mkJ94N2qcN;|em*v7D;CYXVE=*B z+(P=h?MKOi0*yle&~c_7HQNk??Mv-23ArfFB0GW_J+1Z%Bzrw#>MgM&3aan1oURk^ zEj&$Qa=39P=tE-i_tNsnx-0Mdlm_f@nrF{EJe{W-A#`vvQQi%czR&Av^1WLeMBZJ9 zSkOB}R|PrmV-2cP^#O}}D24?LIJf#|HbQ*|HTMwF}4jC`nqO* zK^?7~Yhua+6IvvW0Zf32rT^6oF{emgsi?Y5eljkAq8EkSNi)3~8#en>-_!=daN!cw z(D6gsANf^7P?R-RbEuqT0%&PRn_bH0k$k2$tHMGWh~%Wh->-) z)f|d_;#mRSd1z_4G&u@}68NraACWR$?nYh!$}c=vqeecR7j72Vu9w&EjP+U1(I{V& z9(`5t@V$nJb510Uv_(Mv#GaVg5upbAk`#Cz7X0I^lL*hr(o#3`L=9Byq$NM8Hu_!; z55Qj2MGmDsSjfY(ex}b0qXRKh=)j?KgW;D7>H!d5DN->@s!+V&6cA_Nc!2s%HsD%U zt{f=}_a8XBdp@|}{2}UO^%-*F$vB+*pJpwX`Se-K`@EOAZiF{_-+ zaVv*v#Fst6hXomxh?lgGFIUyn%NekV4-++)_ITmB>>~#TN2MUE6hr#Um1&PT8+-|l zicsI`4-+o7UQBK}a&^w6?!1g=2NlBZM}9=z$(Hk)%ret_Ve~r}rLpp`#Lq**J|f;! z3zC0rEHUPIfCE3Rp~X`etQlvV*GSD>yMD;m9~6Io{v!}*oUA@# zfUK&8LqFQ#&>-!!C0YU7ph>bFTByhYqco1~T}F}fFsZ#4NzPZvL+^B}mzOX1hWq06 zE#%#q=(zW_zj?YF@}Y`d0~xZV?~QEy`IS{#6-_>XOQnKDO|tryY*+SnYArISUX&Ul zn$;ANEb*R!7yQp5ZVs&IdG=g%Ta(xqEX1LuA**o|i z)PNp}Q5>BXRhjU%k^WoP50?%X2?MXoC~*?9TCDqt2n75z8BFiH097`+=K0%8@TWJ3 zin7?opbdv_Upy0PX~5O~{+vJ%kEEV(l!sdc6Lm5fd}X11nbo&jF8_hU7Cmu9b;1e6 zf!5PHapX{P?DVdXky2{u<9yGRFB(4j9$&ar+Sg^3Lcj%56ugYcuw0K*vST?q!K*k; z#YvOgnCiNTA6QWQuzreNji3%betBity>KvW9P8|os=^Vi#)}a`Ou`aKhF-}e(8p*69BSw-4wi<_ z6=&40cUA5m8&jKn`R8VKinyNNP{wwwj$u~Ee%jVmt=Jn!|C5vj_+ZdK#T7yEPD&tNI=aOV4}SsY;iZNMIlF5K zfwlGk%A$JFlG93oNx$7n|3Mxe!{NnZ?KCP7%acDeYJ$`&1p{dP8);2AsZpYZZ5m>3 zj&PMtSwdc;^oKrIKQk|*DKg)}4OX14Aj3SLm(#~!PYnN=QVLdT#ya_<_THDQO#Uw4 zRjetBl{y|4!M&;W^iLyyY$et(I3by{{#jtlWxs&;`CoglPqtSp$mvE7mQ3Z$fMKv| zs4?yLU>I!iNzp*7bfu7xPiaDw%;4 zweTQwL))(;Lyqdg=w4r!uvf6q^IPMNV8y*&^bIrTpcfNg;&%_a4Dd?}l_Qymm~t7s z%=N_xjx=KW=ctC*9~SA<IUu&u`f;qiV8@og^ws2y_*`#YI7ywAYhlzY2i7{3GYR|h_>WbXsdgE;s z$yG=)Qh3iT8-4PUH2)I3`Eoig{=p7anZv!X^VP{i0t%Zwd=!RO@z^1*V;H@zg6d`etT$wU_C~%`i`TWt z7u^8h#!+#L!fyf5w_TrX-6I|>7y_uq`!&Yd)9}=UiG@!TbWhN$4^M-PMBU-+wL}&< zR(r!)NBc2(fBNV-gcqFAWn**Urm4A%{w;zTNKFd z21z(&Jl7l>tagqph$=6H5Cb~`72D%t-1xt-GXWd+Pr-h&?3U13085hwf8z_rsGtGEQU!H55k~=<3HAGuRpW0AI#Ay zfo_*+17w`sPzOHNY@|m7;!b6n&rAW`BUj)U@IIIq{(-{g$ZGs^4>88H@vL)QbZ@yO z+b>fm`NA0qt;7ibfJ=@^`>g#zvM`qEs(~{K9o#5B%u!k6<*|$q?dO^$$2Gm^diYW` z{##VWyAC~1C9FBVF=eo8dCb96mhdl7Gm`(fqLmbC^j@Mhvu&WOVZ8(7SD8e!19+VM_|K^L4@M&X2%bP0sR>}HkgS{#c>?3P{nFpt=CMK+hqd#qdcdoeYQI-!MLx)&o*5%QD!bg~BFrDke z&I~xZvn2}m!58f;EMS86+$Dj}M)`BnZLhMB1i8a^qO>2uMyzqT5MjA<3T)7j9)6EY zHQ)DPDMoE&Nyw9g=VdK3COAL)1nNQ-Xr>sGzhfQcu(Xk z_me6!Bv6}Y{qqJMJ1PbXnYt!UP+$znM#vHcovE{is%PKI( z52U0%jei{=)z0e|fjXR$R!WdFGOJQ0-St3mv0rpC53+Fq>wMibOkEFD2dW}qX89h0 zP2;5K*eAG{znAqDPMHOml1 z1Pa(Uv7P^;VP}7bk#4`awrIxx*>V7I-cV4LkZa`pCn#tm>F4lb2qfs9bcAez_D`{< zF!#>wuM-cIqzvRxo_~ThRqr?d!PhdHC@_5v#$e-I)QmOd-Pu`UjT$4$h(+IW7gs02 z`^_aSx7&>xyne~G803v2@Q`Ekv*f_;4|rm0@HLLOypynb;BqL|i1idK?=IpYRg_od z7@S$CbA-dwt#a5x+v#La;Nu*P(MDJHB|@V$*XI<{g7aw%RBPoZpw!5k=F+N&d>M(7 zvc;Nn=_%Aa2e?i*?rC3+gS_!#%hnb1!?@u3m5UclPPV?`aVAF+lxi zLSEUh$!%Gf&X;`=97P`!Bpd4UwpYP@4gCEL_5Xij#ME!on4Kwt#DxTxjfo#b%;{&C z@6-_m`rb3=wM7x74WG-ye>-3kb{lU1A9d^fukEW;K*o_C2&M^K@5b$ZQLzq<4+t)G zvWft|>ajH9>@wO88Oy3#_+z93`R{pwMW#?bW)%U+R_vWU-T%3{-{74M#8_-&xbfST z+BZ$ueF*VyC-73)TT3|t;?o@#r7Ac8`GC$7%{|FQM_Y!(aFcr_16)3 zl^V8c^b<%q9a27x6gc3W=l^fH;J0}g{#GRNUBoh6s_b4ZS^1C(K#7Xb9EWc?F=15m zvQjUQ>=l2k=ZXnuQ&qF*uRU}RKjj0VTOMu;1IE%nRa}p{tFH0b3inZ%|CKcw! ze%`XNqNw{DncLVTL{EkV9CxJMI&a9$cL+ER$wCRSJ>kF2)b>7M0 z#Q&0fFK#UIH~fzw!VhhHmbs-on}T&&usJ;KQ9S5-GLd2M8cawa3i`Avq*8jTGoq|o zUoYO_Fu?*55|6ctMji0Vp}gVo)+eX#pl#C8@1IppT_lrsyr&y-gD9EV*q5S#QW!>l{(?*a( z3qVx}rWZ2&-E)lxR)U?OzkU-@ns95UL|%%57mWp$m@jNqtym{cdxAml?hgQGBjt3m zbs~aHR@m-75!&3y=-DQJVF8YfQ}RVHq`DU>laMp7zWn)UxC-b~ASsBKFjy(j3I9|T z@nkz(2cpndAh(-WklqqC6}n#{!FjyuY#^eN(LW`WN!vQGp2YM$Wv(V;Ke#&5{}tgJ z{mxb*f+wAP-*1nyn?4`CnzB_^iu@GfGXfxLdvR?Jsj(W@xF+&<(3tAj6sWaAKbSMs zR@*BQ!|oO`W!%F9jsB5X%haJW492G$5sv}}YtoZ)sx(mi|7jkc6aD=QX0vi09ePHj zUulIoX*{LhAEHeNW#Hdxxn1LmiBy!f>3{+OrtV7%~31g_m^i`GR}Pc`oNjS=&KP*8@npzOuZa6Tlg16S|)yK8$MN+>&p9 zEkZ{?xia#0jjYvt%8~*>sz1kj#c<`G(SM&Uh?2h`m($Vs;Qv*lT$bRK#64_kA&j>b z)e1wqFcj7d9EYNM;**6BWcpIdx0@FNnffNFwOe?< zEmujQf_UW`DJJnBg!fUKg@jTf&kuPQRJwaJpu(jtNzUu~Ykg4{MXBUlcW6oj-Alyq z%XQEMdi3G0W+vOu{4ogU6=T+YXY}aaE6zNJ^ii3&)f~Ix#>-1u0~c{RlkbdV0ksxr z5^??QWaUkge8#z7hs4Cb@honc+)vs>L4#)E0Lvn)_$gw>rQ}f)esoE}!cJ(h5w!BY zF`L+uXGOmWe|}1&dG!_JCCdRcAHeSPs$-#vDxnG)5q4r zUH2#s(=Xk1enN=&P9_W1R{@sY@3j0+`y~y3B7~`5NIQzpT z_|7uNi6zD%$ogR8m2k_Y1^F?X1z5A^OgekK;lk*vNUZPk=Tq!gh7yK(Lozkz^gh2@ zoWAq`KG<<9tSck&WbIFgciWc%+b48nAwfAuq(aBidLI4hb5Z-j5lN|1dCGSn+?AL6 z>{VeZGBgOETDQM0GFI1t3q4wn83ZrKlsP15`Y(HPmc2=zLdz2Be+&LMp!GTFuRgbx z;wmv{XeO}}L?76b(OsdL=WOc%jc2`gz9Fq&75;;v&@=*PhP>1FU3+Nf$g?dZjkJ1u zkz*3%zu5^HiLKK4FFe(d5|@vuD;L&{{#n-WT%-rB0+2{>gBLk_$*$K1w4Mq}E348c zp^|Jm)i)sF>VmC*T+*n_xFgpNz^VInIXb)iv z4MHlUG=ikw>OjX;7KUnKnqrB1*XOm*JOlJ{MhCSgOV{^))c3E`!s&lHv$TBf&_(GP zL9tqu-{{&cW3d>`NpN-fgb4?n3^|tsO>#SU#5(hAL4LYi z=iWtE?o@Nia8#qF`kAxR9?nW*(v6#F8B+tYc7WOgj_CCB5A74`>*lE}nFOQ552P_8 zgmTN@XV*=q-_`v%{uuXjMc94w_xm+h*WT34CpVoD9A?p47Oz*h+aa!$>a(IzWSCjt zt+2JE5R$c7*k$CNM}?vYd1D}o=6>yp^{y-njoaB0uUAjEYjO1{%Tilja8+I*K0gt( z)D@NDq*dtbWa2Fwr-hms1*}pa@*~@DORe1&=(G%ry3`~%T~yQ;81`IL z;XUySH^a4(=R%MC-xWy@vwR+gEI0@4BmoIC!1JPa&XKWj`9dXb^Bl;w&8oO?YekA-5;n>=k z=9^Eru$s9~GBSW?VmKvC4ZTW%U=KB!Qr(Rr9l2+xRhsBi;bIQ9P0xRb_=QJD!Q^Ry1HOmzIZ&B+JV$)ztf(oLHeU z8hk(;U(DP?(Q2WWD%JBRB#4N4y2D-$(a5ol<)hX;lJ4rn&8L*OkWy+14QEi~6Vf^MKXYGcBR%p|T z$_ow2?pJ#Pk2@V|xnA(Ee$dUwu?!T|P*xRpy-4(n4n-d83gF=RZNfAciO=zKHP|M&jBTcB|D2|Vbjx=vI|_ZKyio@T|=jym2(AowV<&) z0`|}={@lV_Z4X#tm0g94j-RLj@f+|A#eOtuv-lr;`y7OS=Ij^gO*cOibHeej|99+rL3H6^cw%)WtOWa z_GjX&yq59bGu4IzewD`8RzcwzG_Vqyvbs2XIXibfhL(puXuN7dWw`~z4*RhbzPeQPQLRA<0rl@8Ka0rFTK#||+*@qTOgVcPOz z$NpvA>M_zZEie7FBeBAacaTrJ9v}h4S80_~r2KexKC$VF|6!ORa!b zNy)T}4PMam_bpEyT?WDMqbEaPjC%vFt@p65Mjk}iqqItr9Jj`!1*<_(B8C%#&)dUK zJ^DYU&OV;${r~@UoMWGJDo&?!ay8WHLKkwGYnwVwR6-@m#ZV(LBNk#t<($-Uoe;x_ z%;n~qVbqb$<%VHwF3Q;0jM#;1zHjGt``vE8fBL6?x^>%Luh*W>$K!sd2RcUuVah0q zW4y?q?>)An;rD9?PM6aE?0(DOFfd0Q{UwFlX5#;mJLJ6sjTxjsJmaC;dE5aCq_nU%h(cIC z?hS#=xuPC!-xL|gMv~E9{-}9Gum57$$R!&KkE!zW)NAes_zYPKmn9LvWlLi|hekjwXY^oPPS7!qSjVcaEa;hut*XJS6EC^P0jf0pmlrS$J2$K}S#n>dhQa~!nf&N*BsFg^gqx)e^#(Am4_ej^nVby z&pYussm~;jc%and=h62)jpU|a0u=6ZPz4pVDC!t~c`vc5OL^h4N`!JK=`?Wr+QS;W z)cT>+k)rI4kKi8-GgY#E>}^~M9H6q9Us6P|nx&N%Bv;x3mXjsngt5YSwB`DKGdYU#c zcBwQ;!~!0E6D}TfueWg|WW|)iFCldvl%_)nR`O_i?B$>vOUCl&E^-smJKZ@ksA4I2 zpZWK5@@lOuoZ`ePgD=c7yxO_o3h9?@S;(i-2A_<=K-M4K)u&79rQD_U zyFm9^I_Cfyma7fX9KNf9fV;P;-F=OP&ei2p?JTHyNrkjrLA8_hNb-6%0}mM@g}#BF zrH@_|eK=GMT0M>dBN*72^-D@a5ZUdTT(BkmuHxpl3vM9F#|_@kjJWM%&u~(aB%9vM z*!&;FLgEXGPg}i-8b-c~)d&nUR)QeF5r%_)# zumvR(6Cgv%;(3Fso4JQ*HM7}g*)o}VJ!^|b$58UwY|pnc>X_7COZxa-__>~lT1Py%*V`k6 zk`aH(#IT_dgY=Z+E@-Q>cYpv(;hs#%Upw;a0rp-bQ3|ZKKWqbx=Nx~Dci{TkDv)rW zbV$-xpP-@t6j}bLu0hWqlb-}!P5t=X2)>tfOZJf%`RV(#(a6u25-%J(!WndnwZ%wL zVt*yZDtXSAHAw zi)dCkZzK=)!k#EsEG1VNj-8vy`_Rhbj)$Bn3r#jSkGjzlc~NpLXI0v`!K@NBL4z*b zK(Lb#~sKXooxQ{gEn9_OvT*@ z-Q(o3bJ2??sxJXQ@@|zX5HA8Kh-la5ty%3UfR>w7w-<;N9`IQE<3C)frDzhp1R2}I zOg`EKfPPQjarf;2$?j%=MKy(mp56sG;ZA6P1kC`#v^xbbp`Q~L>bJAE?h?B*_8`*i zJqvkB5kLkPIs`me$A0%%NVo#vuyReojNm14mkE4U+&amB3%tP4L`%K|s8ixCIu}XfaDp~$NT4R z=q-+YD9?y7DQ<8Y={dmqha*mlPhIwlFV~;F$+^o0cIr5REb@xF=Yn874s_PR-P^#L zrpibnd~nfk@?(m6s*c&fa4%E2Q!NnXFam06N9Y zdwf4IK+6$_O`hNsEfrG@g*B%Kj@DLrw+x*s>(m3yn4 z=gC;dt*+r38EQe@KEp*28Cs{nGmtwYm~Gd_MC@D}_5qjZI`|y=v7W_T(|e=REUgYW z95H~L{Os~<<;Ju4yK(P{Kd$trR;ePE_PLyaX2T1T6p7r! z+|j}u!%jtJV<&2{>2|uJOj{FZ!_(4XX)^vnk%yFU0)Ck_@Qv;sj3j9x6XccDbE3%G zL6ZXHk3ioB8?N65N9Jk7hy`PKbsZ+{WqfE#oLix4)Y@0!8Yd|bKnRP(?>+}ciLmno zZIHJ*_UDmy{XTGc70<3Ib^(CIB28zqWF{~G!u9M?`X5IW)ECy<+xMy!j2yo&0Vap}(6vtqKHdM8ZMh+((2j4TSHyi_mQy$-IUa^gTcw>iCR>CTR2DwqKr_8Ka?1H zlJh2IO`K#y+&QCom}I|qy^H87{a!ErP`uyIl02w)JW9?H2QAUh2toze3p#A9Hk4zF zDnworf7H$y2C88UzVjB72DaK^-YMkZ|=Zo|2ss%4HNPTKO@=5JA@#g zU>r~lnNfvaA|$HiNQZhx%~{WN$8CiBEV6<rc~0?6?YKMh>uO3_+ItM~(Zv3Us!`RA*Mt^fcj z*?Z-gd99T_l)dlLxAhqf3lm7wr~Ea&3{vk~(FbjeFB(vGKqsoW`&y&6H_qadPprQG zLlw1oj9=~=Y#%?+gU8h;iXv|M9E_lzr8-$4KO)#wCXW&aR9uJ7J7ws8UXy;g=i$Qo zFsYVVKckaGHmq&Bi;PF)XbB35QS-#s2D#bZPl_b%_eidt z#nsIrn?()91AbcAckHUTBo@_S)ZO= z%zjEp;hkMis{mce{jfEd(Ry*>$7X<^YO>w!gw_r3h8+uQTCsChQyhqiqUbp!g zN6X(COJ+Q4_NCm^26`r5G~x50z?vMD^FjuNlt2<(XZK#l!Ml|6S&9c1w&7aWru+`f zb)||I6nT>m18xGRc#&PWwA+`3H{UE(K!`SM*kGH)e3lok9&AoJVU_{E7>03bT}i`R zES``Bv4Q(>Q@9tec#`psXe~FgXJclmp%(`J%j9b<9}0ZhJ}*dV*Nc7B3aw%TMr(GW z*`o1SWoWBhX9$)(UIbfspn%PdeQ1}hGX6!Dk>isKYXz=yvkC9hvaLgw7tDmU3=?;s zxdepFNPEGF*QV&Ma8-7;h9eLUw8L&l((kbSpJ^kG%)YK(U=V<+JDAtv&T-W4@xLt( zG2y(WkKG}|J9WiRfLo@niP{a2i%n^2x8;2usN7ID$(!JkdfK*2Y;A09-G}k2JDH)w z6jmCus(0Q&780(i0a;HU{ewQqb-SG&d~Lmy^C!&S1DTH}>bbtD9{NzOL1b1GmIJ}_ z8(eXSCOJqt<|!uEF`bk&RT#X+7Yi~L_kfh}M>BcIX2L4#zlB+dFM5Y3P7*leuDqR>JG%R<`Ao$0H~E^~eX|GtUfBCCi5K^6wfCu?Uq1h6 z`aWJh!O~PWrTISP_R?tf*8Zch5sO93@)m8kkBWi4JQHszi}<8&p(Fp!@?Eo`{1#ND z)E!Mdp%l~@Lp6{7`P!h7?#l>4{xSj7T`Pn1{TOxA%;H<6eG7pv)=fmeZ+)QE3H31Y z?yi%ej(X=L*2pSvE-LD!>wT+xk#dNswmA})mZv@+@rbVfFBOdHy(2pJ#kxTHmvYMC zR3?pjAy|7n&_jNNGP?cn1~_81qj7YOcnC$wOA4A(4g7KKFqT*1^tZux;ZCOz9nrL~ z%+~7i+zTaP7re-c0_6z9vVSLs1(k0$n}0HRI5O1JFp{-9>VGYP_wZ13?4g$8DJ`xo0e{>!Yu^yRY6cRMGvCiSIzTPQD%y5^6qn#bTNG0~dQz|mBXhX{Rz z0P^|jCa|HLN;F^TJewPV!_M6Nn4c)KudmPZhItl9J+gQ|Ztsv|sB4pfE%qY|zy@NZ z>hel5x!M{Q;qzR9Ja>iBEPJedYGW?*NZjZp_i1b_=1Wq=J)GfOFWfvrP$r221SLp- zAgh3XN_pJ&svvv3J3gj&BYC+UBsms4eqhx`De#K)wSD9RWl_w5w%i6g|3{yL`Z|3V z59!DvN`jF>RrFjzhKac8gc%b+$;Yl`0Y9e;%+%Y zm50t5f0<4?s0fc!%RJ;7fl^Y4zC;~YmsN#3amv{cIU8m4 z#$zDZ=dH(TaBOA+xoN>$+f1_Mvbq<$^s@Q11MhxbvHJVZ8PQ_xh=I8Jy^_ChASp`x zgu42VQ_HkC$q3{p*JAF|<*~iz5pvpl_dzFKbDvqe$)UkNB`=5G12?S~oZ5N%I(z)S zm3`kGDvEKz(S!^X=IykwRp}hW^S+qYz znRNd84R|GS!3=TINN?oNoW&22N@$iIWif{{qz{trGbyyESaCmT!7D?#1}`Hh-TO%> z(W|Jsa0s&wSQs|_6I4j)a$(eOBs?L}zBdV74EsO3HNOPE1A=+K<)4g0MBE?y|0`5grKk@sj|)>!ue>FjytQ6W_}Tl?@iYM z`V1+2tnt#kLs84f;%M$eXulemsaXHn1Vhk3qOuWxfo0$;=j?ONlo=dp9+5M+OY`+T z(0w~Y`lbnN!z!agZl|}BEDR;d8%-I>()kQ{zt67)hC$|oAD|`m@7-XF_V%aeog|$R zg1)=+^TD~xgNDeDRVyx75$WlA;1SV6s<=cv<7-a zmG$ccHJzfMpUM4yYYiou@{8xSg(jB<0AOSqSEy<wm z(RC-KF@kadpSyK8VZL>c4q=SP;V#@?6tEa)d!SgoO>fird4y_Wj%Au7j2P=}ibY*> zu0QGRo2s{&q8V}<`HMHolnTJ1a{I2PPl1N6b%XIYZZ9HoR!m=}^ts9NtbEEuZ%;Wo zsUUfHT2d|UbObW&tQ@Xd69U>9!aEp^oBMKh1+@G`j}XQ}T_gEgOCjFC|S>V`jG zp%amTPYP6Q!(Ne8y3wQ&8GSF!%ar?n$Ebm<)PDQ&tyBHCsuZWje}5~oyb#t1@M-aH z+e<;6aAyb7!)d4@8J*~v z8GFT{Xh8Q;23dY>?+FkIltsC|1jf3q+4%C{J*e(rL-E&587^h*%n*AhpO_WFq@ zIolz-i%UBJO^Ckdt3LwftUDI5>^)UH<9^PL0WrK!oP7~79iSh(xhHXPD91x3C8>uj zPFBi}&|1G~{S?;3$SK0?dh80KZDW1q);o8;s_)$2Kz?VT349c z{z6`G`KjGkxqU87LuE@?7~Rk#?pzHq=)6*a9uM2(QYIpeK7(@N7pz0>thr8GMWY$g{Q8?YX!ZCzQ;KJ~l@@_Q`11H+UdJ$;-r9pD@0;5(4uqNfCysjh>Dw1A<0&5&1;CJup~^cCo4?N3pVi#@ z3<7$Xd-(Lxa1)YEoQeWDCLw zOJdx{osUXmS>8t~ocM!BQbeDzl=WO(1ER1TT{$QD zAB{Kq@>Tl`Dt?OotJ^&omZoR zsj``3!$scsj%L9~cjSfTa^DKHnEJk96-5MvxNfGm1oYhV_J}Zayz6m93r5!1{KQr*&b88w5Dl!kZYqIRWws^#)asMYk=tOVfRu~=MUn}Z=3+lq{OYww%yGlv&A7w{#(m^;U#ev0bcfv z`gG3W@d55(Il1k1Yp0?1)?g!Li>Uv7`MogcCUxhNeAHvWb+c$V{9Ik|Ih}gzo=j52 zR^QZCUoFTS)HlJS0jSm#}srFuce2(0B=#pqo^e9H;)Lv3ZR}srCKO zroiLC{g4~%d>--PFjaP_`<-I)hWJyW?r2OsWq^v=2N%S`-Yi!d6s-(txGNZXL;T9i z&jQ50EvvtXhojaC8fLSn-slhw4QI#L;yQaX*TCFrzK{J4q@N88Sc-_wQE}=`sHu;D znlNSkQCsR;CyXR0_fRif6*35&?>dQz$C9cuvY7%Cj;|93kC6g?&`a5FC_sK>Vly7nP`C0e}OP0)Z?JTA9Dts$b3fz z2Q+?4l5#MTe>~PCI5OcfXJ2OyOpc@W`|BRC*;cYl@MUh~MY~?xrTkp5d18M|jOqG- zgA8=&$Dvn5PegVvJ?gQ>JA+@^A^VxKca$7&#dtcS1clH5GGA-nM_tRYT`=u3iKm7^uNInBBV2b04?H7Uxdb#nKfmoJIEB^+hk z9mA3o%eXQ^p8qjPW{j>Ejl|l=Rz88~*8+ga->jJoW|rTD#QS$*BM_ZxrBF^`&YewC zmDmf24CGcVpwyo=WV4?i+ONW99&(iR zwU$>)OuoF~YiX~q<)!)9JmNB1YM?fA{1+ewtrQ~q-w*WTsMU=2($+;dOOWJVZm_Cx zZEAtx9)4;zK3_rp_Cwnj*+nIrDz0G03i4GFfS>C;?_tIqX^d8Z0O z`VvyTS5l&sT=^M4%fvgtxsh79CYDBLo`!nI->9;sTWuqSBaMCwb)#KpsBY!n^{7_f zZ!^#8hEha)4kKc_+(1g1PMK zZF0Pbw>M3fyx-M~#_K;61gTzu{Yu-89DDoZ8)Czbx8@`P^dycX&p1*fb;B2BC7f#c@@$?I;aF>&rq* zh#x2xl!(7Z%NCcwDBb$P9dXGHIV%IkM8Mz)%(y_Dta)8oNzB z7w+lUtVYJXNCDGqp(YKwR-1;_7~A{K@dMB=%;wX6E$(*L*nB5mS!J&eA^jggZruDe zU&f~^r8Tc1d6y-Z6UhlOau~{W58?T<3@ZzO|JFG2Ue08_s!MTRUh;cT0MP>4IhOz* z2jg>!kA!qj9J$Jl-#=GP7}CGX9W}w+#vr0r?rTtg z^}N@iq`)t&XPE(nbZ^5F`}O|`%Rg9G5Ut&1P@#NaYQ1RB`he7P(id;V8?89vbM(4G z?wZ|#zUT9shVc{szW9ty)i^n$^XB>6;Ro-S3K!+|<|G5SyGTWb8F1(f%GTyGh*NVD zY0I^Vh`Oh}PLCtQ8jg3q3?mkUR3h5?=h9Xe7RnAPu5PK?um(2Y{Q#fke^l&!ZRy~I z{L_`A=n&o6XrPw2+7Xf+!RZGuvYeRUtdKFljN0ArQ{J26$rJpfbYQFExvkl)#e20U z)Zrlp(0dtm_vyy)xccPKJg|zFG}&}>$R`2ls&F6o{R`+J%A%CGwWmyorgLNLH@Vtp zJnpWZ3HSj+DV6fAf=bPK&gwzcR4t@xfs+%mkkHJ^lquEXDQO_{HsTfMxmz{R&TZH! zr@H&l6~VmT?zq~WA?CIMvr5xWubS?b$eSK99!@uK4Xd-YTDjgg8zN|-%y<3rWTY6z z!qY;;bF-bJv^2*d$xY~>OjGX(vfE9jKyj0wx*YKcw|tUnfFIIbo=ekauZnS&&EC>E zf!fTZ%M>`X%*T~u$?}$?%&5=yZQruTajw&~=DWNcVTlSv^NE*UVCWNwUkKM}=6<&7KkG7 zHlMoBe8APfj`EUh0~3IpTkf_?=4O*C<=p!2J@kgfwoAp|qUn$qx3cRZm)t(2$H#7; zftqqEeqk~f#@$fYxE4m`Wyj5HpFS?i?5x75J&sT~WjNW_Yc|IJXkw}xtM`DB?21L* z4}ek1J>fTmerh~^B|K415fP|88rPahU3)hEu6quq@{Vn`_$)zpV0K(rO4&ElTNmpl zW4iV6-c1f7LozlL136~o^k$_uMYqphX5@pa&gl$6#d<;vna*VB5$9rPRXR*V>c{cM zi`URW@mlbc5G?RmKh-JGm#ye7G2oeu)EgEzmBTNdcA}+{6uG}5LUBC*E7+kE@PHV; zhw!*}V$I9LzVOAZtgDy`%bci0K`ud$(nhhr?F5g1qLX3&_B?!1@XG(!c3pC-5)*R+ zGSkRk+5G2_9?>h3Xdx7YyfTOPCL|p1MOmDrD#?tzu?MSUgeRu*c^moMhXG|l$7bV& zsQA{XUE%CwHx3X>s(a{RjogpTwxl^J$%wLC2kW~TbQk~RZ8!awaP;i!h&&?GZ6lsC zT7+3@N_*>la9MIIBgmTQd^^MhC$g#R*-D&;xmFkZ#poz3{_!zT=Pc@mB~YtSNHjk{ zSA31~FSF}S-Ep=YImlwgh{Q3qwrEc`-bM@*@;1pone&V zb?-k?se5!t?Nx`H5(;&hU;WY#9@xj)U!P}=Ili4@1`^ImPFXJ=ni-9JBPwNR3$8_& z%sJ!^t@YPj;by&whbU{1n|ND(@unH)mMRX!FS%GP9}9srHyz~`Y!8LL4O}z;2~>f< zfFboP;vaZzmDeaV;A8zPd&W=rwU8ppkV)c_&6oDtFGIz{MTGp3+JhYLaToY|LU%sl ziXy^;${K#!i#9n12b?z~h|a^huJGZ*%^R88C?E1!`%0y*KP3ebOd$gdI5o|rAT8>f>@+$m|yWI2{A2&faQ|@jT>>5rvnnnal zr2jM&zwLTy`71?n5b-wl0NU%#ry-5G1ScceekJ>8jM#yYvok!&s&Gax-7M-o)OGJ- zaoEKxDk31+*!49VYNTE*dov@Hg5STA1$v9n;9iZ+GO>~->mtCnaG|VzY^<6p+>>CJ zY0_Ipds@P@uB^&GVK@hjWnAJR?=!4#Gvh4fW=qsNI$e%$pC>nVxy&Y;QbtBZm+!iE zH~b}5>3E!Uw+bd3H5`_9kLS2(!WHu)49}``6f?zO1NQ_Ipxu40Y^~xH<&|>aZ#c)| zpwuj%v?@(TyI$L$CPdQIkyP*XZ9B zn%9xv8`tGd(!NyJrNDMaQ%dNHy+~3x3wXvl#3EVP1A~)W^9O)Jq8#l#SkWnZCw)B45$LZ7yPW!DoSQY-9t&mmG&I`O zM?NGs&jwQwIM%X3{09n|B0*d_qQ=~4wiCP`$|!>bpSJXf`a-D*?n2*$s7#NGcx~~o zqPvW%GOA*#=Un(9=|a6&Ik$it)Ou>la*!HCEb_(IW7waDq_2E-xEbTZ4pd*9Y z8L9M39Jj=z&lbn~r!bk1+GDZbtEC^K=G8p+@4n}Mx>MIwa*?w3^qa0zpRZO#RyDAf zJTfyQs{Avt7jAp8cv-a!17){KN^_N zbIkE{AMrpmqn%oe7OM2kz^KM<~ASqu~#7)gYUWIvG383V^wK zn>AXAgG2Zj}6OXi&E~Vc@pxkB$n`N!)Z?3+tz9D}? z1<^H5CeyRXr>!J+{Sw9cc73FIJN=&y9-KD6e0R22aKH0UaiZ^Q)5sirboV8aX-Nc+ zq|`Zd-p1Jf_jaG!*K2q?Qmpw^S3$oa;&Cpg*0wVvvPWp|{HrVMn=)>#u&CQ* zzp9=3#mYdvt#dVS%6Tf$bh+2peUat6M(Mg}Ob~O;mj);39IHx+nE#h|F zqP=8kATB(>kDyr=o~G>dJj*(S2}aeYd57|(S+KI*bJ8+`aQBdZ*G?{$S=bO(@U#F! zkVY>sIV~H?rbfLL%i}F-mH)J%bxPqAvXYn0g^E6m*X^B#Y=8ZU@bW_{^6tORfTPjy z0Y#0`xeVPr-~|OnXjAgP%FO$Wmn(?7p0a*|dy5yI2VY7L8qjxIQqJ~)hV&wPtL9UJ zYBgk~gdda7>w~=fXDF4YsjN-Vn~QnGs^EYdDC~J;owYn=NWOMI)t3iG^S+FZ=Bew! zy%)tEKL~5AIGCjdd|mX$&=LS>9LvvnLQ!WOZ!^QZ!BW#DefisZlfmDDgcebe57@}q z3if^l7C~6OZ4!Mz?_blqB~+$tCA}$|=>oKI5rBZ*Y1gFqI58;_6Y;2_6f)#;+&e^_ z3}qD2cykrej#J;`9Npo?n>yV**166{h;ZRAKo$IKU46^q-SF)^%G;E2jLQ5GzsiJ4 z_hRBTx`og?v+a(>f;AC4#O&Kr3i~S*wS1mZ0o_wm*m*%Vn=CwAQ+BhHh9XhSjq0cI zsL2|l7ceb0u>&T`Z*+n75c&?*8=Bd?XiX%zxq8>)fIgP~KQ)qJxkvy%7uf-0W%}%_ zDs=C}>(lPd(Z`3_#(xf=bcX6z-%C1wuZiWiXE%yX2u)dLMpviA4C~CDv&1STg#5g` zBj`jX{4oK^I%|V7eOc-txA22PgWkqD!E-yZR7|m-GA+8FA)Pi35x;L`;$aC$qAgAJ zK&x9b1a@0uLTmy@?{+d+3i4*8?IrBO7$GDjhjj&@Q0CNCM)Nfi0|GZTf{?Mu2EVCo z;k!}-9Jy3!sh>Ar~dWPp%)*yP%JGas2^N{ETg?w{PAkO=vki~XUa56k}U8xZz^)Tgvs1ct(Y z<076Le1|~wPWIhe{UJD4_xwCI6yiER8x!CD)GNb_cG!USD7Pvb4-m$F^B)(*pQRL= z&el8X%FSi$P|~~&rDx0Fm+x|H>g=(6AiYZ#or}#azYVvP+_&p->(0n0*7vM@Py^%3 z-vHoy@H&v_vZV0`fF8SfTH7t_^F~D4+-{n9IS7 z??zNKXk`{d(FX>duxI$ki023n%PsQOEf4(l><<{KP-R}#+tCJo~RX1%$N=Hl}AqnvOh>!^^gTta|2El6|pJV&}R=H1&!dNri(*y zWeX$FZ2Y}bdS!cC*t`%|HdStaWzyJ8@DsSoGMVQDi)Y3u!Fi?nP)nK zmxA3^-*1>$@S>1;+_Lb9p~&APJqzixDav@G2KrN0rgbwZ>ym{qKckJ};O;B{9tD$N zD?_re32nPL^roO9qF9eNkL9=%a?3#x%2j^Cf5CdW7#RKB5bOS1``(6l7o4KQP=$dL ze=v-OU%Zt=%#zQ>N6uKRMo1U-!v=e*N~7!4*XL8EUs}Qvyfvx5MlR?#hRLDB+Q{1( zCUwtm+1)e1iAs;40KkVj#4COegO@N+EJZb_KIy+K{MIgyo1QtXv(up+ zHDG5tUuYXNKUSXYlcXg&1H!0U66^;((B7G#cf8hPykoucn!Wl*@2Q(E$eGL}hq8R} zwoS?^e(u~2wk3_BUVAOsTV~5S&IDX$@9J4T8PtvP_%qXBuncd#H2(Bj1t`7*BVpJD zLzM$P%cRV>_GRo+l|7o;z-(BJ+Wj2bJ@3fNG5morqf;wR8E*OI)^NBS&L}_3kaXae4ThF_z=eSdq;l3C2dIY<_0Y{g{p4 zxI+Ry{xKSD6acbLoX6Mf4q?7l0#8@O+? zP@ZO7yB8@HzJn)bKACoRNZs7u{fYTMCAg>7T46#{tpdjnZ{O_@8{M6kaX?&kdBc>J zE*LnyeVH^=C35t)iUf+RAW*A-WtOaMGh7}f#=06ETZ~q&LM>e>C3+cJ6 zk~qr!&C!leTiV1bwpb}2xZ#3;6QtffWcW1CfN~Cg)nYT^5G|!OG2bYIgcuK^pN3ze z3Emloss53JKI9bsK0r&W{P(h|+w?}-hr|;0_H7<32ar~zUAC7sNW5dF*wM#?|LQ?P zMNoB=+aE!FsH5S57hc$sb6eamg$s{UKStWghp0!?eenO4NO?#AScx@4z~G3RB+suG zm3N~{p^9R2D^?BQW08L1`~pXrA}nO=59yAVC%Lp z(4Hd#&@v2FpY4gK)QdlTJ+=lA!vdRRwqn$`@+S83#?4Eu=uIGq#n=OvHzY-GaTs5} zy-;ZJ+ytmiqfu+^>UPzzu!*|8RE)zxzB#|RfCWVO#}~utXuGJ4#?Pl%W$u#FP@s?% zJ?OAY1zI5`MSCF^hiHHT)`$Tayj+T{o!83LZF9$M)x7y8H6ZFS;G_% zmUeJ^vboe2y;nrh7am!cPJ~VQMx|oM3x)OU0Id5XKIeT9ZVsbr?zRaCmN7YVsB)U@ z++h71X6msr-E95zY_>oKaMmX#Amv9syC1W$D6Sq*%=W=>U9zLu=M`ekHo>(TdgWo z^UQSe4&m>KL^c7jx!5ETFNkcV?5gdaj3k7I@xqLB2q!49M!Ra!ZDnlB<&hgx|8@ZFLQ`DOwJ&|BUM(>zz*bO4^@FEl!Fr9)4?yei+ zg4dkdJ`?f62R^`!9kw2FQh|%Ntg7PgJIK=J%QUx7Qu(Tz66ftfP^}E=x+I?%uE+xq zy7QmfX#fxwM{3K+i2@QiYQ*D~)3%>HS=kEiKNcOUk>XH-V}Wn zP6}VmZX}z=qDREg=z zkp?Vni4NF-#ZdeO2N zu&K#vWvDBx^onGN;XCt{k@MvG!03<)Q3C+}<4M!ei)?ptB}e{;t{)dk==~wW0`k3K z06OC+{N)M1CTv0A%zFcWoD0>dj;R&G8fazqdV`K;M4OvNJ|4{T!x^ncG{hhL(X88Y zj=b@zAyT0x6XxNd6L7_O<9rVkgVH2p%7NdjYu%-~fCHz~^fs>iy*;+J4B9I)K&hic z^^|2K%}1Z`Q3p*7qbFh_ZS#3Jz3tT6vYn6sVIq1C-uK&fe+eRsaZ?O>`Zd7* zO8&YRNPF^hCg6M+0S9!v8q6li0SXh`szZUh=p< z>Z6QW{|+~Br)XP@w?OV?ck#_5U`ikg%f1noVe)Mfh-+qV8Q=8aC^O$J{-GW=9>h4F z(cA%!`j0lYZjx7{07NIliezdeA{pvln_&@%+S!8q<;dWXz|b0O-QG7#2-HYtpR56? zUZVN-&zFSdX)G-uGHxGMu>R?VnSe>6g%lYyGcVCh6{zJVOO+d}HP#68M!zpdk&MFX zVdCMM5s?zm!tHcha>y802j_usxxxXpPLtP>zFoMZ5^#i-uPwD^oxfZ4Oo z-j80=NucVY>*D$BgC?&t5roa3oLvKj^9~_D5~Htd@|jpXQrn3&#MI>t+fz21KjA4i z&`&6JiMMjSy};<{B=^)w_aPT_p*$yB-~otVk>@hi$r3y=aKT_Y@(xIc7+%PeC&i|f zwp+Kw=gct}PP^_~g+B1@5LL0sV#-RbeW%e1o!nO?-YV^Fsc(V~XiG93q7{eVtCf;3 za8@JFvEmmLll)%h?w(VuX&6zfI~~;L4EH9~m%=A|(lC4x8oEM~6yn4?eZ{>UZW2l7 z`oA$@_~LqI-ivY-A`xcu~ckQZ=+8f93kK6QKEevy8S=+PF{ z#ORs0o4Yg{pc^dLJN~z!eC$oROGA~blW2R;V>xWzA>Htn@1DwGt<8(~du$mWLxp95 zFWG&$xs?ZkJc_7SR9{lw9m8!qqxY;Rs!=9?IqV*A|MsFQ$;J2*L-gQ5d(*RaT|G5} z{c_aN4Vit96;#dmUxR-3R9z!c&1v6>%}f7rVX&+^nT$PFFCtG)fuG6Fd2K`TCoT(5I?9d3$D+5oqL|7JiWqS4}X!4~fnir9nu zeHR@4Ph@mCnAahh_B7$@>8;&Sre{J! z)ig@&_T1mRkZ`NDy(qAF!5?YV^7Rlt=6I5V;<%y|?Dr_%L^1daCs8xW^zpYDyYuv| z;BUaq;xQTk6zc55!U6r)r*!L!jhnq@p~@!eq4DZ6S6N_92RRfe!mITH*vpF z{6TwSa(8F70XwzDW#qW!DxH?!F(>w3ezyfqR^J?@+QqJ@Ow3s^PW)<4?aP-oG0BTh zoYtVLBztr>K)N3bTFtUHZ;aXAOV(HOs(zGz49+GwYyqW;HrUsnoF1*V0o9=WAh3?a zsPWUGBI-r8js93Wi{vk$@qBKcZD08^@OyOm&Uu6^*WAMn0)TrA@MeQEvxgHlnsn8- zWeQ*{9mALK5Eg^6l6-EX$i8(EunbFt&uO_212B)e>kL{ser2l0_L=VveET~EL$PZ+ zxg8JcUN}Dwnm<2>NVrC;X&rC44%>YM>t{GRSD>}RerTS|m0ZG4Dre*EB7&^zm{0$0 z0fg|gjVwJNZWeBDRQkcmI&Iz(pzwrL~Ta?^6;phR=vND)mCZQH;{em==*sN32~1Gz!fUHNh&fL6{< zl1%+QNVR%G=nG*}d#Cl|0_9nqp4T(=OW0aQ$3Pr}>T-r_`;yQw^V-aaRicL!aP+0C zTC>V)F5v~$QGv7*%%iYU!xIa+6(iE>B9*RJgrkwy+ec+)P-Ej^ z@7RxzC5*@ITRBVmVZfAUKk(}D>!lA02{PKoszo`#7J})$|2#qJpZ2XBv}EZg=cu=Q z)q9p4^R(yI(5I^(@4qyEdo%c(j!tyqkaJc7;%#v(T^oX?UsJQwxbaa=vH68V`a+>iIKTjD_jktZ+>4=mDg}uO_P| zbFxWvJt!@RuzK2Nb<5g7vZJSDZCVzRqQ|Nl6m$aMI1aa;~DdL&I|0{T!T8fKpO1N5>`>R~rpayxosf zJc>)#V;gneIF1o4-Yb+2L)yo1)kNkSnFS6UYVC+$TmDcZB*+bGu^a0B^Ys@)nE%Qe z7xk*!)Se|tmdUQZv<&=0s9 zxp*8ovEloB2tcJw-%1tCZg>}y-}W}r^LdZ_7?+tWx0KQB*TE~zTuy5l8lv|+3n%EI z8!ITNRj-uKTXdk31CbafyRC}VF2KAB9T9qe@}nTD(vZH+LIBG~DHdLHauF&OZ=n0c zW(0zeyI+Xx9q$$2?yFp~)urbLmsGCzhO~DJVb~xTNBjdkFF1AshdlWDjk+oQlHR~2 zJ<-LCjT+!CHbu;)DcyYvE1}z$^;X$#~%8|*YINzqQHn){u zvX7>4NHDH*p&8o8jDCtig3`M!x|-&KG{M;JPWP*LGeo6emiQduc`W+xm7%AepU#Q~ z`Bz=oc2KGry;gTjG+Xr`jx&&*T}f0!?-(@3y%EAKYpbh*T-Ol)$2H4gGs0ivD1@x5 zUfs5s7ZifZxcz8Y7iFHO*Vyn2Vy$Lcz^M+`IVE!Et178%6+*k8dSL0b6m_K;eSO!& zN-wg;m&Iy*j#%KUiAGgDCR3(sGc8c^z0WK^{+%? z-`JUly{<5skR@k%)J%49R@IM#Vi|Y&SuN1O4VxWsMVo$|W2YxsPHJmhIpU1ai`Tu) zG$;#PZFO2uYP4m#!pheRkCaSJGP#AW6>Yr>FM~))kd4r4#pwP<7H_;Pw!Z&SE(T>z z1U&`NkzM-Pl@z%^lM1Z`B}2}FQzi%iE9=-+D^(==uGDu)uQc(Suw83UM@Y5FX>lWZ z>yPWbT%Zp^NEBuGZZX!zgV3aNl~pl+Y9!kF9xkj|5tCp`_csXQGK!MC)2gsspvWjkh>{ zSyv}U*r%*W@S4(!994gd%tyb8`7wt3UV5y9EO*&GF|RpS#_37ODylCVM5S+nEr)LZ zrX`KYH~t#iZ)3A|l-tdWnC4rRsoONQ_1_GIeK!5dr5jn%A52b? zAq$*|N|knRDIh={dwm{Ntp857b5vg|0RxAXqpZmVJCW7?^@9jpcdp2p}Yka>i zYQI^o-cb;tTsFk5YKJ+0ic_rN3kjZjD@etCaZ`iOmZ%SB0nLJOUP2;-Spk5W-|mLx zwY|?BRKZW1z4ylXJKOYNYZ>@(C|*{u6u5ai@fnDG6gzUiEow0x_iZebashs>2YWpX zheJ5d>6^Gv?eKqFmLv6{x(B~z8C_1wN^Qc#aSdGo@BD~vokOj>d$vPC2uAMSGH0d+rqme zz-M5UF=0edz{n|EJ9+!W*XH^G4%K`c-L~q);1NO*dKhpn4`T z)AC&laPtNgM*&;&r5SIj&*6pQTs8mx)Q~h$8`^fQh?%_JL{aX^ocEr;>vJopq=c|^&8<8J&9kHVJD86@dr{imJ1r%<5sejU>o06+JTu}k!V6NxFe7JTWf_k6N zc+>cz z-`p7gPJMZBA`NF1y!^qF<9~k0B~JitQSLbIwX&$63=p!* z)un7hAK$z+1ZCR7-I!D~V03LzMW$sEA2h>|R{_d*1(lrV zU5@GV?*pc_)!R0^(c;goM(va~qmqy`qd#-x^KQUi>tKuet6z0vd?~8--S@*u4WJ-3 zBWM9*vx!hVS&Y>fdI3^^yKh&$5C*_7m%#%11p;a7r(*2=>q{p6#wxSEuax%LvYAh1 zk76yV&K!;GeO9V{S|&E}Rj;DJSl>pc*CL6Wic3ZNa(I(uwwu8*Up4ZM;3(XzEQjG8 zwA5RvyUulnX$&$TSe#~W<+Pg;V-giCX9sHYy+V??gKOnx3>{yP{13iS%oTV%CXXc@ z2gpPfQ52f=n#sF4>WP@LUkZ6S%@C^seWuFrQ7~sgMNCxYw|>s|$i-BX{8rHw{2@de z4wpVh_S9@^rBq=LQNWzsp13;k3w>lKTaA}ZgUW4EQ3*W(&B~9>PhV+(wHZB=7GSUBt8JQ?&Ng-Nz*TH*KlxwAmYhN9#^vPPg5)qY^UxM8lXwG|EMMI!=gk!~=z&)6r1g^j{JKV$2DI`a*@T zPAs>T0brCl)dbrxhu`5sA7ZX;OLO7$WG=cUYt&<|6q{&Il6p=$TwnZZc}$S=wjVJ# zeaf_~V>(8AGDh+j**>5B;8j-o^g*%wA2%PiBd%D^_n(}xlBxeNqiEb2{<_z+7ons7 zBxcwIsPXq-DlovzvCuTR9OHg91OZnQK4NI>LYD`!aDf7f=_)XBDezzVhx^un8(V#C zx5;d$y}K6d=?86{_O%yN5X|u?*u>OeloW_-QnHV2Ld*Cx-8GvxhTVrCt2Y>~&C` zv(_@Kx&t_e=<=OjdB{k~X_*k*3kyV+;1YBjcj*)L?qZ)iqQ?T4SRMAd8cPuwN9KGo zMXAw$P;$oTJpq?^XAEr!@(>fM{?;q?Q`<7K`id$8*-GZ9@_{D3nV&HaW9x~j?Qbf{ zL%*__e)!E?#HyRef~34BoN{|?JPr3!u{en~6Hb0vNMS+S1*lN$1%~qiwKsN2Llo#w zvl+Hr03DRp^o(&!l0uyLqa@40!s*!l5HRjYj_q*PH0mZk2vsuP>w zAs>`abS!!$H^gZiT_*n?vXn?uIb@JmqCR-_;W}VSEvG?%l}^yU5JQasc;yx@glSHP z=qCV6G2W4iFriFH24OnfTc!x0xQwBA-jOdVvV-MLA2hkw7b8mg0(lr%==un_i z-Hu*%mJ=9XC7n0X~!%zJ9(8oL}0` zpWZUGr-xoa&vP?gG-u@5d)jv++cpVcqg(}ngS+Hm4HxQ5tkYwapQx1NnlbpXt(n|%^PrfmG3zd9R(RxRfr zi6#fs3^`ikuccq335}l^cu?1S#no-mTJOhr85Nd_)}fI=*A175LVy9ZqL14?%X(bj zgE+9Ad+%&d>);DlI~9(2R27^D%6U^6p*a3em=5S5Psn@2&8e(Jq;Xw^!*xnx5Rr6! zxU$JxW7f>srNfxRIoCa^-O_+&TuM$YY^qMHEyQC6tuc~m#fZaA^ol&bjBmGX0~ieA zsmmA#;*oAWcO79NZ%Vt1lGwp$17HQm8TX%|S#yKrlXyI4on1y?9MI-{$3C|*+;0m1^h4`u?jLA?^Di+Vg*#~_jj|^XLeME_ z){e~o8O1TRn9ph=f+ulSr0JSwT=@}2`<9VW)p8l^kJti&{M>VcPVBPR zMxg7se}ZU8qhQR@oVO$zg%vRS8>P(+TS*>`y1VNcz)SeCsPRxQ^KbQaOhh}{(|l*7 zj#;|F1eWJZO3R5raZ{~fQ5VqJGV36iD;Q2zQi$ujucDA$a6{g@YOU$<-OWWqCMn4h zxTuD64z(`>B_)u~yB_+o;7gO(2nKGD3bGBEuR02b)VE&EXp7iOm%Pjy!T|6SW}=Y} zjs8q}w;{LueQtMfhnJ<*n5+%BXXh>J?UyLazwJJ>w5ah~`C$SIUtI1uD-c~~MS?-1 zBBFnKb0LJYK&s7Ws8_`Mg(g<&xeip+v`u3g0I0^?b%2#`*wGoUy`G_6X)6uDYPQWW ztp~I^z!SbX-mInUbXvH9LY)(`YPPa30D2Apv9R-}PmM->u81mHj;YD2Oar+-OLiCt z{XIT-eda?6yZs*vVCby77TS_)*rC^WY91+3AB~$&UXn?un%Q1aQVa@S{q}@f1^_M^ zoaf%w^chcF0XvuvsvCf?{eAwL5U`$cl5CMGLS7Ja*-4ISkMr=LUVeIC9q{om*daAN zY50jl0`l?3V3c$OwPmm<|O3d!a{1W2Ls-bk-ztBC7n${Tp{< zC3TjTHC}fa)f2no-qnd3E&TYjut2z+ZV4`x&i&C5IuQn5mj%QA4l}z6ZSnUv!t!|1wWhGKrNlos zPM={!oH;9g=Je*#qksO7Q|1^+EAKxum7jr3`zQ5j2I9=wmw!EuJldiCs$nvsJs1Tf$2b9E=aqy^KFLUHNDOg`B3{ZSWH ztYJj$KD!D!bNRyYSHmmLX zS8dR#Q*JW=ijH&0kJ{6kGoW7kgt*_B^8(mhan}-GvJ4LDqgoZh-^MMlUTJ)Jge&!; zMBO^f8e`V~h}48HsSfvN`)Jc2PqQqBbWl0=u(!8!QRU7ns`dM^BZg&GWIM}{&-vYk zFo{+t*?yM}%*81Z3L`!WG-2CaG;CP7m{T%!LZs&Jt*7C%x*Ow~?Jev_66$nJv%NR^ z`DKS7QF?6)4>bxXn>1(v-T=RLpI>G;joA@^T-yba%jXIWy!;uySs{|=D*47!3s17} zc)4~CmJQWf4gxKd94+(kJGEjMV%skfuhAZW?Fl&P37$RjzmtcFF;Y=iil|Z$8nnq8rfRJx?B_ z)Lr+NFV{TQM(H2*(|Hqj;k}JJpjOdhZ~moF*AoUzj{G#N(Co&tA%rDf4{`P$atXpJ z6-&-lig{)i%|lK|GsX|qRPDzVK%D&CZAX>Tx0KBzjT(f0eM(0&cyo#xbAPcD9H?cD z94N^VS4uM5!g&Y-;dr1ZwM-*5czUp%t&(6LTbV~0yz~G>zJNEYH?Vtb$ef7r3>oor zgqKHOsVvb^@%6q13^lk6w@(x+o6MP(`N`cVrGd%-LjpY=e%bsDq#wcSM3oi9m}C3o zLD05vr!aY9fbkD6r+-ro08lIPP)iZq(pdUYcl)DYj|oJBtMjv)z z(%bRab=HAMDxs)u0D?g?X@$mM?$zYnIH7Ai3cb5EW2sTJ_R8eJ7`M8dlJ1UQJ;1SUd~9!Jua<WJG$mj zHk%2KGyKWuK9Y|o@BawB(8_^{FJ=ICc6HP-@&tQTZX(Pa8J);p>nLlP{x0COP`*B= zL0iAJ(Rya0`t!43f46c2wV+{4wX$zUE!Gl0==kywG1!}T&%>KH!tv7BSrp6~_UD8~ zjA~k*)>;1aYl4v1DeYTR)@(UDqa2pls`25SSFGQtzebYl)KB^$2HkZ=yY#yWC)#1b zui`ArgRASf`MTo&83!`38s_H<;=3#25Rj!>wM=eL>z1SNWemYe@f_AvyZzUxrMEV@f zYD)a1M;ZHO4c++<<{|{{X&eAS*C|kGUsIv&!KXmRqM|nOvt{phaTjIJbjU4@p6tZs zq2)eq4h<4Cg!>F)ajTx${!3M#)K%auPkIxQqeN$9B>n1&5B2K~qHcy_4WG2>Z3J3G z5r0`41rd>36)LF>cjl&Er4uN3rp_&|tWE8I2_4w1f>K5znJX#1EdvTmK5=~xI+jzj zxdcbcZLQT@^|jXQczZ*`d0KR9&g5%GhEJ}y0ujkzjYs^9=q-b&4r+%-yHPu z;*1<6AiQ_xr}l4`a8h;SW(2V4wb14le2{BPuRzS8^a_>-c9O-<45Bu63K|{ScXNTO z4%u;TVAT}{XUn>p19vZOmSte`^h;fEyZR4AEsn1m0+Tt?mS7YwXkvfG{$XUpbeSQ? zj(TUrto}0{?If*)UfL>c{e2#2c6rPM^c9b7rRdwN8N|Ete_dpVbU#dI+t*YF`qs@K zYC6?UItlWhtllp^4UO)r*AV|1I3YGAkQiDhg9@#!ejB%VCLGvfJO8G3cejsniX!RnczQbqA9@F+WwP&@M>QMnT*gZXcY(2Nh)n42}s{3=JrLxqU zkH$K_+ojFKet(4V!bbmWv3}s!xf_3yZf_cW(8*v!1Xv>7voY>4g`hy#w35v6rz_!$N(4PD09!;}YV6;?Po8z`92>!O~3nnucar#*I0J z8?9^y#yhG}*&e@|X05)S!r9}*1jp0e{re!gKv{)N0Qz6TYC_mnLs%XknY{~6XNAj~7}?`a+}XI0^Ba32bX!=)j(`4?451J!8Ob1tt+Jya0bE9vLUjiWgU5 z_Tcwh?{-#qR#po`F%uJxjm@Lgzn!XK1no5Brc;d7;qN^K_YOv8g{A4GaUx`^p}g>C~|rpafsZ+y5L2*WT|R23Q0 z5t}zX8r{d2kB3-+u1)=_5F6Pj+tTx7K&&Ahi(C(VU;;&@^7{=*LH|qeyPXC0Yb^8{ zIH4px(?Y$Kr>J3WdaGH`Wg81=sC+T}R{xYduE}{*I?ay~WsUzN7C(diFo`W6fM&W6 zjGI5SUzQUPmIR+qoB;JhR*Pv5<95Ahjqy9b6Leeq%N0D#tEx4&>fP5@gAuW-S~m!= z7au$;!a7bTRDD_8cDJ6c92`dlxME**+XmoEpowk2>9%VOMgw$`NaMjTZhTjgoD-~k zjj>XmRNvG3@7x84bQy4} zM3=x`oUxDUa#Bla4l-ZAMCY8H#PCQc((sosjnZ`Bq$ahM`pKuQd`k$FTAri zB|^Z*NhVD*BL0U3>Om3TFx0;eztD>kU4W?pXtQa3%K|J=j5cgv|Grlk%7kq(8HKQK zUkA~^cafp0Pe2#o@x>}r0dZ%0zo}Ttt>M6(bzk>LYJA>ti)V3DJZ}@WG~H61E>=(} zPnOx(L*app*WNr+wYbVc9s2q*Wv|G@cecYjN}kI?U&s8@PYd53*U){=i#$Ja$$8aV z6Mn_;$zrktwb+(5=Jrf>2snd2Jh>g37jZ|9c`C3HvOKb1_>P5x;{?Tx&(OIDd%Rra zN?VC#iDQaiQnlxAjcc6Q`kLfU7HU}_NE@DFb5AFsi`@-owy$riaVRt`>L<=ShG-jTx)E^2nB$-BW@?9dUc;b z6+z(7YD2MKTf5Vh8(Ba5l;|)T=K=G$<@N&cTMbg5ISOTl@tL zeV1}WIsd{K*7k23fOh*s>{vgX*X{d-Mn?m*e0&-xNL%H;mZ1< zC$T?t0F~o;@xT4)-qYc%(Zhv*BHb1^I+6kDEqE}<;_!)1C`)*BH*zu_}9Pg~>@nm3QVIyWl*)kp_NbY)&w;gxTk;|nGT4ga_z zYDMH>F+m=|r4t97R~cTgvrF7UlXdEddT%An%tczQ8!nTy6Ump(E~wDDbJPU z#V=c{M=|p98_ZSJ!y~L!`4@ydV9iX>l@99`!0g`v2iT+$XxNJQ=MJe}Tt$&E4twZ# zo!Hl$OXZi2Z~Q9+*3iL{wwbLq@lW5Afg3RtFLcKnY2@x*vHh#&{6kM#t$S}}Lm5Q} z3xoL?VgLxg6}iX4M9*t#fGof5O^TT5?(9J+w+}sr2`<4dFdl*vB*2*35V9(4n;Mpn zzrsf!Ts;E-vg3EQ|IF2zXm#z|UtqLD50lbkZ&JQ!hw5w4L8te)*LVcmPPF$KN4&4E z@~o;TmH*pTUb{F?w*ip4BVhp}S9Hr831E-~yE z8rRhLa&v#NdM&7rGD@q%1J1B_-qTf!+Dz#tsIQan+>;?m=_i3C-9C=HI66V7s&%m! zdOZg{-_N?=FPG!co7&_wGbE12MRwYl&A&ZaHkVrMdj%Ubb9IgoBIM1EfX**?Ja3$r z)hviBXs@mCKd*`Zh1(#}UU<+CP}hd3*<$HmBeyJ{Po&0;Tf5qFmEdz5j=bT4%y7Wn zY&Lc5J5N;Nv&58{%bh?wO^+_dR_~;SmdC-PYO>Z*%~w^ev1AyIzNEAOuevF;_=2+x^J(q1EXsS+PV4F zV$1h8p!tSo$miJF#AJ3#*81A2Y7G2Y-OZVA7$i*;t0zWSxixbYt~0(LAjB&v78AR? zBUaq-RbE`xpx$4KCk3_8eC4ou#*|sfi}W{0==-%!dC(iATybpolA-O#NwdFI;J2%( zyvvqYI{k@yli5;0acsFOW7Jh@b5k~_UE&w3SY6IM$&4aLEmiV@d=3Na26423m2D-$ zUW2Nat0fr)CQLH7_ra+38POxLlE2stP90qbMweTp$yUs~35A#2o5%g~{n3`C6ep$` z0-tv}G4D?Ysy7GK;5a-*jgZlW+5MnMv(D`PQszH>=SCSZ)DOurC(P#V8GB9kCg?(| z_Qr(X;lTZByfz ziI0st5xaA%Hzpx#H!HDIbD;xu)QTDZ>J;8M!?j^Ek$xhf%Y61N?_J3oVI(H}yz1(v z(KItIv`v;V+j(ray5<08ti%5qmLJx1YKv-7sESzOwxik`SzdM4&LW_l^!YRPtqI@lGn(Q=48?AN z9ZXv9Hz_^7Z!93*&PRJ!>kW@cj@*i<@=Zb~hm^LQ>OdDX(8F6vjKyh{8ovS#Y?(pi z)U3>%3?GP$j7cJkpaIbAWfc`WQ8hYRLQf%UZdRJ(eDth*vNq2pv7->m6_Lh8#{Zqt7qD;xp9a1th!?ns} zx$9QQy+kB@5nhl~eZ;^$+PM*6j?FT4}5o5%h^$*WhN}X@}r* z=LR-k>t4f3o{Pr*;wmxj-kZGP1jC-3EAhm&JnkJA`+?N}i=?Y2KlCt4O+wGMFHyJj zFvyMGk}u9LMn47_uLO=-Q!h{aqNLfOq_sf&$smq-D2i!D_4Z&TITyC=6sh90KqOFx zdD*Djl$k+%cPY~)NWFu;?>fmM9hIGncC1@bKNc!fCc)tkQI{4$xI z>#Gf-Cn>rY&xIb@1m3Mk;ZU>Z;FmY>@GDhAxe@0zvD6+QJdoBqc&V9_qNs0-hetur zPq^zw>K}(kHYvej8^>bE$Z1Xq{inrhh9`AVbRBmcaTNa1u_aH{b6d0faN({+|KuNw zIfe}eele`U|;tt#3mQ6!8U)^g$!~ah- zZk@F8#Uia{aCGcCzKBPkxTOj|zp$TWgvZVQ%X9B`o{Quir5d>~br<%tH-Ru)>hfJh z>>}>$&$U6jy;ztuDupn9TC9jqYYuWn*@ye~fOBht+EQYIT0^lv@pVpJ^J06HiyMi$ z?zx65>pI_*o8Q^<%nKFsV!hM`IllD=Z{ddkRU5IdF%5GN5z_*mj(}aGuXi%NtwtAG zTN1K-P`vbh(h7|AX}XDm0*|&A_vA&!_=Xg|QTd`A{_V^U2}2JoI`8hc*yoova&AB! zJGwCTkw5sSdQl1W0U&lqFMW`_pLSzrD|jG&Mer_$%J>X((HSxkY)K#@ltm8h2+aBl zw}8_k&L{Dh_0fmvullL2^vf2g?w0HngFK$W!PC$jIC^eh6n&q7Yy*!hVi+%*jVo(< zz^%xyM89~oUOhkWvCdW$mD^_04J%&x99~9vZQWa~*$n%j+C(vvWp%(E>__r{N4&hj z|J7>=4Xs*$X|{Wp_IK5|R08eY24cr%F~%DUd^UL+c%&etBQrN~blgRWe8r#u20!<76WAW8yx=-VCr_bZMPo3Ukx+%3%o)WFptR_FrV`?{BRZXiIcb-ht7HD~a-0pTUO0LmOX93ew*Qjln?x2aZ()@TSed+*1`1i(F@Gxh z+5hJEpI!U?$ctN^>1hYReTvL83@zy>PhP#q>ELJrOOgB6kkX-bg|2;AiDF%M?;)J9 z(o9+j9(f1Yy9aP5`e|9&%#rOT@5|;lSU=1$;bF1Z_wNMaZb$lpyc72kC~6V0(p#(s zj_CL)LM0#%GESIw>s@|n#r$9R=bAQzUEXIm`t03D#!eyC$u5jP&wM(C=mVM3Z7t_< zwmkcZleN_5h6C8@ABVLT+@X>nlG?mteW^zE0EmJb00sdHs{T6cGgKjU+OE13L$;fI zh&$6+5#|NUl27qp%7wKnlZLBd!vi%9fiQSUh$ux^;%TOIeBka>_Pa^z-oC4hf&7DK z224|$|KYa!m#+M1+MoL?n?tBJSoqg(jAh!MRFTLBP)k+uzHs2D;g?lNcGQ2i&JHyB zS|}wV3WT}yrXioD_U1#7ty1B*))}}bsh!_%g7odz(P%a!{L;?4JTZA_QS?du`zI~< zMW%iC@Ue_Mm`ASBz1sQDnh*swo7w>OLFFH>-98+Sb9kVdgJ%D$kkxEjB1wE& zM{*;YeBUBig;aMvD~5b^#T0W~9Vu6m#7VDL2UqL?=I>;=Y`XbY;cFW>XyU;BTi9OZ4l5C zK%S6wd4ikHzhQrJq1Xs@x9!q|AiOFhF-sUJJj0t$)301k>ksd)bTGIfQxc!nkdzhN zZ0dFRP58cXihhu)pZ!M7HLMdmt)W1}H!)3kIobjDjL5gkjQp2Jqf~J=49`c1>~swzk8M^7yzha;a7Xf}*0jsk- z?A1G&UQ$<$s60Q4bCf#au${5?`to_nn+0Lrtt)EwfM8N`s4?ygAh-_>y*BGt8$z(=EQH*w!y}&CSw+3NjG@S&jmvw=bM-X#E{kPR( zL5Jgnpxmg8*h9i*H5%O5%|zK{`P;AjGIC9tHLLAq%>Y(%>FcF;{}oE2YF>tn57c{A z-kMqMDZs_nUnORQ)r==-;%TuTQ>|rR+#15Qd@*eNR|QgF!T#N^K;7~VeCXU!_SBcZ z{X@}=bR=@vqa7L2H!wL}6ZJY|_)D+i=Dep$IIh65_g@TADNorF(G^4WuX41UGjJRs zsOHq*_6PDPG^Z8MtpjTB`f*-!C+VRuvtFenQmdU=+i zm1inaKY&IoFK*K){2n0+lB3bASWsB#!b4d!HwuyG?STT4gHrH#-AIepnaZ8sK%ypt zCJw{{2#U)&bKJa$H;kWbAO+Q@8PR=mipfO7NPxO=e@nOf#Iln&2yLWe5IJvH8_@2ZR?&up;Pl&w|*LK@6MmdOP_wIIF}Dc5SJb|t&P|- ztqQb^o**$n-H2<*`$om~ZE$qgJ1*^%Uy)-|06qX7oJT6XHj<~=1zLMsuJ2R^=C?i> z*J72SB!42hEMB(CiIgno{*+iHG2V!adalA*lgfVA;A9V`b9oIn_ED6PiwP;hy}7Jl z=Cs`DfozZ?);nFCANRvf?nw(i4?$w?YF4;SeL_8_K*4@cEE5DSfJT{dE? zi2{)K`RXoDL`)^cqvHlndl4UQ5K1hqdr5@&Q9Iu)av^@6RHNHj@G~}}1$WvB1>xU6 zV_;abjY-YNiYX5dC!`+m7chNq`f~6M%uV`yz}8pu<8V6_qyfH^Hf=3Z%sI~QUi&7 z-(;{YxUU-RRv9T8J(xKgG$Rh_$_khnzdoKBo3dr%19;C!we_}3eN0K?(tuNv(Jq-+ zM?Jkm=P}1agfHRcw`M$3ARd&$uWlReLHSpu9cf{BFsOG2h2t*I60{{)Msu>XW~q4T z=-l09b`2Hejq-HzOygBAy`3sC(E1b5L6Kx`9l-1hykZhpVz?zUKO z{l7iGPnO%CID2|Oi;jLmaU9&%@$ifAq{1ipWvT)a<))WFHL`&J`DaBH+l-uqgPTl3 za>Ml}YP@2Tg8`LC`ixE&Lp9z&zMA^ow74NT0Udb;nU4x?6BSLr>!v+XH}@4?(6{li z_%6GjWehj$R}P>?A0GQ(!|NkxWu&09-jEm(a$+uY|5oozs(xj)(VygFK`&KRDydiU zh?Jq$x<0owo?XT2uU?0@ZS`yAM3t3?GJP&jt(Ls-@Qcy4qBCjho=mU=u`^ql@%gNgj4@TeeXJZ|rsF!!IY3 z4zlzlER*&a$zCEW9^~&iHzB8Ymw~#00ElV_Xff;plQzJPoGt&B(Y_;O6P{7u?mL!h zmukp9W3+q0(NN355_1RlU&|>b-!06?G1l-{kv;wfo*c73xyY(fMdtAy!a9{Emw^Inhg@nhy2x^D$GO^hk+ZnT zUN46**_P*(U>SC-V;ksmoK;i59C!%yrkyN^R0B9dl1_rnlorxURf`5r!(Lu*N!2Lg zqe~qC&RN)Fi@(mZQHP7sSwWYlIzxSF<6+PC_u2|i6=*ExNv>99Fu)J1x5gH#uFdpE zmB8v8GPi-<&2UFu5N!RW<3Xwt#}>DQNPHI4z@nX6Mz;P|90!|DgW5Eli7q&!l33c! zZ9X0{LYTVc-mPs9s=zAfZp7O6Et2c3y3_JWUr1(4KTaXN`L8%7c{BVI@+~|EN4$Jr z%Ci{Z>@R@fJrYnvW12g_EBe@P3US|pKi%g7vE-uQN7(ltX#i4XjJOX#4uPb_2_%xGsBd1C4{E@I*wfu_R`*_>B3+B$7a|SU5vF5_;#M z_}rm9_ zG7@vy4zeuOT^C1H%TZ~dhC8k_6NB=Kdh#_V90%Spb*tNk#XV^n*|sfA()|L)vCQqk z(&_N(TYpcb|H2&cZdU9JMqJC&#w?mLF3wb!^Lf6%FSsXf{8_saM-(Fu7vQe}k!GT- zJ;*t0?y4@6PQn0{<_?&RaT*^Rd~UJIoYDL@nL`->k@S^Z$4~DLo3dXzX4MV}-EZvP z=p9nbrZu;Eu&-0(HD@xyp0&H!Cw8FIE3$OdYlpBW&e*GLoor{fu2|bzMuaxM+wXYc zIs5C~y1c1iG$39COUIId+5iwehD(6-TEqbg!n%ay*m+Ibo(4<&bKm{UqRq9$=eJdJ z@BAy?OFG2&HZB2q1>b7>zwqL7?kD~pNlJrd+B!sgTDb%uL#ASHvh4I4Hcg{e?kmS` zFrR1}W!qwWG|k!hNS5`S+RB{-AWm+X42FC11{thL$Z|k0?TKe+KvRG4$eSawOiRE< zPWgVZ_x{dasL`6dWGHOkBTDVzO>T=$${NH@IirL7lGT8mWSe>(s0?pDIkokN5 z&AR-DApQ8Q#&}G>_1wJ;z(pJ**=x0Mt^xofi}<~`8Q{xA=gLp-C6|J|+*y5h5a=~L zCOx~eh~e17%%qFSJBzJP{%gy~e;Kpf{2*T_{}t%n#2aZ`?81;RQwRy5qhI4}#I0_W zu`Spj+McM5Q`s)5Buq@QjQLi%t-xDkX*vOzCX@5y=56DAldyo{4TavT1Wp0enL^6$ zR(m`od%a%LLs{x!3B&KiPxA{+I!>|o8a$w5mcf&N{;wbu0POY4e%o_mB5`4xPr|bI z5K#lNu=knZxV;Fy{TLtM-h+@+dvHJYC!@D60-z8CCj2LU!2rLKQ&rcWOJQRu{*t{y zTa$Wl+*jGSo0KG=-`H-k^<({W)9ruLQTVs zT5vV{&K3aEd|KUMx2QTgbyg!;xVb9?o)zy6WKnP6hrRqe9K&7nZJ$S=FZ_cAq))DX zqI}w(O@%F@O!jzohkfuI$S&jG)xK2uzFOCv6S^xWN=JbUnS=ta;b4s&;nJ>f4M2H$ zM7{%qu6eC8z5%`U=x$UA8JEtvy=QV^SseGj3b>ht9PUMMEx+L*Pz@OLt2Ud=OCcwN z6UR3R;~M{2!`1*go;=#$mnhphh%^@2h;Gl`^_V0fK<{#cZq3$kwH!WCVV*PK@Nv_r* zWM6AYntb=3n=5Azvd0w`yEs8og1H*OxN2V4Q{+;|o@#GG;w6*dx+X-xtmZlSF$MO= z*8YF2C-*#OYop^kqg?Qrz8zq-eab}wU2}oodR@TjdL~nA4T|kt>(EWTIn@k}fb~$V zLf>>4H$cgSqx_1{!@FNYQ?lwH-Af(GyQb}BK`IaUkmp=Li6I(OZUHqfH3uk*cg5L7 z#fgp)g>NqP1JT%;do2UNFP(3}(v|D8wI189W&vYK@*^7o<}^mxm$I}oG88p8Y`yuQ zM!~x{F6+r`ihHgrhjJ|MT~56gE0UvAh+xj+pbcBb>Myzmwq$KAW1r^!UadL0ER#yF22B?wg z;Cx7}rnlE?=5n5r__@H=)J7E@l*1$dgH8e$*FMpc5d$P2GC)r3s&{C8m=vmpDup+! z{FT6)%^@M#IkY|66}Q(sqmU(_%;ZXHF5~vGPXWc?6ffkA{p>A^6wX8#fa^rqvF@Mv zb&S2oIAdImI zW45s3XrOE~EPM~R$OWHjp7=pKogv=}X|583d>s-Ga5z%?=T$K*XbHrUNovchwRe@m zq-b1l032C;26M+f=8I>kMsqbuHqHZfLoL1sD%{2kWUca=u)oO;D;m0LJEDi>1o_TR zm1nxwugZriQjrzL?&U2{?iscqE1-hrg^m41Sw4caXVCHjZ`GM!-v$J@sd})Ttz+bB z#1!=YqKwa_@86$x(BDjDIB37M+r+o|UhE&Rj+CPw9|Rsnc1FXWV)f&d?CK*Q*HnnF z2eb~P4Y~oZeze8=Y~FA_|Aduj`f6cdP%!vyrKl?vwt(8CMH%1IfaM*+7I?`*uEfI{##g!E58u1?w*%s_C7hFKaG^rdu8)4 zN%#z&o|aZwx8T7>&oIkR*dLsHqosREnJwkey?>n3+)HrE57C^mK*<#5IYfnzanjWX z;y)V)wyn&d6=q6BIjaG$ea|$uV}4wi1^0^*%0mD;U8Z$oxzd6m zP(TMNgw+7#=+n$!K(|oszhuHd6uLlCQteW~Wyxvu z7o!BP{O^$O7WV7O@6_^^Hl%+Wnmeo&+ z9vCl%Vlcjeape&k%8h3?U9aUB4)mivlG#YePHR=if|!hdS3#lRX)AB{gDz({ao6HE(~`M-5U3s{C_|-^QdXOjMNWm;j5SU_ zBQ!~mJ*!~eX*qoqPBvZkjt{+niYjJ99qf6h2iwzi{_ zSR^{<3?4eP?T=1IAy0#JbYBH}xaSJCHvAA_ym( zr}Bt*F!Z!7=LI+OmKTRrP2;OH(u3az2<9%okCGTVpR+XAfru}=i{3fKysz!ke?#(I zVi|DOyFb?TJKQ80vjENMwC@rBQZLcsX-1gyHzA!0jkAC`jD5c)`AO#<=~}QPudf){ zo+$Ahh##+%bEbw2h<196GjmxCxcxhGw(5J=5xMcZLI{WCWwo041+@lD;+@XGVv0ZT z{fc`k0M7%nWSI5=CPzkA|HUyZc-W4yq1l_bUts zz&W{_>6qn%=W${m1~Fj}NjyF!;t1L1*@qi9GEa)V4~HL6**w*~Kfx~@|F%QW*4&)1 zHFdfItLK6QueaJ>_HBJ_6b1Gjh)^hwsnYEWg?8;Y-M&3NFJhSpG9AF`w2q4ZijGy8 zaJ}s`w``EXIg`zMzBPp_80bjSaiR?d8=Z>eC?nO|wWNVVyr=z6QcZTJf&EUtc(_P= za!z`HL-!!;4ryhr;FC#LEV6%mgpp;RjQN%Q)cF(Vu?WuD^anMlOp7K__7maJsQFEk zt39B^%(BZGa5~Hn_qfywaTDn@TJr+!pH-Av-@TI_|6AUIW2)dI+G^W)@`yH$`>T)3^E ztSg`hcWE|{Saw!f%uCtgUnH)#tV^qtRAo+%VqO~#*9Xf=_A$O7c6wk*K&72SVO0K* zHZA4MdgNtMjCF(^#)p?@(*IK%7J_2*#${1}63J?bi(%HrjNfoAg>F+K{U=pj;&XP- zB`mv^MaiU)E3~h`c)$H@qbPQs5-n`Ajh@N0i!cBR1-GOO1o?;34pl(P{8PGmA7z}y zU=J&w{b3Wx`VDt>_7Ge?QV7|4u2Nu7gOIoy0j5G@_*$YYWA%Ztp*|$ppr3Mf;=)Ildp6^Ru7B!JsmVf&I$346Fj+^6M`a_hBmaF1#T(ojABbFaAk^!V zU5GxC;4es@=XJ~f#LzpD6zG4e;v^wsEDl`o?h-8!CG&~k6IZ` zos;E%stcfQeKZG`-|(iLZsDKDWvKMphhL<*0WES=PlYv~BkF6JG9xHGV!nh$XXQ0} z5@ zvfin-EJ5AyZ96Hw9N2n%rq|`lSU}ee-W(ACjFmsAyEOZO78M^}xwhkIJodPBDzk7* zw=Kbcwmwd&QPHDvYDg;ZP&1?QiASU>)S*^klhDt=v z%fVJ}4K!(D4^U@YY;|-1G)|I|58ufSZn|dB{ZI$T$wb>-L9;MzJj#-kTW-m51H=m`eeM5{|YbE^hh=`dm->Jw~Y79oh zhALSxI~33Na^t3K`t9%7u^555M>W2ZlsO2^l+u1Z{9R_6Gbe2qjJZdkx{ORST#p!8 zpd-rfp<1jJ(useS#?n*Dt@19yGb#klbC$zP3Vl+5npj`)0Vp46IBv`tma1exjdl25 z(299NB6d7r!12yIZn@?2uJ@w}67tpl5y`zt+5@7OdhG2ss9!1?K8E1|>PiYeBCk{B z(-F^@z|a44>DN|I@KF{8zXq;{t$r;D`nsiIM3zpSru>b9W8no#1vE)4=@S76(m}DY zpAMrrKgYDf^9b!lUB#z*b$^agsD_L7=W+Q^W!gF%l`2NKAj^A@f9&&Vj`GG$;wASt zG3C%#L8L%7hi^0r*gbQHyISG`df_?Mul zoXmr&FUtRE6+Ftt*bT32j2~Yrf^V*H+;QU$_X0fdB@iJeCxMJVZ(XrhcgUY zmjqkRO14N>nZ*^N*Aw%tQu9ZpW+IHcZPCta{1-U%{)bOSqcOP9Vt2q#gZj7Al5hDA zAAV>fx>(Xx%qKqF)wtE+*?}1D4h4zAGghP&fIrkh4AaA-z-h*LeQFdKcJI|xUr@#}h)i*M$6N`k3Xb^k^6ST&>+|PUcT}poQ z!Kzf-00UPLi8ak#O_8M+tJQNPc`31h@u=Kf?DvXABYP2Qg_;-mhEw`g_d@!RD@muD z?&uI@QjU3Y#Ai1@I1e&s@8dJ+dU(F~6<*vA_S$gUy5o4cDMwo0-Ce83I+%KczR-3~ zchxqmxZhQ%sMxpdF!Iyh4=H$o9)+>)iw?S&QsH4*-PHp@h81l$iI$eGg?To9FGdrz zPB{8*R#7BTH#U;HtF?E3YV{02GPP9c#|M+i{60ARv4>&F;^AHigFl-!p=HH}Y|FsC z+JH+KpW zgAb+ezAgw%^bMzP59Sf(jxq~*tMUTg=eF(Bt{v;e8|D1Up8hs=DHp#O^kn;?Ro>Gw zU1LGTdcY%#1spLSeaHq2KWsxT=08y|=5#QWa(!&y3rd?4IB&ZcW9<)Wc7cX=t!%<* zjRIYiRIVf6l3*z)`s?YZnrB&mb?(o6^1v=!!@k{XG358S74Pep{u#5}(iHdkmBdH< zVRezY*8iXihwVMNTekl1r>HtrkB04`%uGL%ISKj=07Qs^S6H|NoieSEGMB9D^K=zy zRSlji&-vJ~bKejg-Y?y4xnb1)Wo*#F9$laUvjlz4%&~g+C=vOqwy?YS6J*PLX8ZaL zF&bc-91cze&lv#|mc4*o@B_5}ms=4Bk#;6(15!%>Zk?5~HR5@iYMo|E&d+;S4{0aG z!a|gYnYDltAe#*g^6FDsf<(1op>6C!3|VO~5awO(Pk4l{|Kwp279c#;XP&Vdhd;dS zd2SIk0pK%Tw?B4}it{KPht88RsaT`rBVGmPafka8_;Ejbqh}5CJk3qf)9t4`!T}}i z$M^Sf@{Ie0MR@DL1-=}&WfBj4$mF2x1xs9A`_etH-l%Lo_G4g6T;K0<9c0B zxX39dZ^0}`c=9S zbIFHFtjQR@*2dol9S6%)o)m(h7;bM(Hch5Syfe|sl*zziWjtnoJ}kY)P*E4_gKV_A zebA}f*l0iQC}G$cQxWb~rRe^+6Oy?JQU!=;L5bTTRY#V)E!{}P{kb`G3vJ=xkuVeC zvRLpoRrgs_uge^ZOXcM}!&Ggw`w`iGrn|t+qP+W2YVs%*)=;%KXA*c$?9Xsm9U9$U zH?$v~=>KE&kKhq%Fi~DUSW3nwL-mE)*H?QbB3#mw-R!6QY+jVe!$Xh*Z?d4vZfe{8 zx5Q{jqiOKM^3cRobE37aQkdK7DqWHAGBhg8$#njJw(#vakn=;7|DQD2lBbCtWFt}c z)-{=p2wjP|WvLe`LrOvUF`>k7`mwfs9d(ClABQRh&dUtO9)i-71K>$!ve;ifrx!sR zl7Wo9i7O9%czg0UXnk#`Ob^$avC|sZtm0GZYHJ+qe<0{{6Q^5dw-L78xc%j*$`F?L z2fqf0%J4wojkki{4DbM2PW{@UP2cAjZ&1}d9oTA7&Dc!Ys0Kxrbi(%Zx&4Q4k@Ro8kzild zIpu+E=cS+uiq71B!jX!vw{!RItzX@2z`Nb8heap1jKKy=_0bPxwuCnLPw= z9hrC0NF@To;6viuc2Xj{yMddi9x}3c45TDHgV;$OTg#pWX2(lGmb;5UE_PN1XhPU# zPrM90ty0V^Y9-~dyBBbJ%r}C)v0&HkTJWCQ7}=%24UFWKSeq1HM=V6>{}|A6fJ0JF zw+}Z_8UB^ap8s#wD(pz#&gu%&nSaQwhJT&xHZ=aN7(PV+1c~*aum44a1)lyaa*9{c zl#-hlVXMh-{`d8r39xV?s33#a>1w(c?abcOx=8k0-^6J?IK8RoonWzTxw~^K)vKXL zbs?UuQ)-gJ>mg0&!@Rs!1O603-dc5A1bw%-J-&QoTzOY71c+_Vchl&J1X1C?=Qg_l z6{3D9D&Rlrf$-wL+Y{4u`rQvV0|BLhWf5#C&-qs-Bb?ip1iLVZ8d%i;zDMugu(~_2 zss7%b%j#1ON=P;i=^FVRts@8C{L|--G_UPDT2W3(z{>;%U%1;FZ|iFI2JyQemiMMp zT(DGrnDth8P@_hDVY6qvd@EOQlQE#uw*&`Xy)H1Dj?@-B$=FasTbOV7Je_Z}G@`9H z6?VjUtKJOuND|@R&A&iarAiw1(8hcoRDBK0MWtRKS4+XXF5PDZwfTAn2iTq7!KHmt z+Ib(GZZX_v&|ZyA#oVkaHa~0Q9PPzO_-f`6yS7CAw=?jxGp(`Mw;R6@mOV>EX)`A# zFfjPw4v6EhX(If#u~*9Rq;(;Nybj=F18m}R6czvtraCEqPTQ`%r;y>N;Nv#Dem_BA zFdE*go?1=2F%GE#yOA(#puD8T&YYyaZXGpmMjO;xFn^NAuWcz?3TVl!VqUN*$%^E5 z>jrO@KieK6+=W4*klL;9O2|Q|gP1Rf96I`Nbz)EEYOGuI><)EBvaLY7)2{WK6N;Pl zg2u}k8{wf*_RBvrWpuU(UG$(X#2EA@7?7oh!?6d}<17P8vg5u!!EOojjbg*&pnQoLHXf$+q zbkP@7W3Y)p(KMOip&e-9DoA$|r|VaweFio!_7>N*B{B}ep$EH1LslL9W>RtQnJU0^ zJAW9u$|mgF5bh}zjaYkb3Z5c3Ju$HtUaJkOF_>xu=BuR8%iRdzYgm#z+6Vv%V#C4j zb;g39ZYS_JtLN%$0b1KrTB+cp!@z=AB^S9n43xJt8l(9=p`&0OPz~%a7pUM?T03gH z83maqZY8xmC2~{QBQ*x|wUspn+n07JO9DzLAij~(T51ed=4D4Nf`hl3*ed7~fc*)| z#y045?yT%>BTLf;_gXH%LO>hEQ`Bpkc(n4u1J*a|Pjm}s|6 zawJJb8rFrqDW1X^Ej<+1bL2ZOv>_~E(|LhUR3;zn&bueFe)E+)Q^g}PbZjFMxX^NwJgR zuYsKSZ&jyrb5N3XDi`hj2>Sy+bBv{b-AB8Zfu@Gc9<-EGXo}J(8@%Jzp8th=qS9h_ z$pVGOSCUg?v~_R+t8T%XI-7rXr`rdO>E4#l@Lmz5B+QF7am|ej!KhbwsWx+j1EKJk z4(jjUt5Cg-D&%*|2Lv{hX&aV&Bk#%`|CH7fZKIQ3#P@Bw!+XYx-L-$k>mC6dgC}ak zeOg@WeYlK#d!RQegLIU81?RV%;xn~5tG=67uMO!&eJN&lk8!6`=;!=XXcvzlzE8Jl zk`L_*?uywK0uT!IRx9S>DI~oicILnEY94xLj<>!)<6Ej=FHCRSAp!_-yjkFE=AFfZ zdS<8^j49RL(6>Wa)d6)`h9cbtZH*_Y z?SNfu>gI3$3{LqJ(ow1TYfb1{nRXCLcg;Ze$~bt6wJwn%Ts=cVYfZgTLQQ=f6Tn3u z8{7yQ&?D5AH0IstYts2D(0^vHjp{1i{X*t{fh!64RU|BedoOHufUcyuO1kMB*GtKokbLyZm+|GI26>~zmC!is%| z@PXfO6HJSb@NTcsiaPAOYcdRd=bI@TCYu{M5qx+yre=tbe>l71m!Sf&u)!o*;2jG) z(|y~^ayNo-m5Mg3o9Q^QQ_VLeS0E=&)OkK8sYw_HGGAAhwa{K6cSEzoWo%T$>H>ac z*=@AfXhvh7KSq%R4n*n%qQy#F*%a-}_=)Y%6oiW~^5kXsX_(#^V&r<(q$|M)@DMS$ z*3E|9RSp5oyTs15_R9Kz>VaH~)QshZ@stcdAsV%`+j_nJQlhYMfvQ1S@!q4q1k7V# z+AtSGQi6WOHvZXZF|z%czDE7msHTa;4b9uDxd#ubZ}%cWN@7X1?^lvq5H7^@5WoE3 zU-Cr9ic;FK8G_--xv?5u$XB3V4QsO3w8lo?W7^r+hkg~VlXVGz5X;@Zu#YT?nAi_a z;)E<(ztdVYnf&{o4qKLLDPlKBt0G@xQcZ+#S<%PKaw`7KIKN;#W%IScWr0C>XJVh= zmDHB-s?4Odz~JJY%#~=m)a3vBS=i6p?LCjm({z^b-Mp~8|LhkJGw5>7TW0KrjOdy% z-{Re_p_s>7={Y#$-N0q=^rSJ zVT_WSfw=|dg)mwzgy}x^G(6&Z)QIPMic!3@K`_(j6Pmxzi(Q_WA`cjlZCM73NF#nG zXG4Yi*&Iw;d1(#0C#^>cjMrLld&B)ghAXWN`^XdLpPvy|P;C2O>|@Z$n?C^=vNLA5 z0l8B$SoXKaW#T}`;F0FUVo%iv5gbTx%WN#K0Wz2)7KkO6-?LfR0?Q^z2vvDV&q@iLmBDY~;R!a9#}2jI{^{Ner&S9j_x>C}>=-r_?urgxy- zB%jD7)Vrma>OQPy`aIFq;aw!+1IDCx9Rr$b>?=!kAD77zxB<(3QRoI{^e^r91`2-Z zM@>|N{#q`IFn5W4P${BG0tCq@T9vtix{udNa%d71Lk{B&lQ-@0-@;)iNBq;2%>?+h zvk)1)6t>Gs+KB*Xnacs%RA9&2jONtwu&80+GRpX}DlDm2Zs}#?XmD4enSHSGL_n8F63D$p=R)j zscOaIh#g(Qd@0+x5nW*B0_yVgA7-;q9M?Gfz zDWp2vGNIYD0=4OYgpJ2}b}fr*zTSTw{pV@I+Lc2a(vL=MHK*pAWj zIV79x6%>sn(>w=g2>lsL(?->jz3cb89tE{b(; zWA_yUJJ6c$-IR&b$&BU6#O>$uJ)OKnQKG{s4OC2<`H~#V7F@XEN1*$e>@A#H^ew2#Bs8fa^$$pKC6m?{2|5J8b;|^OPlco>&k(zaswwf z>~L~B+5!ci>?1&7Uv-TAz?#iNo#dw-#QcYc9a)-IUv#mSC9zp4dAb$tGu*&S`TZ{e z#j9-#s0)qc&_se%$k?^y<;ABkE4ZTE_JljDf@Y@e{6t|1*vo(ZS$9u^b>w#B_ z^qG_hjADxV+zHGZ$`76d>W7btSs`lR=F7YRH ze^@QyMgt9vu@aE*aATQOR*0o$+^?pG8C!j~Od8T8kPC(7bML~d`#e8no_&1k#y|&n zALPfX_3D-Q&@)SpxI4}Y%_jyja1IeuXT?^IXY`fWi~Z7D80c=)C4<)Y1!ksw?bEY$ zIF|9F^G zANCLq>O!t{(YdZ6LYt)&lEf0Ds=lb^(x=1<_O}i2oK;H8Q3H(2C3k5@J z`?Rp;27h;T5(|?+?$LlLTF1Ra|%Cf4-b9)U6+K zC*4r8;=7Q}r(E-nJ+ev{>P9EiWiBz5Whu>6WsMqTB<$N=>kR%&4;>&qkyr0&o(){3 z>d`(wFVi)ck5Ew&80$iPXc9^_s*abZfLpl0Qq@o?IqQ(25;rVDKU&vi?H=tFXI6FpAZR> zHc!QMnJN`>cF^;eUFERRiVxNo9DOY7H>flS;!A80cw>#9Xx?*A>urA`6KN{VoVv>Rx zOw#lg8?kG2LRy%6Onaf1lmI%ZcLO1oyY1D!cXsE2q07xLf<@1$S8ai1bat;K>!>Zi zyBHLH95W_)MuyT%J-a(}Qkvk_m$XupwPMk^bp$t63u~>8zD!Tp-O_px8G-XUMp9$T z{1`E&HjM1F8_4!a|Bs-0QW<4M?=3m&9DZGJY_NpL&sV~{Rt>e^j8Z2Kfq5{}!aS&=t=LxXMC-)Wa#xPwY7NttewVl5Mr?e}q;?9tyrZ6c zuPcer%zpy&cTEq22E9KNeCcJFIHjTljKvylDST*2kkP3>+KgWRm1wc0fFtU^ z9Cv3Y#%~ooB{m)y+B<>rGz1DtVfcDY1S*m1mJN)EyRh;v-BlPP zD|_Z5wxPKE7ULa;Uzl5(b4(U9?COraEm_x9HDwt+xum&iFR%{deaUB>w@3(Zn3swJ z7^C0G7gb#NAxt?*0-uc>^jaLGw14PrdUPp01GyOvbQOg5S!mUjFy_WC0EJsx!|wML z?TicSWI5*7_XM!r6%2s#Q{bY2g8wcfWY}Qyn8( zK~^mO8HnXGvT!~c7ePCVanh01N@X6)lwJ4&1{xdc7+1wHhep@!9199Zbd81;e4Z5N z-V@Nq17At?`>nrK&$Pa=8mTs1ODaXS@p@!>+5T_7pi9Uqi5n(G3l!7D)rJ)Nk({5z zd-#Z&tjNchP6duQrVo2~Zl)&57_Vw?anY$R9hs}LY}GzqEZ6ezvyX%!KB6NCTPRnf zSP0mp>crei%ShO&$arg*%4S6B#;EnneSU`Wwjm_G z{@!;(i~T5P-i(}B<+j%;l&4ObMA(Z$ zq&^0<&gs7&2uTZ~D$6*L)Xrlv%KKzyfE!Asz#QiDoCXhYu=jw4l}SaS_xX-)Ed&T(ZfUoBR5{M9a6^P#tK{ ziv&D4byGgKYo5#_W}VCkX?|V~Fo>(}`-lyNg)`IfU-FnKIlaAp1%>BZh+xQU)|_^# zSUu%5f$o)kDVJZ?p>i*sz_=+N8s~@M2Y8%XSI;fcdR49aeq71izD2m1YhZ)vgKzEB z1H-JmF$!=Kg>!|^zlc-Q3pb*HPXPeTo!@&I)zH+*FwL?5m45msW?em4H5PR_KKdB4(Dd|LeH`v2uh8OZgV_?}Hi3UYe{~ zm9WQRxr3h1zn`oMvk4R{99;cVlx)2GDQRSD#nU3_D-u4V?q%E*vCiwdR3 zmS1rv(=3$zP5v3&E|ukN&07mw_ro%qUE@|iB@a$r>sGpICSATf%r6}G2^CB-pm{b@ z!xy_n&Kw!RF7)K^heL_ff5M+ep~`1}WknDV;+Su_ib|&{X>xPmi(5ZZFQ@vJBi98b zQ#m66|BNKp518pk?WRDzJvll(KY99g!)D=XV$8~^Qs1XD+SN#7tPzY#!_wB4RxkCF zynWke-qgt@s9SN58wYAycUvpW^|)Ml)oH$v)|)fh>Uw7B4hb0_W6HA@n}3{Pt;D^X zQMTZfMWUCyyN`QtgJ(`l(zJuNSu0}t2BGbFV-VnmBzBrpGp1{)HmOYQFCSG)3@Cqz z*i}ZhTSMpap7IO6YaUi(eU5ax7q$w(hy}=s1lKr&YTIW$U6c(V_BU)|Iu6~A9JwvT zXi2`38*? zJUyx@1~}RqFG|)fb&@)!(_PoXXW?bo;Jt95@Fh&FX#4u*F%8zf+cK-GbE2qk#nT46 z@HlSD!KL%e7MRjRn+nhWR@Y>bUk<+Aq#JvBW~Y%vR|lj$ZS$bXX=CT+zjPKO8~kUbrfTPoPpxwb9LH#)l3kFj&PjKH4b}@*5?J9Oa3;H!Wk59Ls%7K4byo2$Qu|TKy!o!ZxjXm7 zL+{%0&Jz}5v9%`~L*h4s_p}%E7HI$NQ#6HU`B22iELT$lRH<0TTsETqZZA%cC>S0` z>Hs8oQm|W;7XJNVRtwd3`)I=?34Ndzh)HYEpNL6eKC}!dc?GqF9l-#VjWhoI&f2k= z=2mGV=>VS>x62Hds$+iU4{81zL6BQ_7zw}pR-RUqAis_ zpJ-nhpD&B6>gK@LGgaJw-shdH;Cu6C_3?|&C2<(6@K)CmwFfjqe68s>|AK6_9jS7~ z)+%N-2~H-)-yNYT;S@in2fEb8Jnfpc?Mb8*DlsEh&uRF&noE9vugGf6DSfFGR<_`% zP&{?HXWHk5;_iU;7brI}{E%HnmdZR9l)GfvYanj1hDw#f8H)`$YL^)CTB&5Y^>zE_ zSyBn!#xse+@Q?2_N>GwI1%ju>FOGQQD;$t*cxZ2ajzBAvW)YWFSZW+8^o+e6DU+ha zXa3K@OsoTPEuA}cvS?Z_6e0<_vr}I1@|^3(WaELgR>Y;>F!tmAfZ1IcHUZy<|6Jhn z<8{aBRQd0(Kk@gP^6}l;GdeDjN!T5+-lqeF}(bN4QkNFw+`bN}kbO1)WH$f#W zuh%f{XDHn?o=T5*;x-#jRFabZs4Ms?O8me2fdW@2|FGf>QiK^Z^sK1(oU zT@qFv@Q_0{GVDq%k<${)KUAQ$oOt|iF{+%BMknhxy1cst=eL+lv_5o{Sx9?iuZ+z7 zE!|73Mfg4)iT?~p7mkyPzp1Jd=i-w^e&CKCdpvO;Ja(V;{JID0^UCuKiwj%&&x?K6 zenE7E)FPRbQ-(^^Hh;Y?>T_%HQyYW>-NxP6UoszYG?&IZV6RGA;~ zY%Qd{xS{5q3fA(U!&z^KR-087p17PjlTxFB?hJxUuYlI*q&RTDMZOj ztCXmTD{wF)qZ(~98BM;Noj+J8-uwD;Cp0Gy*YNHP72DVrkSfHqg zOE!*oq6Bg4`m|zCg!R(vCj|M??F=w}(C%pv9}u$7Xx=y=`<0t=C04~W{oOw1XN?CD zA8%Jhz(0BP>kk~3?1nouO_or*EU9-v{ge$Omb#KRlJUR1x`59CJAH16VOBroRYa3I zWS|&KmM(@p*X-YlB{1NufUMw1Z7XV_@AHwgR&8nO3{(W$X$?&!zgIcM4CTF)Z`fYH z68z{_`pzCOmz!sTh?$;UehS2gO`ifSDXdLyqr|qABQi0~Zyg_;k@M?62VA{no6`94 z*eIu|L;@PE=CrbU^p z8NpFg#gnKRZoo;h#@&l5yYt;bcj07;+ObsB0G@T31m8W{v7{UQu9|0y6J~{>Dbt&v z5>dL{X62$AfV#?w%~A3e`iP|~g*#pq2bqD>cix+9v|q21$ZN0J0%#aP-yy$(&X1+& zaJQuf>{H9gL`F`~HHIIWEg7bA>3g?-G$mc<(~j8@Nm*vj2+%NO6!WUqiW z&OO5WFPvYYE9Og@+(9$N@XPks1#|Sah*-{n7Fynjie{psX;!RjZPwt25eh#Wftj*| z{XnI$by8KnZ?&r;KiS%R-slJS$fVIVebP#Royw(!4-5pm9F}5=cpZ9W_cZOuita{# zi~;!EiKnWcwOA0dx&3ti^Cz5|uaI;;i*U8N2i2X|fMDR|Y|p$p&v1?pzGIdPG%?@(PM*sipp)sAIB}n2aw9 zr}8+hM2}1D;pXcHwKihVn$wuS;qG2rpX&Bvp24~kf%Th#?9geTTY%h&9O&53+v|{E z8=NEkP0Q(cc2iglr~$mvMtJKgp4m*<8;ryJc~>NV1?`~@);@rA9z}NNR4=!@@c*+@ zzHOTcL`o5;EobyELL)$W4SLQhiVD|dG)*SxYBqmN^WUr)-(e*+PiCIQC+_Yg)@+rq z&UQfvxnTQb5sipY^?KV5CElvRHTx5-*jpF`1I@NI-Uilob(iwHH^>lGlJ5uInVci{ z0*&hXE^i<^wPxbsAnqA8`|>u;56J1hJA|J;I4MeUuS%V|!}glU!VO}iTQlHM%($1l z5qaIJTrHS?U)p9Mnh2N$u*N^6TacKWEXE6=F%cLMvc5L?4=Pu>I9wVof z--`H*u2FC5Haw7?UUQQ@-}}mCUQ5Hpl_}9vNRy;5z3a=5SRM_eLyx5#mKg4tbfg)c z&@2C0`7fyk+-amLotklLh(nK0<^k5+;DO}*-=-kJF&vieq)sp)6S{G3w> zN5SZwBjuJgk4Q*0*dw;4N8e92(v`UWui|FU*4kX7CBtdNR{WH?sS?Xn(lh)zS&?(i zMcA1N(1Ian@Qe<5GGdq4UB5i5PU3X2Uvdv5Hz|SaGdll71>zk$Vx5pu#{!XeUx}!O zxg+tfnl#8R`<8BVy^}Uy;wzKs30u>)Ld|17D+iSZpZ&oG?+@WHPdxTdG3m~G09kD7 zfGtmEO0_lVCu?b@aht9H+gav^F3x|Y4=kURxq~V}U%F~&ko>1W!m+D-r3NI_V-cr` zS_xTI7=BE;PB9jF=d2rO(04N&!&d|>#cBCGeO6qY%A$L?IhG8^<`YqVNQh7}{zO&Dj}cZjDY!6l-twhXO}#Ye@$zC9j=uYJcd&Ov`vspL21^Q9n{!w@tGu8vv@Wd5#SA!Dq~W77i3& z6Av!)btt4T+_1WDGt;!7egQMowd9K}s_&;EU&1|EF>wZwr|R8udNhx$4Z5YON$T!I4@D0jzypGev)k}p zCRB9w$5y5u!~ySUOcd)z{QN!Gupws?qKen*IDtX7|FA9xi51RAAqSs*{hp|@oXi{` zah{>$ACdyQk}Qn2K7SXCZBlwQf|@is!vxZ!GdH-T_w4hkVGeU2eV5h#nwxY8+5;H` zEQi7nyKMyf(d7@FU{JD!>Ta>#ydp8O(hS?KGjg@7s$6tIOJIv02wecsL)F?fot5zf z`gxXhJAG7M!01Q_!hRxi-~$|GM-JtI>JkO*nwb*gnqPp`o|iiA<7&z(S( z41Qk@O@;T`5Z&QGW5;msrRsVtq3Kgxs+EY(K4vvBDCVvbCgTroGHdFWPsD%5(!f^N zG*9aGyP#&)c~w>WpA+dWW67c!n%ryYeqXGlSGJgjwY}kKoB!f}bzPKi2CbHCj2K#v zF7+A5|Fj^`t|xE)*%vf$Z<>G3*e*UxtRmm2q#_2&?TeUqc&9i!;356}CSF5^XXKiw zN;WE&Zre_A94U}DO7~W03}IunayN39SVN)eK-us{(boh5^31D}U`uchY~8hRm0FKhGRT^8dzVcY+r(4SvDfdq&fpz?P2o8lQR zofmQ}3Q6UI^3;DT$MT0IsK0Y1qN<2<=7sKmwaC0~`*=5*7a`l+y{(7hcst5WQTu6l z{{J|u7mcebqP3i(iB|@0Ay3JJO3GT!(g9$X+<;fb>JX(G7B1jPEZ zo1%KHScnqYcG)GGpG&Ha|N&Z`YDqXkJ@JKDLGXSrV+@yiZ$8SnX6KA6W z@H?TpS=~u~A6BOIx_Vv2IL*^h`&Np*5cgff)79>3s0!~K!=8rKBW94X*jeN=cd~uo zPt{0ZxmIZB*sAE|PsKT>Q|_rFIV$%Jb2F6_ zIYKCR!(=389OfoBBRMCPncPHfS0VRX!=|~dQ|5kdHXCzyPQz@&4ztPT=68L6|9U)_ zi|cw{@0-`_`BadpI$5ErPqfO%Nq?IRRajDCX%0gjlUIVO3@yj)WsHy$MlOTD!em>M zQF^w&xF*YhbAaK{?Ec|nfQ3&QiWydvp64x0d)c6S%h*l;K6EAcMd~y0RE_^2#z~l3 z-zLvxPm%nrdBKYssF!iVHfAVq1-xv8QL$s~n#U9iBHT;6Rm_PlgXE z2ey~(nsSYyD+=6iY_A(;`!lk>3!GO{X;(@k50bxRaF7X|#)dYS@O}XRfdKFu#KxNS zJ~pUH^8W4xr}py*pZaw0St#3lkGz~&{qSXDrHQXo^CGTsa)H;jSVXd{ub9HnAtA+t z2JH}S^3?Nm+e6ng%>r#=DIwaEe$FJC+sAny% z{<7xL06ehFZPFKOLzgCdWB^d|;MarUOJAlp(Z87p-A_XKl@;S9m!MyDDlI!~yo2s= zy2Uq_VOedSf?t@#JjDFUXIlWyv6wq$cf4MWSJm;6stJZ6Hp;{4XM|; zuaf*ir55j8ZS=Rz*Xpy4;_)^pD)meswLfu0o_VM^{{w%M{ohTul(=uah7>K#$;mXQ z&T!Z@+vjh(q_l(gA9N{%xE#fNLo{=@Ar;Z>rqBoFTqUhZEc;f+C&X9H+AD6O0cydu z!2z31SANP*9hF%)Oi*>omG!GQu?Yb}^9VpzL;w`~&rE;F4bO#2Y%BxOb*3@IljKu^pwQBSoEU4S>RN$y; z=l<}gxRABCep)w6eQWf$2Q`(g+KgENrCW9mC-L&rs?Z2>kUzA)6I0Grj!C)vL09tr zPSi;9E6c(Z@|VvSpbmo$W_{P!-LiY`D5)cC5ZlC^9MGs|+S){FSQ#=~-z@Xf2bF`o zLDFF`5;#YLO*GEYonoa;%|Ec$IW2}zcn-5U3K`ZjY2IU=fcd%#UC2XHeY1*z90n{4 zrOZ$37{2Gcf|v*PWcqR&h{p>)Sp*v`2TgB&FL$P|b8wR9kWpajlBnc`mQOC-7loIG0RvVg-IE{M<`Fe3U5>g?5S%Wu5toLs9Vuyqb>T=H%XrHkz##Li^1&* zVrzm{VBOJ@n11gU5b6l%xCvJ!N-KQb682fusxW*I6p*Jbkbd+<^*E@TE%dwW+!UhS z-YmBts8nJF;{Fenvw6~Ca9%=esuKcQUnjjgL!$hmwKP=HA^kH^cSw_rQOwv+Ja8A* zE*rpf>9(BjIN>--ptE6slVDQeAlLOsM+p!ofv%3gSTLcj_w%-@A+f=9+~R(fA!mF( zWDT?c*|C}d9iT;%pgXd4%k#2j!Kz0gEBu(?H!CVBAo$Dh2g-dag7U{y`P#VFJ?t-6 z-uKm=K`iLBd6#6KNh$&2YNkh*u~x&l9>4qQBCB}pd>P>Vz|0aQFEQGfy+18Wz>fla z{**S@pce7YYO0J*{;9<)OVXN7{#p2RhAbpoJLV)0j&0OKLzQR~ zJ-vux*1wgG*?V@~-+}D<2OANy~)~-G4_mgWA5X6vgb2onf3nAUI+VVh)C1L(+P>TS8YA>tBE$;kQ=hCt_G=&xk<=)~f^eK@XGt9bmmK+1+u-&L|Viu_`1 zV_6Eo^^SCt!8+49kuyzEe>R_4NZ|!8Zp3RV!D)Fvrd5JzF19H zNWnDZkgxQ3B2s}*6Zczbsq9RGV^a|;l{RRp3GG8bMr$U%TeYuSEvJ_3m#;5a<=4fU zh;Giy4O-bM^Kzr=BBp!sSNxF?5wuNIMp(ERb?^Y zzRgE(e`ytlD1fhm0xnvOL@Octn+& zZz&A&9{q2)%1-tQ^Lo#sHpok?Hfj3TF5Xm77u_yx_meFa@$*rAlhl%G+9560;jsKo zRjaz>H!$Fj8$$)THaXZwBT{P-O-bJQAsS#j!-D1@c#(^X@JTL0=o`c~W8G%QQyEG8 zxJM-&Ep-n}2eUf)uMz}}@d)uJU$piFp`mMNa&1)gTVvCuaq=>sU-tlhVw2$q{pzXp z73qU`?8<~Yzf^5&piJ-tmL@JE*+^zlZ1hFYJTQYQjM13%+YS6xFn{i7(s#?&$0xNY z`q6lQ`3;-Dr^>t%v;Ud>HuaxWKE{<$ZqZh(I9vytlULm=NGG;_Qgp|W7EetBQFAx1 zYwPV|P@7F~q*|2?kh*QvEjs(zOKqIGN2szfex;^WM)!iU-WY_iAGKpK#mXN4)~F1{ zh2?LIPkx9~=(nU?=AjHt6WCTX!Ihwb(DRutnHc8Up{ho@S8H9D1p(0*Uq@&^9|x6; z2;Kwqh{yt4f_5yqoL~~;KKcs)7vKM3rQZu#CIkJI@>5?5pQJHumt9Q$0^R(xo`Ark zRC+a*er59Pql2rodfz16>UOhvWFTbGA{QGv`67rgwqKI12VHDDRuE$IEdIql22tVS z=|gv70`U$9@nC<{akeMU;Ak^C$c`#ZL5=3OiZyc$6kfrrGId~eJ9!1%Z!2kGvf~3k z7jyr-zxt;$)KNBm;hL0bp<-KVGDfw_-Bizt`*!jzvuNWJF=jPf4)LGhfd3#T7A#3` zmdr1s%XC$SD0_K?B+(0KF-ag)Zhy!QIrX)&h63=|Dk)mG5p~3C<#6;PaMi8)a^n@$ ze6Ho1hHigR5QSNvFyEWMg({QOwT#+iY`Ni31JQYiNxqpE`oGLsvf1ecrzXqAe)*wT5Vg0Om}bt z70c0c89K>zW|e!n>m`l%{J%5QFm6RY}B1l7DTwcW357K#xNG+?m4eLWNU?(|p)kqux^G#xT%2zp+*pkF{t~PC5~W zt=9be3)oW87du&flA-)fc_CnI{NHO8mi=I}R==zmnd%JK2Gyr0pW+V->YDxt)D({= zeIXt)i7<($rnipVcU}ghj1O-%60?iDrIoJ9{U0X1w77xRd(XJajOhkp3F&DJYAn2~ zIERQL*nKUt&~C~q}) zI?o{V@w`n&UTb%J;Ma{Ex zx80R(2ahPi&2HPw;)uKiUX_EQidR5MtQ zU~*4^$F=+sJ!ihQ@~O+rtgHR}l7#9gvn2Bf6<`o0lV9#-i!Px1S;gJ4a;q7R?kbD^~4D3#^{z#U4=n|50Hwr*oWsM1Ywk3Ig1=lJO=Y{CMTwt!ekh zY8kYriS!gU(;TH9&gZk+u%N=P)p)!EnQ6M|$_!d-kpM(sfF1|W*6sUI9t%1HkuE*d zng|^^FxuFzURGY3_05Whu21W1*{*8-E6x$#+tb-&1^GYxuJU0%*Z$$z!#&rG6EH~s z4@q!OH2<|U`r{$gRcty~GNr2JzU~dS=yUL))=E_RjExdb>eZN&jd@{HD!2exoLP#g zW|f~xDoKI!t_L26&E}~Ws0>YgR31z31}Esdi>{WNQn6I;^2ARyOZ-;tGvJXdMNX?z zS?KEXcAZkyHoQvx$d5c&^g^6zA!g4Z+MV|BCod+yZhx2+ z^gp7*h7LSV966!`!in58z7Wi`p(_C9Ce9LXrm@UAV^8k8P6hgQ1|uCGNU6(upF_j4 z`GpaM-clj+%$ATz{!@Q}_2U+T!j$a%g#oFcN^aEY25R1}$0_M8QU5i{FyK7=<)*&_ zHMY?e%gg@9oKDO4bU7U(oL|YIrGduH2dsH4vALt(WFf9mT?+P*@+hji3*Nv*zC>T-H|m9p6Y_vJgA6r@a6l33Or_ za3{lm4+zP#?7MqGPvGlNgMv(icpTlaaaD;GeWApYv8^x1mD?>;w4otY!iegYBF0_x z%g}{^i{;p8mVJAH6-^U3f;2!{c5$$+>5&F?sIsKmO&46_$dSYvkHYqXyEwoxT-0ln?3_{+tSU#O5^q9xr3HnwN9lByUFVPzwAsi75CxKCQ@T-H`NMb58PPunrge7 z-+xXIE09w|zrR*<8F2(YfpBmY-F|1tph&I)@Xzsz`>7vY7M|}jf$HF~;Xkp&_`3>V zyzHYg#%<}*3EMt)*zvg8NkwX0`RjRcm>kWtTOP`Kt63aR?Vr~jeO;dVC>sv9TT_(l z=8ak)KnwDtJ1blLJxRi?e^BE@Nm$asw9>7fZ+Y7;La^YiEH!%=^w%!5|6wRD6sdcQ zTb5R}&gv4(^0ou^-ta25I)1sZfrL)Ei++^mNBx9wY<RKS}~WArk!pTXt{8pRFF zv`!|ubduagquFqutf zeFHW_I1MdKUz9siLVQ`492Mfc;_t;~wr{^#AA&HXZGn4$wPoYk)utKJSi7%chwXsz z+9w0Xc!Lb5cxm`##qp~+bFIx?dxwS_|BHbJMW7KU#Cf3qqR{C99he51aSTe2UPEQL z6v)Amq{dz{#`cqr<#vO^a$AW_Dqe|s6w(Mf4=@bC$6?_v@Cogq z`(4ZA(n0U$MurC;E_ZS3&6w*WpnRA{8DBycZ6hZ@$oQb-wQV#w<5Rhc^L zp#)f~Vnx2yF766I8#lZ#9ENOIzrKgJa-SYgdwb)bpFxaQ^Phh(!-#^Gmak4yo~o<4 zcAQ6|Dr~Z?!|aCnl{T+V0Y-=}o0TGCKl3WvB!r_%SIpYE<~ z2fYvA*Z1}jqh<5S%v@bgnn)Px%If~AN3V8;+)EmM|}g}7ePKO#y~oVV@VmOQIMSF{n9i*|E6B8!cJQs7?vL9lizP%kcoe)b5bn0|d1Q%Wu?Al+RW>`$uXd&)(C1zVerJVtK zqs9!xB(W+#JYS}OV37u!VH4NK`a32HyfX*Ip#VfVX7v?S8$zBt=Q-^ypFm|-by%=B_gI1_wU zySuj1yl5wPT-^(N@&!flqc`;RsPfzHyi^IL8+#lvO*$U0*S%EeRhBAR0y=_UvqPO( z7JCJ}Gpr9=v9v^nv2zcafVj0y**X0#b6tU?^{v0}U1*QwGhL+hu$)&lw~5;yRCKN> zkNInhLFk~y&IkhHrPVzU$=b?I`zSNnE~We5_E{yV z8wOsb-TNp5TN_>l>lHqptw(o?&y;PKi^h33qAZh>sAxPGP1VJj*lgoQOHwzF2#fIt zdNsGwBp(s32mAZS-?a&2c0X$MAf!T=RF7UMjCsj3>CifA|K89^R@ko7ael3{0-8cp znXaZqheBB%=)B{?XXzsoHg}hxt7PhrOQg))(f_UrSbp-GtIaN>(BlX5UA7t2o+c3{-gfb_;{khrKDdpGM`zj8yEqa?|PANm;k9_3UMgIChcK=P2e#n=> z50um~Y@y(2@Q&SorR@fbd6tWD8lZUb4FUi()N(5_p;FV?a%SKJ+m{Wd1}O0hcgMId%QHpsnTuXMB5k_Y z+~3VDBiV$Q#naEzQb#Ew`acIdEMX}=RXRW)a9}+gnfnG!ke9$x24powJ!{&)=(M}C z^^bqW!9G`5fqz(hs%B_iVKEeUK=jXM>=1XpcX8QIsLPLMg(`8(aPiZ;30<7U+$z7Q zcz!os^e!Rg-(4OVmwNsH3E5*%-Z`u(42`Ca6azG#J^6Q+%9F+wt8WX(SMwRw5biWL zj&*^18`+$xGe;cjRat6=v1?X~Vo$^4+Xv4auvvr_c7n4%OP5WU4pyY(JTr5GZTnlR zOb5e4Zg1DJ$Kae!b`33{UO%EM=i=Q$@^pc|*l5D7B~H6?eoO5Q(qSYQ=skBzS{oez zktYj?mG`CeNh`x7UYkAr_8sNW7K3Azix99n3EYNTMGG2F|3P-ht^05_ zZY?A=Tyn{g%_zFyc7O*T7hUb~E*ULZs?nnC>AJ#xU-RI~ZAA5awG-Xjnf327M2o;8 zLxWAHbgq#9#`EvrowISM?4esd;!Q;t!$i?EUD(AR<}K#CliR!H2#ICnrPglz5R>O z>uLb2I*q!u7vog#d7fX`QESsaPW1O zD=8jk?K$mI%X({px3=H~J^)VCnzJdavLS;qrS07cn{m=kLjC+VCM9^L36>U%eVJwK zfr~ZqX(7m>G+yH+ud^X_(C?DfR!TScad&X38h5!V1M(BJ!rQKc%>e^Dj^;hwZOAI# z9D-~Q+}3iwDgQXmTvg;3%hpwC5R60Llc^zPrKK^YCV>hJDBNJYcU%`uG{y&~h(Weh zu1cRR$W`p`OhnZLPHS{Uciz6ZG~H4azH|j%oyIniU!t8088kiGmE5n6DNZE?{Cyka zEDay^OG{pjcfvb9Um7HD#>z%Ntj2O00+QOPORn=Ik9QskX6m=2NG-`DR->hy z+4c4sXION`kTZ8(q2*xXpPZ4N)`ZUueo5_p&IYzxFJNLCiknaw_4`YYc=2lYnfRsd z7^MT)JZc`8l?*{dtvkQ(K5t74PGV)+wp;xQ3#aWE3Ly#jB~u8mfVW^9`$;|Da?F3P zHNQrXx~V71=OR|a57=rrh^&HSbqg3A&jLcJb%uw_tVZEzdG}&_Q7P`aDF53;z^9uA zbp%$(GyPN`+qqkou)*(S-?71bwF_08`gpVF*X+^RWKG5l0=lG^;X<|GepC;4QAV%b z9ji$Tx_tHtijy6zLBeAE>*AM*@<@}&(8^nC{m~Aj5%s+0-0Uid;NC3nrOxDqK7d1I z5O%!I>*%E6bp24$N;VD@3$&HWGqn)MRP$1?S`1e!4*E*^& zz`S*F}P3XF6!7=zE`zE!&419DCp@|-;(?YMG4$P0IWjo?F9u(_xuZ-&ozC*7V#??8U z#6bi&V^WLKo_hr`{?vCGDx-!rM&yH0^^K4%oLKm6EV09GeTNQB$edY7Tg$A$?KZp4 zYs46$?i}ZQP$E<||E<)yB*%4*N)hhRJ4U4|yT`FT4~rUHa50qpoba3%$*i^0i`|3l z{qHRMR4PTzwtZXJFpv@>#lJIG>*S963AdgzN?V^@WCf1Yyo+>2V4DU97gUDgaq%xu zYlzD-w-YxPXk@{uV8`_)u@lu1Gu<1y9-wRv|Amm$pQ4wK(WW{kv;LW~)}};Tsr-L= zv1-!lYxZ^Oqw1-@XCa6TzSmxLeom0*OlzeurL4x;0XV1MY7qPf1@;WZv}TmCyfvih zpsPi46ToBl0`a)<*aVROfgl3?IM=h&{WQqsu)%a9_B-H>u|pEvE3x>?9y%D7hZGe)$;LAodS18$31nY~f4q{)2s%@%Ecqz1FGrQarsh^g+JG46*v6Dlac zf%->T0%C}mlzcNy8fj=ByJKPo=iH^dG7WLm9Zk}Jdm$0)t(gUOa|f96J3T)*NmWt7 zSt)f2;Vz}mrNKWLauz?h$HkS&YMYw!K(R^v55=l$fV9(T!A)b?Bg${7@}c`)Rg16!oSKYutd(&(Q${g}8fw_&IFr9fR#kKUKz!jzjT{`^i6KGsJ$>#C6| zy`Rc)qOuGD&#rhfv%+&J@FZVdJ3)cx#hC!iy`O)<%F2N?y%P+1DA6pMkbe=5q-^6~ zQq_}v*RySsW}Xg*&d!eNEEq`oH51$BpBp0w&K&sv!AtV$W^C!V?N;$paml?rQ$h-_ za#Ne}>a=)y!58({B{jv)rPEy3!<4}=rL?~~3t?pT-OY9lGb-`hV^D0cpRkR#Zv?8c zf#c`8jlb-+R*TPrSR4H?pAIc?9r{Khz`HP;CclWU++eF(w(kyxcQ(Q-)078JebrwA zB$UUYl1gb#N;`=_oCKsZ64|n=ED{+YH*-&NYvDIt!B|=Y+Px=J{ld|ewwxX^!)Vh9 zoQ&w2gTOlq(-KrE4?bCromffNIrUoCxLsdK*#v*XRGuqYJ{-(L;N zh6WPL3Qyl4@h~gA7xfRkx#pcj>35t~M}J_8&o#uc?Fg&Wuu|&Z!NI!GNTkL!9|y5< z<|e7^eX9d>H{Sq2&ljGBY=jS&E$^q=+}EKpm$aJjKpf{ z=TyBu-_GDxYW27B(Qd?4LXPEoVj=0FY-}lDMi}Y(ugbuIt7*LtUy}hwtOPrTw){bM ziUXt|Gwyv8agGQ2;_M)mP$wIwzoW3jFQWl0DVQHOo^1J|v|7DbUoJi-N%0yFms&hZ zL?Od4e^P|!t-J_bYU$Q!oi+Nq7TrRDQ7SXL3!WTU7X8V4t6y1`N;vuAuKPl6`|!zS zkH}Nv(=4C0+`7tiL5za*!thHg8kptTfiD`ii@aSZaHCqI8%fL))cleTzNszQOadfM4TzK!T*f8;=ao1_`=l_GEqHY;fD|IB?~jYv90!RvtI7`7?wHaB!b z-L0ol!0o<;-o8V5E`_U??)G>>`6{eLcd-*GYDcIe8sE0+n{;T#R%R}1XKJd~=Zo@P zA)Btmsl?xPUi932dBfCGcSdwv`%a~J-Gd116kK=zShC?>!AD=D*{KnaI%EM4l+fWD!wO>^04-*LH~rSk8H z)SmLvaOr24>>}`~U|?*-5L~*5Bwjc#NX0HqrRj8I6H~WxYLI7|N25eOZ=*hnc}{PLbT-tbF~TX9c-ViWC%9+PRfA{6KJEzP z;gR^}I2XTAiRC_1;rjuN$zux|`n$!W+M;(X8)+y!W(1!L3{im$9a>7@{RM z*5P@d@$tKbe_lO0WToVrdHJU}$wy^q68yu_ zo6sc*Irw}})%#_%1x9hPoo|WSefH%Z>mr5L4&jO+4eE%KGIzlr)vEP)nQxQ25R@(X z9T}zg`GGTK9-tXH25_ncFD_4xp$*l0ZH6mYv$9qB9cPg+n|^Rl z0%7GLP-W7=JbX-}prNrB+JFp0Ywzf)IuIne*@1SySejFB{2S|oW-s2W`+BaHIz&0^ zvF;5GVw5qj4Z&_U63mq^ed=pBRs1{3PoT6!<_pxrQ%X$wCM%4aF`+_lzWT(1O=W1s z#)#uW*Lsj4m>kKeA)tZQntKtMdKd3}V}_BOZITHD{LWAIeH#qxpEwFk9#^_5z5>YcY`v1Nq^{ebhJ%N1BH#4nn@@ zMk-+3xBg=Ke@?$|cyNJjoi3(zbX^e?@dan$l4?Yu2(jyo* zC!C0z<%KK8m5IITZvnlPRphhg+?=kBm)H1V^JxGu2PFlDhZdk?Wv18SxPJQb^lxnM zs8Hxq9V{>8)@wrC^Y}2RWBJGd^Kr8}w{v1T2~rnJrd1ER%MV+X=Bo4Kh&mn56Aseu z)MhL`F}?EaiKOS+%{1$4v=@uZ?POb&`MFn~U+1zxf zqPE(~>ZwI&9M(!@(YxN2MJJ~^S3%(C%d;D&*?E?PTH&s}yX9)DKPPQDUlZyS66fTz>^lq4<58Qrz)1l>+CHcM?082!< zz6pq=q_acU@z~!6`BRA!|C4#m;U2Q{afzckVep2k?7ciBa?qy|z<#s8<8(UQC~ZB> zsmUHmoEHr8t!3-JUZufV`W(^+Fj;Fr2N^N&%t6Avx!LX$r@)S$N}ugair(_T;^Z}{ ze2tnkDyT+TH(4APA-s3&ssG-v&T_9p^4e8!SG-U1SIezKRM1hl2!ZR0^UeZ>HbU2( zMEA<{_5mrsJ_Is)^%Mjh0fgcHl2_#QLr_lUDSfli;9%2yod)yn&X=z15g?9TNDSLA~TLhjnTW2Eh7ZjyryRE2eToCuyV3*!vE(aX?>RxA z%L7xF@(m0Dt62`0sV8h?%ZJgY)h=zlH5lu5VbmZz&) z8ZJ*~m?V`Nkt-TW_$EC3r%G*jqQ;7Y%;+ywOSNGBNKw4DmY_~@)f!QyHC>|E3}66# zdQk8S{Q86ca>6R3xRsY>G&644rO5z$Gk;8F+7JJ}4GQ}Smz5CdE2en!WFB5AG4Z3R! zrRBF4sj8VAy;JIoV<>~t@`#6JKvZcan%bYDBB#ckBrt0`E17qZh=_h77`3T1J)?nkQi#=_2S|00|9Le}e7X_5ag zTfoWR`Pb1_943z;qM|0pwHqXPNwos{XrW2JbR{=or>w!tbMNI$f^&J|aKkM>ITNb1 z#KEM{nF1d`=N9OB+2e@+_itUVFd7wupSXA;-ss7#y`GUT715|ROqZ=ms`2-ko(RX% z)i8F#&RAGYC(Tp~4lpPQWdYFJ72lhR5+reZc_#3y>scHA3G3;1e3mQg8aB#x`F@$G zK+J3k4`+;0JR5gKKqN>=1|rL&$O*4vaTsDm^0=!RQ)KqY1vvfN$KMEttZ8J3wzPU5 z7o7TR@q+jtXz<`Uv^r~c8mQ0l2q)f~pLyM2ycN>e`S?T+rYVa0@xorV-trUm4Dm{S z++z`Ddf;JsqVC*Y+F`l>6=Z?cdwac~HXlx`p)0MX1C@4m80S0pqMd8SNjIU~X(y$e zGL=4WGwvk5r7kY+f$)`mM6h0_DvRCJE51%mU(Npfk2^zmDmIm*n*%yzvIMSKvgQB< zw%d4`_&Ey6phPaW`Yzlv@^sMk@&p9%$C@t+`78sZAoWf`GCDAL#<+Rpp$2H-7aBW` zzZpv`+$@GSExTnyy+s z+G6nN?Bjr#Rn33sJJqw0y>r`O&NJhGouIc_#(BEs&R%v${Qcz_d&<4u&-JxS+vPK> zskRZ2-K`Pjb=N_AqQu989S;h%fo{f`^|_L|8emb z>#S;({u_Fg=jdLEn(>S!Z}%dj8kHHa1&gJdMIvLeY2FO#)Wg60eAdLSwtciuvtimk zISis1m4?1@#*AH@GygddeX-0nAR7Vfq^}gknixG^F9_Ucuc{R69ia8C5>`C{a37#`&Cd zxEMnH&7>kW9#Cx5HxUa$^#^7NewnD5O*$6!7Zq)hQOuPlZ#g@E-ReK0C^z?m&K>`%`$A02z5jBPj> ze4-Ae+?%PMPZ*NZrtGhT%|UckLSvl^ja-3cy|QC~?)2B5`x)H+t*6noGYguFSw_&y3d3<_nhW~SA7e|+Nkjr#189KJ8Hj0rOm_zB(W~uD(bLO z&pEn^yyES_m=h{j`ocnE`o4Z($DSovu1^0^4`01^%cjZ?*2lJpSLlyOtaX~Ox9O63 zEl~-HCf%0k;u>^wYhmNPSo(Q?h3%7RCC0pBQx{tfE9uAOa(~IBeMfkd&C83fwks(g z#ek?xLjFQYePMPN7q7kbrtO+nWpeI=o-ef(B~I%=YfTYCFvKGOwLl0`X-6 z3d1PgZr#*dnW> z@hecDA=pwe{3lcRozmSXCu*MCt|jd#$dhe1QrAsQw=8lw3L-Q7OgsJ=w-e>c-Lzcl zjlY%S-}OWDp=f0~VrZ6_X|}ROy%%|T96#9X+Ny&Um?~CXR)bLK74x6ZRh?WZm5@_H zu9tUH?2}>_>rBw+;@tbB6ni6rrMIeXf7p68=%O4~s(L(JgTHDD8#H-`rv7F-=Cb9Z zjs7URk{l6%SSea55?`KvCRwKHvV6E(Pyke6C3_zCR%`l~zCt2|R9N3ecu=%I89(BM zUPGXBQl35g&@k-6|Sh=v5!lK~T_OcOj$#q18OY*KVJyf&S_=pu!ET3$=-urd+iGyv;&du*n(X9)9$!Psy zxflZ;AzIM9RUFFvZ8I^p{~ zS>BEmjy~BW?=A%}JKZV|%deUhUnS+cbmy!+Z6Z(7b|93)I6suh^R^rF*&Ws^;hmkH z8kI?>_DpHNEW6_enaaaRlg%c8cgU|;Jta4@F1wzcD;jRo@nT=@^?%!$v?Dm71nR9aI?ML^AqNB6Z^! zW#dK1g*{Bo2^-W^A?Vi{{Sj-Rt6_yO($rtec9aWwee&c1CTsW`+d%x)T5u-VeXj!| zXlsi@t!g;29~W0I|cW$oCCD_lY+0*XiY|CRD+nB>Rd5# zGKnIql_hqm*BHiy~r-e;&}qS#RUDV$x3SGE~%B?K}au zjDx?!WSoR%y8fd-MyI|D1w9+#!i9^!PPCJM%Rx{bn*@Kn(=P? zt?B9scVzkiauMb;S^n^j^+DQxUqy84Aqy9^+eI;biT}z)>@A0#18Iut;p_kWFd^^H zMr2-wr=vpZK0DYLD_a4p{^gH_0cn8>D%u0efjOPh$C+Ol8L1#ew0}m7@8GZCF^Cl_y5UWI(z zrN2G)(7kWEKqn5^w$MHxX?B`3Bi1?uP~^pak3Ng-EC`%Y@|xDG{MMNZjhpuBg4c?h z-qM&x@O#IdictE3hm1d{zc zRWfK&ff}=KP3L>5P1(IH*1m^s{PTVaDp)A)7Yta-XrBI5tz65X;=T`8`le?-DhHS^ zv9mURD4&0oXU6>c@YihO;SG~aQNgEfW1T)9(SveO!eDj&KwjiCS~t`b$mn+3BO*x9 zO6q_#<}#QdZNE?OVK2rt60iA88n@lG#JPC#@NUc^&Y-*Blslcx>MhX>-}OcDj}&jJ z+f6!R^DheViAsuoFr|)s9X_Ia90YxCK1cw5wKFmLVW!Pm)2q;)%_IWmtMGFk&XPY; z(xQM2H-vtT+EJa#Y}#lxqsBpkV)rEX?o=is_A8l6uD8Bdw7X*X(@BaE^$aEc?=CuE8HpE*O&xpS|GeL?Y`+-R zHI)uBa9c9yebWqiEdP@VG_@f}J4<4jn&xZ7@?-dawN)Obd;el2LwmtGvQz?j0Y z=U5ACFG=a~UtU-IFJ`sLXJPmdmPh*BhIj2~e6t+*|42Ibc&7KqkJnMhIp4(TbWW03 zB{`jnaFE;9q#oNYHKyYRhJ*CZEKTXQQ-E<`tdRuu=3McyM&VdNh5)l z5MeeOe^N;qzbGwyQ(>Q%Qk521jZLNSd9%`SBBS@@bzJIoAIaFo;^Y7M2Uj**DToeYSh)Bc51(RS5%Aip&TorZ4nOQ}1kD|Y78 z+yh;qtp0K`%cisX)o5awi=AZ7G_qW8!LDopLaWxD^9MFXNKCouXU4EU^?lF+-0%6U zWMOr-YkG|tXT`5v_jIIN3vkk1>F<5#iwasDJy^rZG&AS6zZ)GVDL|h?Vvt9bwgi8s zOT$nhVtg+`-EO~hQ#oB!ZW~SCQ$TP@-x+h@mRnBL-**f;%Xp7>8Gg8u4wO3%XP%%~ zXf{UtYH?5-hHyz7kK!a{_n~i1@R~j(Y0`#oe7OTt@i)H$EM&&K!RwCTV@+gtQ^+x2 zD$EjNjxXx_cZ;^eSPgFvmXN$){MwYzpl*K$3%`kIzOG?%jjUo{B%)^w8(C#mBEP*B z^*r7U#+I$5bf0R=h7oNS7n7^A?ZgW)J^{gvUMvbQY~V7XF+=hNG9lkXD^6m~VwrXD8 zKfMD<;ZgOY$Dw^K={7G<0BS3Jv-FzI%tB!Ajs~#VI6NxF%B5zQ75)3zdK%C(z=DQi z#4%4!+h+&{>`U(LGPBEY3+l$)UGGpCfDE-o9#@~tiSb4F-z$wu=|>Q+PZYR2*8P=n zqQl*i5uLF}HC%g2{~=S=Dt`Bl_Wt8={Pt439o{qZw8cAQXql1uaNSQDPrJ3a+jljF zRy%3spE_+}|57|~ETB`zOXU;-h$mPJqrNc#x6od|{ow53=DH%R+n0*DY-5*hz9z-%u7?>>y4RZ3h!0P{8A~mdu=eH%MR~~BP7qA{X zdnD-bGlI%a4*hJz&17fPw2UgnaF0+&68tFm0lJlg3 zE*1V^@o*{BQ{z_QZp^UJKqgjaz`PiXh^n_~^)9&@W>ja>X*Hq#ZQ&YhR@pWd)8v(Y z9W|13xGfovOvhghvrB$`^xWg$9E@KddAt9oi?bK6i!OfJ_Cw0iOAM`}Tzub8PY$cy z&b+-%X3bp0Mk^@p)l6`$sz{y-x>)W>4I;+WFJ|>�&FTnla)9{?SkD1`>ivsulNE zzK{EhW5S5?a>>)xuYXAMKsY{;X3|^DR?61lCtcTp6~*T9cS}J{IP;$f?Q~Emmd;xev)tVz=;{3 z{3jlkbFSAwFF}eZQH1iW#(Xlhzo7AP5Bhc4_<o*gQm z7EoTd*e)HgV7H^LcNZiG9q5Y<>SD7Bw<_{IqZBy`tBTc|R5-p;@($WR(`a(E_XS@L z+|HK%Q)MjOUS;;x#l($I*|##dpY!;hGxS`DZd0qLmUYX1c6^23|FYk)+R_aKO?*9O>NL?` z>=MJbzaB&CA%;s_3%k8Bn6aqbEcytjNbe>n5SdSa&v}}VP5P_*8wPR(Xy+@Ki;Xf> zL4R~gbcGwclT<)@BXl5CnZ3?I(#uLUeoJH=!(8-Pyh?y`4)E)8cjuop%Ro$L>0|z^ zH#hdxaxZoC;(KdTg2_Jj+$rCGGmV=glZMkd!<3km7IS_0_JYr;;daMvJAGFs|4!AS z#S_@U9-3eavZ<=%Ak%w~^%(`L8LRuS&ao1Q9<(dsd8cWMI^D$@6~`h!pApWbVvI*j ztD=jlRFtDHBHF8x&aC|zD`xC}l8MqXas%7yrT=kSsVa$5do{OT7R^WZ7GSSyTaDHD_8S+@ zd!t^N$>XEv<{iX6X5pa&g`~qViqn#)msAMG8aiOkZTy*jaQSZ-HsY7|~~pwvY? za)Q%gJEJBsyDDIv;pKX?a=l^p;n-rY&eR$b_drZay{-6~Ocz;?bZ$E+98)RTtGmPG zdBek_a}`s0~i;pWD~ zZ(m6-r?@=}dYHpPeV!h`slcyv(cLqn>JOBa--d2b;|{b~Y0a8v=pjv=BdSsflht{R zDaOORp22JQZ@(Z79ROR6Svcxvre1*Ggy@}x)0TFsQ19g#KdUjGvxU!UN(P>U6_>ie ztw)9eC-!8)yn;Pe&4}=KP)*9a8ZhD#H0)y$$6PeR3DIfy^pTrY+rD7b=Jpv%N^Jb@ zOgJ{`J6irebGaSDM>^3&LjiQh`6^;Cc(Hb*P+*3M1c-}(G=p{bbuXBEiz~#3(2ugT zmz1eGf*r*_3lqX_)JS4{^P)Qpt9xoQ8qAInd9Ji<_@^5755NYvyQyB>hCk}Y$bbhM4NUQZB1;#YJZub3GIHw|y{ku{ojQh>vs zwK9S})(DmU3$~nw*|LYvdU5`;>@e+lAnN2>2l-BK%b|)KasG&yz{fqdXY%M8vu9HECl)OQR^4Hgzgwwbe7&l(qJwI?=OMSyR1sjrqUUx;daXH>*(yiTW}$d5#_!8WkD zEg(mjA?-QXV=&lw)|K021< z^x*1MZh&3=XK}~&dk5=&tfU zK%-MDRld!f#mjSsu+)U8C~;+>$fZIMOE~bFZYiqN_8h{Rl7hy`IXO0f8@pmw}UH6apsZu)Yhrt4X|?+Qx51oa}W_{be8tQfsr*jTUyx%nA5MaF(_} z(j3SMsFKQJ-iIw@(r_lwGgLZm0f^mL!Feg#WZ|70c429e7q z!IP>VU}J_HR) zIw2fGx}BlBGRC1VH2lu7sgyz<)OW>o6@09ITJ^X2l*O0DBX6OPZG{gJVMnRv&ID@0 z)A!qBP8-S-nxWcNp>sioux=HzM0d?PyaVf^`M#kBHGzpp@Fl~;eVU2S2Ss4^_dkp; zZrp}!eT41wJNZG?PWq6#KPzrOit`ufez41r(cqVlcE5+C-_nM!O?-}yU_NLyeP>GG zT^1I6IDZhNK^^>TXx=z`D#Wr`!_l$@1(bpEDibmDKaMA0+pNcp0gE^&*D(CeE+@ch zjww`yY&28GhaC!IqroY%Z%0rJWG*sV+D8O$X@dy=)nG;&B_}n0izLcMxlKXYOl!z@ zDm;i^KVV~Y!9~{rmS%Iz)GlZyduaWiWK6NH^5P_5N?%ehi#7@A`K)09m~l_QC1|eo zgoy7(kH-2O)#?+wFAS*06z-kzcH`T>`u!93+g@TOv}^OHia*)P6cR;$fGka%AK6TA zg3n}dKb+#WGpyo%D+Di8{gNtpvZUg;Rs!l70qO!zA{dp!^-DJf;)aahQpiI%zIP-R zwYYgp)L7fHvFKgX^AW)4M8eDc!2)2L{tDniICGzD$$Aa7u=X~%6T9h2ieJTxR%@wC zvG-8LeNGedMQlON@-n{nPS^RUxw+~aS|7?LnN~TcW-5Q+m-O|h!_p=#PprMX`D4LB-m9o{KKigATG_zLXCrKA9mkApNtitew|s4>iyhoLYL?IqQfLC= z@>a)aVJdNRhH^@HcWYi(ownT3g-HDLL5c#Z6hpZR>Zb{ zolhJ9x~UAI`t`N_i)Ud_#C`9>u6lnf= z;`sezqJK0Rg~tEvf^K{iW=Fmr(!?y2ESX8WPLg%NVJ!%C>!l5(Za;&q!~JBBo_k>i z8C(wC&tE?Hj|>np{6X9cPau+`uyb!UgQnt?wtzc*s8u7NzW~QbXuLm;?w;!}1dBIE znb9nYv%PNA44O8tsS^u6)1nDf<|B>fpL4fK%+xx&CE`~m`A|lRpv-u+RQhDYKPP0^ zdLq~?gYl$yp|JIO3H?KDf1-a8;w)FFCGHh_%dKKCixm-M0!WZN?qN-->&$+@{<3i4 zOCf<;N?0q1x`P{d)_sLs&KQx#)y3t%a2hk@Ub_nA{wu9>3mqF+je2O#;Wj7*eVlhK z{Ee>UL)<1tQHJIMRxka1?267GyYJYOa?aJ%pdJnLLX5I3RDXIgCJ&#p{`XhWkjCI% z^4#CMrn8Xgwx9*E#IBpHjMNS{FQ#?t`TfTQDVm!g0j?>?Z%d9ViTnPpa@9y_0)0=Nn`#3~ zUSx}+UwDoB(Y8%@O+N0)eehBvX0V0x;k@xi0Ldl#Z|lgp({dYq>%ei&5{ zl|r04jrO5PF+`LPorC~4Qw~(GL8hcKG55yv%)!?Z6MT8X6~OS&Open)PpSyDkoR03 zeB8^)ogF(8&e-f&1|6%Y6CBAiB*OKky@)%m4TzT5l%~sasjf&qt zbj@uc%KX+#k${nt$j6abA~JJxywTLQvRU@jXSs?t^06HGKOlY8w>$d@(K!kg=Vbo4tdam z$$2q)vIUrvWni|(XpOS9g%R(Wb-55Y{4@>ha;yvsT!-Nk96wWmh30sa^Ghp!5eD#* zC#(k>UXd+E(q#+vtZGtq2=dKXE!BOozSWEr+9Y^#*Dy(j<-oC=rl1L0&ba8EY%#ph zx@VR19d&7|3>)}(n^0^Flo%;q$R7;IxY=)Jt| zv+}PSes*jAAR|RK3UuNfz>*G^MQg4lle**qjCtF8Xc%BR8NB}AB$3vm|6qcXGfCU} z76ps^aWwMHE}yx{17~V`H1<;(sA>%Oww$hITB)zNgrX*D%L*}Ulwkpd!R-m6QbGh( z98_ixZ#Gqi2rn>Bh8UL04AE1&n6e@7;q@`#(FNJCI?5g(MO0(9UclCav6(}Wk9K+A zn&5nAJ(3GNC>QHjUy*IPI=XzfX~X&Y{{4FmkqlS&?N>(F{M0+AsVlBqk` zduZD|!Y^^)aFz-!gT6Tn*TOM&JQ$x3LGs3Hsr#AoVC-C0a1Ka!P2LRJY(Ck-iL0P0 zII6iAz;FGl`rqq>Nx?iW1+>QA(1=xb*sh@7YeqbmO{{e*EJT!WEMY-ez?Li5d~qvx zh~triXxw<@CjC%lFViA~)AN0xj_FL9_hI#TSb6s$3yRWmZv!vKRDggHsD}^_jpwvJ z-ShpE0u~$>7;v_Wt5yB7Dq$2|)9U4b*OUlW6SI9i0$tYbTcRu8^jU)Lckl!gXB5b{LoZf2N34PkJ%!ep4PNc=C`r+| zr;+9s8B;2yOL3-?I=9ESb0MFF>T6_RU~|sdHFB4USvFjDk@vgwEGbqOe_sNBRgG5s z3{$n04eta8HQ8G~WbaTq5F>9qiX=()Z(mkFy>x$7Q(v;7y7W<){Ih}rhPOfSGh??I zX^C3fV#>v<^BZS&D$9r!ZeY~}2xhrbZE|`y+TS0kMPxTYu_7JU&GKgJ8vMX3Qh31~ zVQkkXL&6D*S@!XtkgGz8pG+>SwOLo^fR3nRPsSzEmggT7>TI~T=o^MU_jm_gADcqh zLWOt@IMZ^Qviq>f(mP@0^B#R1O9iAkMR(q2yILlBQQ9!g$f9bhE>|8>JpP^AYC7!` zz*ynp6x_m|+2}=r4c_VL!G7ZmWNso-n$Z3Lb|`?^THQZ7h`g(ZxWMvf9nkEB zrH5&$qOQYPCzNPXwH!HMwo#qae}?^4azT1DYnP=w=&}!7W2h9FLhaM=Nf2<#7NR>K z+$^V!+p@J_-yJJGpWbC@?F%KSc&W<|vD;e#ax3F@D#=uLh$+_M?s{qoz0!J|d#RCP z_RxmP$~Dc0=xGf4emO4CXlI3%GhP_sCWC6<%|XQv!OT5G&l57wBZ$cf@$E&1g_u-K zph-{9JH)gWslv7o={6l4X!CCBK7G@NWKZd@ratOAj8F{x2zjCA@?fH`5aF}BuTLJb zY|sbwo?b7^V`4|cM;+)&=)(%gWZq9(Geoe`01bvj7g~?qVMRV@R-xV8V9GwWefNZZ zw*7O`i*jYyV{v;kJuMjn1#CDuM*pBW8yw&Ta{I!MQ>YwxlSf!osx-T=75;DWXKpU_ z(`xb_Fsqpkb0T_gxC>X*aPF`7#VSsS?sprv;U}T1ldvDW`4zo!+&_H`TQ;v8LDyt4 zQ&ciM>AI5rKN43kBO~MHL>)|6=#0rR^qBr&QR#$n!t35Wbt3|G;g;<_lz zcu>_t=A>}X5s?^*-M;P$Uorcm%I*DL?)}CD!}aVBd(5CdGW5}fq53kOKBoJsps8r> z?|p36Z6{JPZoxyjXALhQn36dA#Yt5BMS2NnfP{4w1fp9LzMbGL{e-w4r15Q7SQ3E@ zd67{^@~2m?2WMKtR;e$)&;%!0KxGX11ek#yba1XxUZLEc>AfARnR_xD0X^LpdWDwq@b2}O1k(K)M<=?Z1cKk7imw|?;PyCl!$ueGMb=Bcw%1d< z-JiUu$hd9zZu07Z9SW~6A9bmxg;6lW5HvO$q`QGX&F$d6 zmV4%z<2q7=vqpxB7RY7``W#mW^?`qbY=yg-xl4Z0Ff3U@{Aq@`9Syvdo8mYb^dH)^ zRv9OizdoercW^1dx(b}J(h%GIIhk(LzEe4umzawXO71Hz{tpayPDH=Uj-(g2(awN~ zwu-1?O+`=0_!LLSCz_j;1SmN&Ofjq zK-(|ii7H%G_1rc+-IaeNQOi-0xqHYCfr__>n9s6tayHIZIl{!hAhOB*WW6pu40uq`fiizW&z}g(Zs4;+7C6hKMKK7OqCu_}!piWg-58zVNgcwCY_x{&gfy zkJzgS7?GUQ3~~BapSxGwog2zpSW7ZSIYZ9X29sM^xc(y+|8}tl02Uf`d!~>k zvr2Y`LSr2#Gq^R!4A(Ub8b1av$zFRY=6L24r`MsbtDkRe2fagf^0;{HtN5;Hz6mQ3 zbM-~UtknqvJ0-Dr4MkcvPw{nEC4kB$QJ|81TSM)lw33AMKi^bqf7gQno}EWy${>M z0&TP>%o?Y5hn#^Pki2=^xXh@>Jx@hW8_APXLFXS>yu#gh9GOiOA>Y|(gWol^g>Jf? z`_c!YK>p~pFrJwjy8||PoFK1s0sr1Yn|q3!r5oOVCPD*mGhtx8<%X46wJ7@xGub4% zuv%Nw`j6%Q~K5JM6A@-xscgDPa0|9B;r zX!R*WzG{@ZOpaexHz%vo6dPS>4R#yn=3W9*KJUKVEc=r~l@71!GfSX?+9x!W?q^sW zgX9$C-2S0|7kM}8xZ8x`zAq{@X{lEYIYFtSQ1CDDOVT7#;IQ@kL^Q&Xc?NT>RpVd)4bvn7HZIg@!I1bwL6EB?sr0UmO3kRupYxL=TlpPc23?o30OXPU{q&Z@Uq zSy#`sSs(-K8s}Kwd*?7WEh9CaH#AK9V>{f7E35a#(iZlVB^}6xNm8~%O+5MH@v4V5~u+7!J_GMCUwk{rs^qbD5E{9TQ$8HdM8rr6^4IlDhRpFp=rY2g`wEc&a+sfH@9@`7H(iz!i!0gc@I%72+=aaWvo=`EdEV~hG87nT3nzqBC z>Q@)Cc0q4hjU?hxb(2%v97aU8Trww} zb~XUIAAYY-_l}Ghd{-K=-i>&aXu6TC(qYvtX<#K)>X<42DR`hYyINM;+;;0hn{QpV zkK*OkyL_KS^n$ev#H-_;e_6uJj7Kt(v7H;o3wOJ+hYr#0i@U1f$yTaY=xhJ8jBMGD z$?sg$aJTk$lmo64=j7{ZU5d1ZvGBbr!L~CO#eJ>>SnPwgZgv0`eF4i1!^R!cVWV9 z9P4Xtkp(Cp?{8xgWoylPnZ4H|ZDBVt-o>4(6)9;t$mu}0i;nYqjbBtnm7L^v4-vM% zrr2>#>sF}-1R?{x{ks2oA4$7Wn`R_ikiLN)P86g83A%$bYt6coDD#-s8&g=Burf)3 z{JQ8SdP6fePe9jiJQndIEZwhiz?R~RRIjENSV`3CxXt#EjUWEa?8?e4aWvr;DGf<| zjay!wY-pt?yDn?H2;kKXlrGO zwj`e>OxDktp}k7bwgq{lLYKu_hL0v{8l>0h!Bp#@mj%MPIqAcz-L8hc@EHNS*^rtt zI{hdSj)z%sGUXtPLs5+n&JAB`iVi<3{f-g=TQy0`H$<9t!!d!7z+2v}iQ!3-L-Mej zfe&TQ*5VUcDrwiab&qM-qeldP^#p^Taq|)pr{m0f@0}8A1@q} z2+wt9sk)jcD(~l z9v@7=FV{T&C0lwY&U9W{Lb%(R%x7z}ID)Xjk#=(HNeR$q>}+TJDjBqz61>e^Oj&Ybca$(pnFyH=mltpgwS$4!ofCvMn8R%HB%}r$V}c% zm3De!dJNhfYxczP;~M-^(@xy!T5_9PPciaX^~%x6!IVEAdZ4R(`aj>_4jvO8QSJ7v z==XT2j<4!JI2o{~QNfTF=umUx zD0<>wgB_$txU-8s4#IoO#AA1~acVs-y{!?FXB(v(+4w zBB!A7;JJG9XLUo@RH@6R@U_2ikV{pIZ_d6Pg@f6niQ#qs1B>U2QuR8jt58-rEwQUO zZ{rE}xgdJtM4lp|V1)UVIv?%(N>sW!eDKv~^qESAW{sG_#y$cIWtVfKY^NFTNQ)V{ zqI0CRI#w-AggK28tJRqfiSg;1_SNiucj53M4Qy5jFaDO(!rom$y-e30Gx>~eN91p~ zcmBE#K0qniY@B9^;RPr$qVp4Xym>L^9QjJvDa#hr(XH0c{UV zqoh}5sx-#AStK`J>iooc$VWI|ns{Ge$Sv8+9x}4Jzk5&|kjS^Ez203BU}JItdNl;R zKoZz{zqicUI|M(>IiGk}J@9^d*>&`mH15faCxi>hS zR;>>d4n1*=t&i&7Fa5>Q?)ddCs|-72KfEfL-L@$*s}186%~%#1MbBF0Xn%dDb{uF< zlHLZ*Hnp~6U#*y~52M=$+)ALscHz{7Qg~TzR9eh+_NZ$BJFh{{wjWy+BAQ_t2s$r8 zj$nFrnb{Ag^cNB~(7_LZU6K7$(@ALsoNnQs;34Ke41;Mc62h1L5HC17eNZQFV}5&@ zV7wQ8kG(Nam*+WW?bW(?o>M|iwvSrKxC;AuS|BKHO$-aKvaCD9KF($z%|AJY`1LD$ z_-zm7Y>(|Qw@CNy$un5oTdN%ROZZU-wR&od^nlId}Av=>(MCqT?L$k zfx*V!BvSloX*?>&H4&7@@pHP&@rcFx;F;U3tiycVtbE>%Z89p%&E+Pbu%62Ii<^6c z9gQ7Vt}JK~P4az39o(x64z;?H6K(`VP&6rJ?Il2EkJU*-ynv6UM69P>k1;7J1k(eL z!oF(SF#GlOFagJDlmbHllh{QF;Rh*5xuJ^|JQhF5b{cW{Z4W$|mZ$KETpLDqx=!Ez zh4PD07I~PDxI2>Tn(l1iLwl(olQDs+HMlfp9|YGJC!@s-VwHQbdSQV{+qA>n4mp5?@uyv+0p6Y6HvX`Ov{CPJu9f^S z{pzjA$+ikR+CKz+z!cu>+%runZjX~7k-N)U&WU;ku@bNcP``aOD$q8%= z;hR2)`0?22k5(GjLEosO&#Qa97FshW@cj6$U3$nx7oUXCR!v|O8es1iTWSk(OA=>1 z-X$VXr1Bq!PUO@38ywec45Tj5nKD9XQY950$O5;;mr^9AMl%O2<;jxS11`~DQ#sJv zJ>)W=tX?K4ulMHvGo9hOaU!>X6Di-yW?9A?1HGF+|B9V8nahLZwYur7B7u}v!agBf zI*91YfF^DN`6)_qqnD@<6>_1_9>^Hn20g7kk%`j=$!6Jhrpr+sj=m=At@J!KsiTik zGDd&yVm(=#-K|BQuls1^V977a<3PPm+G?cs*Q2AsjHxPTs;%fI5T zm-guoX9?KqGr*C31M=7lQ;IFa<5vevPrDSR27~jo%G^*`oKUSqW5&}1SENY7n&mbR zQJsO>j>P%brw}hU#i8-OM#ZIT-My9hq5!`P2}HM(?I4rPw435o z*ld3_)D@V|bSm}>52!->4J(EZ%n^>x*;!-*3ths4%fs5ap$m>*tn+2jj&Mk$5Rubl?;l}vccoE> z=JwB-)S5T3yKW4xj-8L`(iNz&p1zN*^i!jl9a_1{kYY8 zILW(EJt@(4ZIGt|+Gq*~V)78HX)WfNMy~Br76YIzT>c}m=w4j~*^vm)%0Kp(jj$^( zxQ_fRAdTcr0Vf}AJnQ2*PH0sEVYy^;aRFdfRwUm^w<1JgK-z|8!{pAsoQX}2L?>|k zFs=Qfp$W8Ku>w+tV!4vwkeHFpk*RjcMjHeh&2xlWC2rwoNNkKj+txKC8M`{}0f_F& zR_mh7Hk&}k3$&=$-o*v|ZEv9qhJQ_%>nnPz=>(7_7Yl*VpPnf$XcgWC#3n_LJE%YGG^qnrXMZvO{0(f2B0kTsaFo`qAc;~->!{?K&Z zLNd5C1wgz-NdH4i2W2q7l&H@qe2obJ@s^DMZl)08dKV%Vvz_^zGUGj{5se;X zZ!NmWEu^?TmD0BxTcaEx+F*95n6+{6aaDV7!vGzVk`OOg31{8pP6BUYT^op|?#QIz5F3$KX6M`V|{g`5xW2bD*@k5^+AUs$_8U@BPh)GmrEv4Be- zA~0#lecyP6e&bdbIA@K_BE@|cu!q$eDalyNCj8pn_)zI1+Uo=>-n6i266RYZc{QLy zZOW9sg_mpi-_sJOi2DohuMHBTS?ZT?;kmZAx<2fw4(!RQ%tKQdlxxiHrvMNV%|<)S z`h70Qe6eUG|7zsqM(w;2D31l865efqz5qBV%pF?VIH1?gy$4_;F6=s1HK$8wiLV%C z%16=7vPo6Q8EC_YOJSijae0XC7%==009sXcc`NtjbZLT~PNsBOH*e9ZaN7)LqXcip z18$Dvp)UrSVTKRa0kEWSE5OQ~@c2x0Jf%6g6>SsOL(?hv07lG&Y&??IY~V##0`^&Pma?Kdp7c!N_rlOp!&DWJw+;m-Tt5J6#C9N{3A9ZACYCx&I4== zE`ruAH2yhP=YBK2kFfZM57&yFwRk_yx;q0keyY$w`pE*ijy}rWLK)BuQHyXAri0(E z!0Tzw){o8_3X%0&x5W_Q-Hy(G<soWIWV!?GXE1Ms$|FGgo(fns!DBTHgK+INV`u-4W!p6{;GzLZb8h@ z$;qv3a#Q`-(tE$@F;ByMtRnNpeob4$9PhyocPk-=n3>5j_j%0^O*@^hq((k$Yy z`RRVttj>+Q4-)|XWC*mZ^4*f+J52;1d2@buQHvDda90~RI{u7vXL5kcY(N!aI&Xg{ zo;$7YE!`q&7%?}E)|zqEE8-?eJ#OtI?WuyNdS=%+RdsyK;HGv`;tTMy;U5_E8ih#M zLVwx%EOiD18-{jeEC4c6yUA-VF`c}sG@b;NUqFN#XScwHm*TAs~_ z)Wji5$!q={HJ`pBo6{qL?v_&0H0o>z@Z$KIfy=Tvvo}mv+(vi=%+w{NF4^0`YavVb zeWLU;Ee&eow$rxSey!JIcyCziyWQ`z>}7wu_%!}iUb|!M9uC28s@Zg1H|?C5)g}al zJw}*0@4Jsgm8;>&_!%huaJ9Hbexj zJ?(CX&&Gpg-_7t-Gfx0BUPgn?V0>zwxyw^4AiU;rA~kT|46uH*gTez}i7y7)z-yI~ zk3V>qZMXWvL=;YE9ULRZq8>nReww8B^ZbgSl$x(MK=zGVW|X8l2CGJWo9u z_GtQir*$pbDKu&(%n<_){AOL)niD(J=+S~SaFK2YU3>F=1Ayufgx}m`FbpshMA2-7 zr26~cZ*gM(k)6W&^|cwx`!$>QKT;<+=CxUZAES*XH&0Jlcg{?!wSTte&il;ujG{#? zkvvIr8~3Q_vSA=Nw}mQHd+-t+|EX~$K2zeD-0=MaT7y@j2ITsEOVBy*Z-QFdOQa8s zFL>~rQOgfn2$moqj&t?zAw`1V`EO86t(d9ML3r@t$JvHvHObUL*g`QYY>Z&v`mGj0 z)Pf4h9RuP&_@Fwu;R22=zY9y#z%1m&Dpq{>hy_y~|J3Y45qDztPd8x%)2WKfXMY}$ zzYK$q=SzvA|JBM9RL53b3rEnf38m_J#ndh1$Cv;9E_FIpAq`Z^SN}>L`GrDFz80cJ z$v@R`=9yK+J=Q~fxxQHj<~rmY99tARY-$wt))^$o+$HL@b4DE9xLx`>(tTIik2BX; z21bA0vT=u?jwAL83vJg^X|H{7y-Z7aX3x`k0RdG$6`cm*g*Uut|I7twQ4zZGJHx-x z-H#*pQvXB_eG`&51866FSN;{+AOG-vrShL^L}|a!{=mkEZN$Xcw{7)3=$Z_st?Ech4?t#ahku(YBr0^w+JQ)u6964ey~ZKkhn7 zeW04Ti8jn+8m8v#nwCu{6}-p5#H_)e|TfpW3+FEr}sY{T^c)P4y7js zE=LKt;B_j}2)KQ1xj4dO<~F2nLrYJ#u4MD{(tC<3#JZch68f{^<5Bou&f(q>yd35Z zVXr1Q{Uf}?(#xm@pFu=$w2;p^K2hNReH@Rn--xKKA49KjhJ<&c_Mz9ZOhtNHGw;^7 zKt=FIhS4KO8(Ru4NHLeFn7hk`X?s^qZ82F~wyIS$_dEbz%14CU$|1cNu358?)X&!I zXHU$TEnrLNne{KmenkwB^Rkh_<=uz*Cg#ZCt{;7H)xcKT>!4BuegmJ`7p-Mk&WNxnvU zt#`>w8sIAbS*-T$wfX<%-sfnWgmB1~LExq~M}nAoHlF_w^LJ@3C!Gn49*%@eDU#2a64&C zkCtTKY>ydkpFK-N6w#>P!%Eb6iQd7#V*cr{;tZI-1zz!fWvT--f)TZbQ{y>278mb7 zShI!-Et*e(6&uVniYOWTr^aFw=W~gwvRvn>T>Nc`PlcG;=JM0(f8^_CP$D<2N3cC zF#lwpa9gxz)hy5^WKmg9PUFc1H!IN4gM0rjjwmfX zj2u%k46;j~_s-(RBUGq+{GU1HC!7hs;}&RMi)f1T^>#Cfi>WZA=uMY`1#gjd_Q4Ch z7VEM}n#f{2*JHY6`LZdoQeABMMP)^r)iUHB7-MdTydFd>E1%9DLT{XB42C6uxG*Q= zBkUE~4&m`wlqnGr05iF%{EO3}RkuGp4{c^Iy{;_SP`?}R8RKR2W$5X~{}eB!mtS`k z(!&@Ztz_khVnoM>gEtKBIJz?JFKu+21IJF`7>X)Vg+`VMfeb8KH*Y989E;NJaHLd3 ze9-Md%YV0yyxELJ#D zl3LK}>?_=|;-wTiawle(^{JqI*jkz28vjk8)~*LsLJK7S05?RHU{g1({|s!uB;Klu zcvWGBDlN|wGCy1;k9^B-B|jfg>fGCV>He|hTS2bkTYhY*74m+u@Q}XT#ARnA?e(Zc z=A>N_Gjz?ROt11;bfB=%$Vz-(8DHjeIF37|=CivU)wuz;F}X6*_?KI3vla3@unt2l zyR%z(y?-{!IA#ImW;e?&0MW<1xmSA*Y$dVWCkPyIl zLrRIz;{A^J_PXzejf(LxSVkCkl!vcvJoYpDQ`rjnZ;<5FP~Xi3M@3SlrNKZtm#FYL z+0PxQJXJe?qsoW)_R&-h#5J-8_s0g3M z633i_|B_Vb=-jWsD21XiuCY71)z6vxex;p?G+DjM_&=iFJFLmOfB&vG74BAr+u91q z(pp5T5=H?NAko@_6amEn2q7vXl`teBAR_^#ii5qv$WQ^jkdTC( z0SN?tm*3-fj^}?y0{M*VeV*s*^q}=?$dOx5kErmR^U=&cHnNbZT{bypw{uoUyhGBv z&*(DBNfIZR*Cx#$JCzbhFE$X_TnQU5qMu`DAUsFFT|LY1RGBZGo?4K>(Jp!z*V&3! z9cI3^enGC%3TuR~s%3zglm?m_v31U9$Q>b{f+G!BfUEGX`W|Ca`yJ#w7JO^k0oERhLH*tj{! zEPKpeF;5G_CHt4`U`t%wJz*P0Bsfr4GGw$=MQSGpjFA&qifgT1J20A&?_SLTVp%P2hImD-{X06ecJKaLYY5t{iJiX z&gl^t5`#SOk=)$i>!nF0eI{$k_E<2n(qs5i7x5cC58R(qCn<@Gyb*yXWh;sxE1FbBU3sg|*&&S$Qf3qM|bjeqxGk(wEKO#CJGmT55hhx8Ly||A9c_ z-k-=B5I}q~7^g`o4Lxe~oZ$z)vy~!<&oz#EOyRp*3)lR8DGoAM)5DTGqXtKZ520YP zJ(~qw|CwiCse@h}N^}f`bO-s6qz{2bv2$L7wmfJgVt2fBTl#5f?ryb}a`6=M>Iqdy zes%cM+J^Trxo(l{i;tY!LaW(E7)A3N?-55jFE#U!!~$e?922%S;-4tb5oup&N)h_# zBe8I=0i#j7I%R2m=EDZ)ctux*tpm*OQkyAUgXh-G=sCyn&>TD0Ga9Vw_XW~XcBn%i z*q$6^XB=@SfDf-yFW1EbcD}nO=LlivwR7yoWTg~yv(XMpsdtq9$07llqj2W$e}AuB z1p?ms2bfr-Sp3?6yhOU)|6ratY=jwAIVn;*6)z%|yG+Fnh$iKL9PWl=rlJ)m3Ze>* zBu4FkXH(z^sW71Z`Ip3tbT6HVzO}3PML1AKj`<}*kHR{}~ zdTLQWq1m}ZGhp%WnFcb7pI8od*NLTz2+sB zx0h&*owk>Su{z)@sb@*K5 z^~7>>rJt^15v&x`uxAA3DPcPb2xOf&jGRMAwadL&FX`Vj2eHgqf6u8@*&}bw8e$cN zR3(if1Zig^#y}8)7}rLlONjY;ApOg4wVS@F>FO-ek!M&-dmC2{nLKymD6Uau!@Uet zOnO=eAm-3^3l+a74R{Efe{VB(dE|`i8>(#Kx&S?M!If2b+vJ#XXa~p-HYn%c8pO^Z zB~(-FSrVwEpL-j3;#m|=;xP6=23tQEwiyj2X%x1J!8?UkY}o%!rb0A+BstxRqv^-} zDNSSNUPB~&;+KqiHoUU8*Vh1e5KBE;ONw(w<9|l;`9!4ob2Ze7_swoTA0xx#l1Inm zx2{&<&eQML{K+zjb+add-<`v0$qw{*^pD<}8D$$aoM^i~BkX$DtwgzW97M&O?})is zV0*omJ|1;EU^`F$scA4*VbQVWg5&8*6^ENuS0KTMgHuU7OgV zBNX*0v*4v2J6*sfQQ}j1sGO(qYYO!to8sO8*>1M^anWk4N_=Y($vx+xlVDI_y#nuf z+s1S6*QmQ$%d;4g76kv6GK#VtlSb$5%rW#a2Tr-EPsCVHUY?1~otrv$o&XA--?r;p zH0*m|2QNQ_hy^*=K^-R*;>)nZQ-`9REe;|264s;1MO zx6H8nF1!aE&C9IyC|iC%NFyH@5b(v7r}Q}3mJ^A5Y6{S6qOEenihWR7xx$Z zbZQ7Q8<{OX%BBArkrSEL`Vth0>wulGV5snl>|%NzEhe##|2~# zd#?NnYemi|usOA_S$M6(@_dKnv4qQ!2X^i3iIwFe{{aXZ0APrVJNx0N^$%QzjL<%g z^PX^DFXi9D{A_)6OK=In%QLV;zlKsg_8KUO_Q>@1%`@|lB`(fU@`=ff3r)=uZA%^N z&v#6`kcaxP9OKdz?>|NmdZAft9Rh~)yKG-xbEJvl6<0IWP&zc0J8Xry=OWB&m-M?| zp_o?b6}Xo)GiNXkIwzx_C@%8%Rg4t5kUn6?A=Zfiek$eGocTyGITY}J%N3V~n&_QJ z^fWtxykx1En(M6?h}Z7+dxBW|I!#i>`CsN<{FhqF`ys3fLlVXD9soXT7e*s6p$roP zGI)8U2Zr{A>nIkrQp1W)5Af;0*Sh^F7LnyQ2DkG9KfA?>PdCzXNVB^9oLH7@neA_h zyI=DhlU*opah`m8(}I&=fZx>3VB>BK?ToST;X4*{+s!M@@JYpc8jHFY4;Crl{?xXzy12UxfP{qd-X8bua z{{>?Ei`*@Kwu^e8dl$@#Wa{>VVn63z+K^s%paiu~m~b0y1eg+wrg;JLD0gIf{zB7$ zedD}H@vw;a9p15hoG3E)c)s*5mW{EOP8d4REbqs(h0%}G0Ax_241p!3oEba1#Bqdc zc4T5sAxOvOfzbPJ5KyQ3L;z<;*X%i;`?o>kO!&XM?@5ovu2+|UgkMZ<)+^5K1NYR# zakY_*P6+5vLBam2W3zB`Gj;cgebxRC4lBxho@BlP2JG(|aGzL%>OJHCoWnd?6S^K2 zpXXQ*Ed52rdO|$$!q{XSQ%gL@czJVKv;LWBpSt*xP&?9}UTkc76YQWucCqPF!+$YCD|E{B7#%?C$?&@36R-)p!G9?7O$J2CD58 z@cW6;pK0iW{J^(o4t2|0zw#L>_s#6+#v2q7TzMM4zb>l8(hmsMD+~L} zL+ICG9?uDqhhC>6LQVPz2&&Ncmy3kc0--~LcFT2*M8S45v8p_%-WkrhWP2Uq{@jg8 z9#U`cCOG1f+5L?czRo=gQfnp%@EWyWfO7^ar_w5r25GkMlJT%Oa2xY!~kg50ho}VA<7_D0a-jXh7+Z>mAUgX}`Rkhgr=kwkq*vuUh7v*@Du&jrPU|1k9L3GKP*~4FyUx<&mU4uE?+VVZ| z)JoiJ|9o!DdFN@l?1v@Ve}QZp?90KF98lrv*HrWl=sPMvuPOfePASu?PpmF~ePw({ z$jZ;+U??@^YyN{2d(zAxnkULmNxXlPXiL>I{!9e3ntnfn6mqR=yq?qUQ-JV2acO(? z_uW>^fX10QnMm@pCaq`kG%j@6VajN8f6Rb+xj0a(M|}{6`CZ}WN&owzo6@V;KuZId z#Tp8z2wsNJXkj3K&EvFBr^KBOk`xvBqCzb-w( z!mR0Nz7^_agm2Yf4K5M}+sh!$h!`OKam)wN-=2{eWu&w}t9)O8i0;@k($sr{|* zeS^`ppe_IVduAW)^?E5krvltr)J+I~&H;aY`7j`Vx69EVtW!2a0Zhdtri21n!);VL3#f*N)O5l(hAz*sUm(?mJ4ytGd7*Bb* zM%qap(E8!QP>pF46mY;;A+EHDOWAeDHMhR(uZo@$F<1VW0d^MRj4i)zIL7zkj&j@7 zoRt(&5NRdP18iF{9`o>6{H4#Nfa!;Rv91(r1b zWb4hZ@BT{9Bkg{V zPj~Vyy8^K-H&|ph-Gv#I*j`82*P2@5>X;esqXxOO zXnb57r}TEQI%Xh4N{G^&ZE%C3bJP%v0#DXigh~T}v3IkXNlcHvxYDERF!1>d2`cgg zi9ynYN*Q|8t|7NQw%}W{)7H&*v8qa-DjI#B2RzZ;Kdemj4gwohX+#G!3erLHE?=8$rrh#95* z!b_Ta(LLYA;1U9Bp@yNe8|tc^;qZ$Me6P<_*2YO*-VZd>9Dme=P5<dIsAk|%=qL8Ja1yT3#H&eZGv z7-(e@9Uil2_rOR~hxMr6D%K$#*%?_K5p_ZXuK=u*;NxU9excqb^}nsx7}iTMnenWdk8@M5t(yLD_p$Q+8zM}3Wn&VM)3&45A~!Y9_TB?661ck1#gu)`)b60o%aF3O z+#dLuW{ZZF(LPu5Ra~hh7tFuHzZ}GMkY-hJ(?E*><@l+ne3$gb2K-M!1ztB~i9ks? zDX=bSv4BtTZH@JR)+jm1Ep^kM7c8u6A$-szwC(U!UCcO|r1)#RxeZ&WA9<={A)~!v z`iFue|6e%LTNsuPyDzg&{Sm32971ltGI-qjylq{(u$+Q^yjf8YLSWqz9+mbaG9Ees zCc-#sovCmLHh;?qb8??)94sdumTAsuZb&vO8U8xdQ(eNU@+vAT$kSyV=)E}E-^pc! z#Y3<=q~oP>Mw;y#Vu??qroVCKVjVrl9@mtRH=Og2h31G=o4`pN%j2zo_>jP=Ti14- zR?dE5@ZD*vQ(q1@<$%t$?(6qUay&R_6!qmnM0&?6{m;x7+L~+tO8^%a*S67S&_<7S``nlR^!R1G zu+jY87#B17&%PrD$KT-rj}~(I*^6HZPEd2Fm6+{gcXsFI&3^4k!VPsB#PG3MG zBzHp=No`7;D`tXV zIhz;1(|o{8-eU-FtJ8U$exoo~GniYvTX+#bZ6$CK|~b zTaDje(`pR1-{}58i4{CbY2J+gZ}gn>gD4?_(%Xp~`-tJZ`!m-d?}43-#*X8+u!U8X zZ>SFV{{g$>XIia2Gu`|Pg7pbYZxQXd9q1LSb=X}~6Xwcq4UzFT!Y?6Lv;>{hJGgB0 zxp!~3k8qdCe~hhYTb$q*ic9e%7e8N-;!^cQ^mvQyKJ@qnFzY>EV>4b<|4hV2#>noq zGxFCO^j{8BId0AdSDoSMGG;fiVK))Oc@iR9XszsE>}z-aXzu$XrM3>tHUuh`MaPQu zCpFCrU6u^$efrHWdxhki!_2CyuxWL$9cg05EUI?i3ixl3=`+w_pORJ z=@8eZ@6(ZbB(!uV*HcG}I?#ZI$72UBR%oKtZnL069lSxVd(h@B1G5Oa3d-0C&-tyi z-2v&jzI&mwqpvfzia)#GYkCLa%f)O_&hfw3^fIoBfhvG3`NVdzW$d%`l(fyz7w~hL zwj=Jwob7iX<|kHO$fc`YUt&d=BK5^vD5~;c_vRhj_%;bG>;!5Z3v~>2lya_M_)+YA zXQXv!--yRfTM$I>fUsC*Wzq+?-3HU2zI1LDDM*!cz^5wnE%oj$NvN7W*`#QJDW9rz z99)h2H{tW2k2`Pa9Chsb#lkr=_w4f&r|&J;f_%{TvpL$YLq=v%&P%0gSk7HlNyVDq zC7x*r{ZoGPFG}64#IEIWVyQV4>mVcXM@hXWk&3YBu59p-!8%c!*Q152wKp+XNJ#;| z1NTnuN2%0B1u;-P;@=RjnK4Xl!sx{!A;bW)?)>vETW96Jzw=K6fmcU~j#OhDLa_jZ z19QuS2TVu#a0id|wn#VKHs{4T<3d32U*hdEkD3OeqjJeZ!0zJj(m>6#M<=<^Yu^|^ z)kuiwE3>+(YeM1v27+&IHrQ^|C=u;PzKS>%fi3NN*T{BTI=1D=cojQ7CWfD9KFLaQM9gNb8HThww*Q!*KEuxKdQeg)Gj3}9hsbL**3vkY zp;AU&OTM*l%-wgJ5FoDtAzvovYWdHiygzdHyq^eW_**7i5Zz9{10F3mBF4WH5MKCiWE*uOlNINs8O|Y>$p_wA-B*nfLQI>sPNYD`K&eKUJt&MxJzx7To@%ru zJyJ*JH*oN{=agGIV1D(=h!_~VK15z~RQ^(+3@p!Q>!N%FraoNRWQ}7WcP2gf9?ZiH zhII@@tp?gfX3JU|!=*YON@1n}$tHM7-jCZu$oyE>=*f9(#-c0cy*JA&C|VE;YFjxn zEDcG916PHv(IO~h!Wc;u8RmoSY32BdTXu?npo@MJ=41W_cMJ-Eb$_GD-^G#5ug*R~ z;9K_HqmGFm=8vyw9<*}jx3W*o&KU0HyjK_p^EO_01sY2&T!QJkLiZO@Pa^Hx_SDG7 zZhhoNT-4iqYjlB0PF?$H8%1pBp^`t3-}2BTR=Qp2?uiKXKso~qw*BZjRqpNJE36~n z-sx&TVznjcWc~|_E^Iq~@xWN?sJR+co61=1A!lAoNa6p?`$;)aI<;r)A~ThSiXBm9 zI~uTluYaNR)9Aq(q$?w|s9wl~QN;K-xX&MB@)6cvB zJIdt03Is7NLSCQ6JhvFgcW0ej%th=5HJIx&N}+!DUEt8536q(j$iMrc-;P}^-N7== z;}>(yFL@fWe#7OKGe*OC9A^?*mL&?9;B?q>z1L&(UK6)|nkQmP9P7s@w!2&QZcJMeZ)@Dip0k!m_5e!!Wjy)14_RneQf%&gd}t%fBv zFbpfocb_?N5wbMda-c68DHQFYt%G569zc^cKW$dh5|wb#A3wz1!LZ6ey544D5O--ep7!V#9Z4@@D;! zI{yxBYDI^w*$Z5rnzahr(tcTcaQ;liS|_DdmL1wt1<-+}GLCOa67~*)qV20*c7y!T z4|hD&Ru5sp*4fomrqxyjt{7xyi5#_z2j>v(UN8u)bVhJV-g-v?zn zJjWV6Z3M=F2cX>em(}fEabqYP@3#8<`_|lY&O<E3kOaY=-cN|k`>@(s3DTrrz8Qkiu+By;Ozq znP^)b{?Y|;Nv|ZLk{Wg1p0e=N%3d?y{A9$Au!j%6B;DB79%r8x_1|iPED0giBWZ7| z+D?qzcsUdc?2j>~*i)k6LjvE_Z&$rj^l%Nq5l*YU*o zCo{9fM*>oQS{$uqjeByii6-;Za&oP@b#+i&5UJgG@5^F~PFZH$it+ORxB-055{ zv>DI%+=F{YtG{9GyPJy5FoufbQJ271L-f$bBmH@f(twaS1gD>-sAI-d*H>BAAjK)$ z=V2Sye7yQQrT*i)ntRf$9;y0g$eG7q4uh1B_oV=czpDg!r-ivwiycP;PM?3c$t;Av z4qQ%VAe8Q&YGVy(X_f@DH2*`z-dxy6t{2@T69uB5cXKhA`@^%3q+XVk3tb<(D0S4X z=eC*Fqf|D2%{}d-&CAGq=yje&zr@Q54sjSCxFI&4Kff&ei#G(qbh*0RK7jFaHX-MZ z=22fyK~Q%aFT^ZW^1NzqR8s{ml;>E8ovBCN@#ss4jjZr!?+h1;#KIehGtYl-$$Ga_ z$Qj#<;t&U=@y4iXrmianxZ>U2Y1RaCZBDGX>6ji8LMYUKcni2?jF)SfLsA-2yT-@j z3rV-YFX;;*GYmm|VBoS7{KIB|6_S&_=rUAH&q4hoZB=N}RN9trG_6t#c{?_o+$uW1KEmwbkftvqV4oJvdnVzpj4z)4($zo9`g& z0bOpH18J5TUHuu2t!$)o^a#l3-Oi#t{PkJsn04x~O>&uABVNJYRy+?ab*qB(>PtTw z)H@8^xy>wy{gX+J50VR6Jv9enj<@QGvOj=Ln!JO2@JZZyB8?mZG;C-|9h2 z4SG}MKWz8-Q7Z;KF>&}@ke~ROe4FfE6HdP*t7bc<%e4x0B|bA_9fe768Ag4I#CJDQ zsrwQ|U!HwrDSrBr9nf`>(_W|M7dVDlf*qr8)8lKUE&A-D%Kkk)vQ9uLF;&CxRKy3H zetc0$=X%{vwxK5aG~T3hv3osns#~z(n4`HDh4cXQV!^(|c1EA#Z#NB&E8qU$H#*0a zNi5L6--nAXa2iAGI2=2iuMg04?q`y4Gy^7n8il`IO3U?_FnY@^1O9O=b;|dqbOGx; zA8aC;tvFC`{`4{9hS($(K6@?NTqFEyIKA6Tu+qa#Y=0)rIz0klfATc#_|1RNBf{1S z@c6;E9l?|#Qi%P)9Y&)#?nu7K7z!LumgAoAcniCBjyoj5c;%_kx=f>>wZMCji$?+X zqAUwsVpKX@Q9=_&4d{mpkOLygl^O~}Md}eEiu^|zu~vXt5k^#iMc?kWk&&{Oi!mjv zzklqg?})O4{as54!hvP~jw3T|*-;i`X&&AVhio68SvbSECNAn&Z=4QDQW~&M4h*qR zzS7jN_rCp9p#EPt?^_@31z;nh5*&On=KROSJg4gKBDJ+srXD(xY#)X$j0obP(Vb*D zLr?+TvPe)=s5Bg|1Ly#=ox1_4P>%nTipMUm&nD1v%~Qg|09GHY*WKsWaR3T}pOxD4 zzlkx|R4|GLY(@}eRb)3=8k%0}!Y(@NQ)|Gh$j3XTPSgn%A9=ZZ@Czk?1MTY8o<;CW z#hImJvoBv5(swcq=Z~D`4F)GhmC_bp(0I&-P=+9X>xVE4P-t%aLnuWBz4Yp?dMT;| zTD%-R&dk4;ZA_V!c_8&N7P8lFLy4KclW$}}q! zSNCO7Oe6=6$nBo~VM&`iQtv#TDk4i%aHP_Q#3;W~Wh$aW_cf9K%|aUd;uln`B$sJw%a3|&cXM*hlBKkkG z*BT9c#m!IZjbui$hsM&Lxm9>DHc?0=Zn>%=adBf0uoY9Vy3pGP&Zh+G`7JSdwVGmZ z0V{$t!X1A%9&>j}QW<(1mWm!|`X|!7y^DO5WpNeudg7wlc*^w_)Ot8=shF9?E}oR$ zFG-BjyBcj04r*I6^e=T=C*|;OP`XYc$akcnZH_aJXXYI^3M|{ZaejQBhzh>TB@c|7 zkMEPEvdV$-5-it6Xx44)+t!dMJR@!17kPL>R{th;%L4;#*vO+u8r79qB`fz7P-waNTCO7|?3R zeRxw1c04c4lew9j1-wb#ihhzvHY{yCyYk;JT8>f(XR*k~b0;{Y<@afZd3pw1=)coO z?0m||Rl3Ko^iQ;_h70Twyi7lW`IsHg2`rEtpYavwW`7|B=3*wmRKY=m^@SE*p!691 zoFBJ0kJ$R8aj6)+YMJV6`Pr{io3uCQ?1D+MrkRR1QM|VbahJs49|5!v2c5`)EG?hq z#TwplHyHbFaYu@&gy*Bxd(E#@?aWm|HWrSwETD9cwjcukg<$(ijSjP4C>Z6iy4(G@ zNAeF3koN&0te3b95^*eYu9fMzCJ=pe6uwCZbE*9l)cTEB!I!dNo#VSz>UCQemjRa; z&LR94ESxo(Q&jf@&e|?&EL&$V0%7I216Dy76BO8+^SA2AFA9xW^}LKUVhK`TeyKsH zYjuBy#Gto!4rtc3PZb9q#R~FEs4}3Df%SK$^%6?dmF|+v&PCLB9q}lu5<76_?5Yqd zSGd53GP@{78k61t_9ZAr$QSLkw2N%XxNb)v~#>gvAFdK2IlYm z)<`!;Ti629UmDd?oZtJEFQFeRcOfn0H~%$|D@t5K zYh4S{CM;;sxQ8+-_Egr z^wv;^-8yEkX+4BhCP`AGSmqeM_Hi*k9&)z@S~xBg50N8lDT!_;5}+2b-QF>^2|;Xe zngv)|+CITa=bxw;x#0mJ`BDln%U>D=5bH2SFv4W$EGfuU{4>b5PQ~igp?1`-J;{oH zIUvwAA@P-^%4kqx?j7>>7suG8Tu<#-U!=5e?rOrK{m*7bUHJEJ%la)w>nyV0HSwIr z$c3^ji~57{i`53vW{t9vj_@AH{w>49Lsi5zfZ0*q0w{Ankcp=iX@o7tLt;DxwIIB8 z+7uyd8I6eDnHa`Q?+3~0?$M{B-NB1VFQbOO)DSn?+_OJn;N$7F*LJJc zU@p%S0>;uI5lS{z4XTja{%95+PP3n2${484eYT?FrErWzqP( zB*2yt8GcN3G9T&GZbQjDHqUrW#!8pAuc;}D^Z|-;C6t2PrCqZA_H&RE!dkY;CAMz7m?7)S@~DBv9JL=+oO5;`XqN@; zo_jgE$~&H%t1o{-)pyrpHCg>hS(Q2A@KVLpp*We*W{@&3baO7T_k#hsl^oCq3Ly1R-X`4J^ez zVP=Py;;$&p8tV)NR_TU*rOk$vA}{!)W#fm626MNWkIlkkSP~r4VHn$4tVjyWvS?0Y zd5e25fyRfablq(u{!prB+ICm!*hlzHuPx27IPlDv-%-B7f2*zm2Kj|+&Sn&Ywm6~M z_?nR>%5OXEp+)sgHQsw?xSzE2q8)HDpGTezWG*}nh0)DXR_cQ)D9Pp=?UcDnZG)CD zb>N=9#3Nt3!p}fq62BuXCCM9*`bzVJHRel_yLgX+@i6cVzDLm_yZkK)d;1qhsT!C4 zGQkQj%n?v#&}_+M3mMtmH4lJUSuVt&=7n4rC=QGH4lh19lSh_RQJoNAMGJ;80Tovc z?3I)VZWzF#>L9%_SMiGIcBpOSEQSrNkL0cCcEOyHZLj2C4ID->N=V7~X>a+c?9cD8 z#3@HtocI91(upD;kKpALckofen(gu_!RX5NhU9sQo~6vIGt*HUSWS3_wQUC+BXQcX}{!LVt!EC|rW&&a%$1)WH-Z6a{Oa zwDe`TxPXTYx}0Pn0H7r8%fE07au!XOdT59e6y^wF?GyeQV*W_oK8tDPn_$l!<7sM8 z5Q^+s^kQ#7VO7-!>`26?*`tK!U{ze!Axe#65oBK^^vZWZ2UP{{rbo@Efv$UMQeIwz z)w&IiU{vRt5n;*Cn~hJ1BWhCD`bZtLLa~Ez+6=~iu&rG{w3u#aHjZ`WZgw?pUL{BA zKO$WfJHjvWuVLpz0pabnyS(~4bKd}Q4A7~=*ozI{eUZ$rFN|vwD?j^dVSN-Y9clTe z?=`j0JiS1=-qI*xY56~aL^Z{(|Dt%s>W9w#X?2VcX-2`NCbZs$``5gwMfng9iG6i_ ziPcPGV33kMpZmS2tp9B$p(hWXa=Y@Di|Y!wd;;ip&9@}bMcxbbb*&%dLBw2_&=>56SVf&74l3b5>O*cGU zAXrh-B_S)DiWA(O>)ZO<89|cO$00Ex3ME08M$?T&Di*mN*2+%19ro3kT)f<4*8=x< z2H#grwki#Y4T)Oq2Yx&XL zg8=KRG-^LSLZ`4{B9EU#_Ljxi6y$heK1;-K7yU804R`^(1AN4YI z(rafotj=h9&+a?TlnI-RHIIw!*>`%aK86HskGCHGdb4WiXns<(smLoA8P90MH}LOu zMBDDdH|$9lZ8JV{<$r4|G%bZtw-SP=uda3+f65{gzDU8DI}xwS>qMw_S*u9?&Y1ej z!j?<6yS|ma+vsId<``Q#Ax%83$jC5#PQ{%cp*iDtF79rmL`kZ$GHJ%(s(N31h1$aS zFAR0A;(q8_tsekn7ZSqfqgKZs68pY1DX?9CNoEuJPj zljL{viOn@hRo1YkSBBL_y7}7pdoRu-NkTm`XzLC$ZGlRu5xP>$>Zk|i*xZI_SH%4H zq4X0~Vr;hfluJ~)z_WX)X=&!elcf9O*Yqu?wuDIHa@b>lm!aM<*9Ej<%y>nmOnSZP z5VzrmVQupz^4e`RF09|i7@eKr5~5tJ8J?Y%H3*(H!MI_c>xg%qKRlKX@z2eNeZWwF ziW+SfsGfKVH>|9}y%D%s(mEn1+Xbg*6w_f1Vp2f!iUso=iN89q6s{7nI86FdE%42k zU(esQR@zP1gW>Zw#bo?^H{j9Sg&=dMcOTEbX$mrCxsA`Y&CaV+f-!<&mwezp1mt=6 zDZcl|@H3jpBxa~0!-Zfoaq10adUQr22pP}}m#vXjlp7Kn6&KOm7wKZr7J|8Rg5_ZK z*ae+_2tS2+bBfw(E>sHcT{a7Zu}eFD32W+B?U{@V)#&SMoY#C%5BuifJk` zu)W?5%+;HaT^FFoUDVnEZFM02ENkx&G7L(B9YwZ79N{UeF}kn4kR|O?@d6VdJq*JfjYshmYtN0<1Dx-Z@L9_`4(TGr5~s0~>o&d5x5r@wf9h!99DjF;t-6eyjkdT4iHyFz2x#6iQ$?@SA_|L7w z2aM5q0%rm&rn$?HWupAt-~L{0sBR-npE5m086v!%WHh@@yXAPZ1Wb;hH`K_p>6g{F<}Q6GL?v z5|H`Y;IR$ityqH4ab#upvY5BK{`2Q={-awJkCGdz@rvr>oZiHwDO znpqpqSscq-A0sV;gVf{ui{>fXSd{R&|rvPd@C0wKA!hB*%>nH(H zn=WMR&WpzyczGJeMi>7*nivM@zvt3Od#Mkdx;q=2Z-ft5w24Uf@J5?wbS55#`!lO) zFK48GCAc(2{d+Lqan;R|AkAQD2Ga-hHw1zWZ{U=02?@&@4{kX-lW|c*&y0U&NZ4?eyRu)x4#mg2ZcYBe(>%V#?Ro91;t7e{pW&H#7o5XW>r(h};tW69zI754qB)855AAO{J_U9?{HTz6YWQllPCC8{<;VlQ9FV zTmM%DI&d*yf2~yeWlCX4-xXZ!%PU)30KHV^y}2(&1OLJ84RTsAsrDNR4Bfr8SkP{1 z(-9ReFcN^YjV#=VD`}+oSUQXp04pC(RQ0@7C-5aVL zp*a%Z(fY=uw>!}NjDh+M#O!zmBkfF^u|4aS8B+EiAQLI1?#CVw{%Ucelm0S-cdL&1 z?-9ElQn1tI*D&AxVPK$%4&V1$z09Ry4})gGz4AR#Kw;RAt5p-urHMR2+CPzx!Nhkox@-nlgru?US&`SDbM8M|{EX_UM2|*-`&5IZYnEh>N?O*7pvQaHrQVR&jzSRV*pYA zR@s4Sd~DJo8T1RI*j5lW`-02^`W+dBNWWMmG&ZUK0jtouIE~qsp75}${~3ap%D4(p zT_^82#Vi(?J)ilL%4`cRP*mUKeu$kx6)$$>*wpE|ihmIh(2wxftuI&&fzkkc-#}j$ zT#`#QgPe}38PVd5hj*S^xI3&qV(+Oa+>heIlZoQ72-EKr%s0ti(uQv>LLxY+&63hc zTWVgs)OFgTQCL^6KbFI#-+*ZgPLm(==f}l;HskNL{4VWgw(x%~XuW|j-7R?&LkX^v z@X)LOW^4Ys`)5Myr|LbN{Z<8xcij<=xqI8>0~tEksh|>Sr1nqP&4Vh8x!XBic@d74Yih+UtzIcEM8%yGx*6Y|@Itz3eKt zH&O%kA#A0bv?h<|-zO~AF@c+hFyaq_eZW$3eMtXad9$cQ z{@?_|k=8<-LK%g&EivpOoAbueRn*8?qEzoHBBS1W_6u2O$y=PFNSU1g{_0v!juga2Jig?ZWtA0d0B286zDFgzH8Mdi52u;-jD>iQ zpKh=c8v+awb;DqwTxLZdyRaht52GYHG{r)nc%e<&P;*l)QgvKQfz(GCDbnm=AAx$`TFXJ+ zk-;<&3j*|Dy4CxL7LO|}C++Qdo_)5@6O7e&Z76?CxVorg5;+b7x$CaBm~daxEl}^| z2+IO`eB#LJk}PgIZHqApU-CT_yd=Lq!^mAIK0C{>cs{jn?l(7?C$hw%&c4_7clgTQ zbEOY;E}+it!Jgn{=yeVfz?TrheFD*G<|jofZVPNRp`F=G>3A(fk1O z@OswxL}x5o-6TpLciI2;i4pZ4g^7q@@bO*uo=uYy+I4HxuSl48Tp`DlS|dE>hc-+6 zFavq1m*{h|o2V@6Fh9!o-UDCW>(K(iyyW^5tNneK3tw1(u!#eknU(X4P{{>~vey4L zmpj&+T06S04o&wzJE)eEWhnmJ$M*O9(B6~G9p50`zmMa4sa+To<5`h*(OIrQ4cnG! zzR`LesH1a~I%x|b9;gXJzU8DNp`ctq7RR_gX?E_(;9K=w+xqyXol_$ECnwLvP7#!d zj)LBsK~Wjn0u#by^uYG1V?{qCJ8JkUTzUQfk#sJOOz;06ucLDMDo%CIaW@^6t`@8>pAZ(_oaU+2h%X=XE?1IopAXtnO? z3t1*Mqrefj{9%&I`D(A1ke_<+HA64Q_~@q^PGs5OM*Hy+AFs z;+K)%){;NI?L4Yn;E6d-Q8OXUl{#A32(&ygr3P~WIf>XaDT4!5NVO80lI@yE=OL8C z*cL*C6frwfFbjeZYQ8|&AUF?Y9qCBd5rq88UPNZ0Q!qYuBiSznb>+IaoQ7=Q4m6k! zO$;543B~Yr!i(NzZWr{!ep}E4I^e49`86SRi?%$b;?4nL2sMNXkSp9)t{Rq<@>NDE zX7tRFy;RFi?p%-B5PXiU=^CqJrXD{zSg164dfn~e_HMIhkhhK*)_P#DGpfnb*!kBf z&5>>jIn1{=@g*6Oq~6psO?wdJXdF>5dI3!=RPZ2k_sjf>4KiPus}_ zC{@v2o3Qe|E8rsnC1!~s*d`|o+rTKweMx`JjNBtU$J8uU3#Pu;c>=W<{YSvZI=o#Jxl84D?PlY!6|Ax7K=^xIz}6<*1}7*k?vY(St|aG^-0-NM%%_6%IO)8$$T zmpiC?2^_n>@x`FOzfc{9_Ca>x`1{HnP0-f>5il}#0Z4h{4Ca; z-}x6pny2%rolL1qY#1MiNA%A;&c<#sN#F}1@tz!UYSzT6G}7wj{Q7PaZ(}%y-yEr~fEX5+fjaG;^K+Vha_)`VW^vYit+> zrLkglQ8e(-%QdZ()Idz4xKS z_z@E_>rt{{N_kW3SMw-XS{ig-7Yav}wqfFNO-*G)S;Jzzb{15huUC4){d^)v@}PIHiCDRe}kX{le3A^gY7&2W#qfIqnX2(CsP>lqb5? z=*AghDZRLg2o+eJ#X#2H^pL|but5274-ak)_7!qOGXs3FMecpM@`YJwN;vWT;|O*} zY7Ml!r;OZO?BaJ#4AfG%YW0mew-W9-n(G3Y>#T-^!&$?n*tSf|a|u^-4;UyH9sY)A8SE;(Xm~awPF~ z)M+?Undi)m>>LRxim5f9ntC|s!hu|g?YzJDs}nQH&O)caNdIz6b>A=H(mr| zPf#5Dl~*EPN9A5kftnm4CJSXgwC7?wJ=y6>zK;h9^?V3iF&#@~Uv6<+^uin1E?+^F z>Y5W6#vJrDR3)(*xpU-Q5I@sI~*;pzwqFkE-WN5ra>Jf-I=z9v@rD+?AzI_U_eaVyGN=86G<^ z8|1{z_i>EDESsc<$JyCA5@?@e9iq^EepWN$s#-#HS%y5*(AN$jG-#)0SRLq{w0xXs z*30Z}*AXw6i~JJe@HrZWLnQBWjv{u%FA+!^sXIY$;dX)3icXyjFD={{h&r}f3(=}5 z;v-JG=GZC9%N-)+)c90W+P;uX{B#Rud_+WD9(7B_`p^j7oQjh(i_D{B>}q$K++mYR z=~A}0O7Ql{vchuAF|*%-mRf#-Bkf+t z5$-^ysQr7U@QN39`nOze)2P>`Awx9k^X|ciSMB3_+Hnuu2h#dpCe{~FpV;vqol}2$ zO6~nwUvy}ZHI{J~%Wcf5`8-shfw*LrWu_(Q)+e1++Z- zGIS8sgjO(KLt>-Aye^#~_4J{+v^!2wz%+I+J@B*5WD?OwH5M~B-2md4#{YE7(rZ4vxwlyd!~8gp9xF@8E;=Yq_F0hXkYECpvc zxEM#yODmT6^QqnW4h9^b9fgh{<%%J@H+NmxiQKcX#T>HxYgHr|nWTP>=z`8!*ElC# zGRNhCTW|hCbY`B7mCbccqz_DLjr1Ku>)tAdzjbV0&dK%KA0WM@s~F_AU=(g>R@wF_ zjvRw6&xU9yNjtTyq7(5)A=QwwEUQN(W?tfKR%pY%X-3P_xc~!X31QpxSnE;Jv7ntu z5gW2S6hUXYit&@W_O*dO@h=R{XqLb1s`_X~_yFx=%|_ziD-K^zBe)__FJ^OBsmm9M zzw*%6JUDA+mK-ti-*M@l`BQVDK#E^kFsL}35#(@>%WJ&mQk%0K`a*Eap1>Qp0i3v? z%3Vd*ZNt;t{_Tk9%!j;k4djVg$GBl6j6TVOWsfs&2IygZBulU-?f2~mw-38x){J&;X-Vfo=tU>5E!J#F}9IqICku}4= zi~G_la4@VGHQjb%-pTn_p^d~LD@5^Iv=Mz#JA>5S+KYsv6*-4dc^)d2Hm?Ingds;V zY_nUftPyfKOYrir5&U;i-p@;@pApMfp`Myqw_>&8?2x9wDitWgw7}S$g2sM zKT(naC$|~Jt=q}xl`7jjH%~9?yc_8rmtBy$5!h$2L*EatTyD@1b4C9M+HSHxx|+ZU z_QbZ@X8bZDN**sT8oFRP3E(aa5}74cL*F~wi(qS)kgTBUmaB>9a{bS+jye+6`ETGH zgKwzW)V0SAULz{kqV7tvQr4pCcdtAuI+n-Gc={WVMEcehKcXRAKND%S%?J|yUiv|4 zxLg>g8f9#T`2#4T!8O#%#4abyOHj> z?CIQrm|UFnXqnJ`C^x5P`^O5V`7gpFj3LWj$;-fJc5#IqfO^%;s4_E}YSdy53pB64 z5RbImD3ZZuXkvfb_xbR>yuYp@4o2lhEACks>etBzl>J#bK@0JwH4p${D)58Fz-rX{ zCfz;J@s>7oUyEnmc;5 zFiffNG_rs0(5k@@oKRBi;eqM^&#l`w7wKhG)H1dFsaHX|`TQNGM~EdAKYNtW8|Nn> zN-JmC{WVRW2D%l^C|GvqJa5+;XSYd zy!8ui?`dh0$o1yIK3My{i7IvEI?R8qc$|~akV!=I! zjvx{JoyvN8vgM}3_G!_#orb%g=!qSwp@Gx^UwAMbtrc~A=7biw%03m2TmO` zeu!`ZIyXOF)j4d$0z$z8NN{tlBky+x2b5Q8Y9SV`JP|Ht_?H@E+B0=Cu+LfqSTH7H zgqKQtx(|^shzlc>ogCuE5SW}ticuw)1bS(qN_d_u{zQ|rJqa&M!I%{xDhdG$4fk>; zHWIs>!3G{fRaC22_ASpO0~G0rxij8Bp8(El7r*vhZ#Kp)&Ia(hIZMt7fuXWPBI=xL zH}tX2pvTI-NIRKoWD(#RPj+md)gAq}FDbkqNhCeGg(_}cY5QUOBK^i3a{^x~9s;P}QAZ7lu6Z$I7hQm~ECo zT)rIAXlv^+StA=&0|4eMdCD_2ekpaWi zXSIT~Vx&k*VmxoVhq!`Zf*;sx&p{+R4#*VVbuBn7P_xmMu9diB_9>V$+K0(?&rjAt{9 znp$06!NtW-Ui4j<&Mn7`YOrAjs9#pIIpHxC7S3 zV8fD9D~ezRAQ-^8Kxu1wTqN>@>kD@~42>s84a#Z zvzVQkEwS{>8VC_m(p*3@^# zqXX}?r|)Qn{&T&Eqm_zL3_^oiJ$d+r><3;6ml&=qvh5^kmhtyOuynp$m6*M7HK$ma zSC(ANQ8!1fb#Rn~ab0>QZS8jT(%cQ8$CROaMTE&GQ&l5~8hNyhyY_<|^N|q8=K7lL zAqXWB<1uLn83O;Tr@!{h$WC$)t${%7# zyUN&5`o$WR5km^U&JExb0KfrBR%! zhHjUsb1n1b@~nLJRaZsdQ0|bg?&&kvJj#`a(ApU-UCJXE5QBGNFnrhDGs+OuHEk0% z7T9<%JA9d*QM%7mxi<1p13cuN`?020Y|IWSg2a=`|O)>gNnudlakwX z=8?v1WZH?TG(l*YWb$wjXNpR^n5Gg&q+;Agr@U5ITD?7@M(IVz^Q!o)Ikes>&jdL4hp)hylQ^VGXDqV1K+9o@c;jrAc8mL#4HWe>N? z9Cc_)(>->3hEfzUsmB-Yt|CSs<>+*p8lftVLDsj&931ppz@irZ))?GJc2jSx*~Ya$ zW77y7AUCn=T<`A+U}_3S&c@K^Y&MnvQHWuCNdPSJVaC~Avuy#3=7zHxyaSS3M#>oB z>_8v45-fVl)a!-nE3&t9y|S%0#imj5>hnV{Y;=82okLEQs`*69!$Ox4h!V+5b_XOz zz%s|xPw-CU+}pk0NGx&nyI{!AmPRg0EDHp-LcpL~g)XkFGPy=bu|n%q@o!9-Z)Pf+ z(B(s8%%qJcwD(t$7v&w!j_#e!J}zmsgPK`Zg?eu2%hUtj{WPkJ*Q*hTnm*;8Sc2ex z)DWEo@QOL4>8vE}{um>Sy*#vjV3Kn|@a}EoUiTAyxwT?-VgX=ktf@VU5^0|6WW2u+ z<1dsaYpEy$uamam17=LEjDkI(IF~pr3T-1VjuzHo51@CgTe52`4sqD_y(MVJsL+hk z$35T6u9k$S3IJfFTm!kF%NWA$V09`Ay`n@n?YOri>-^Xtx5SlKuFCCuz+>(<@UNaH zT;tkQ<;VE}EgAT|hP6Nn48)jl=4Ti-<|=PAGTt5KeeACJ=;fUf=L#FlwlC{wt|f8S z)E-}5v?+Ir%MUqPZwFoN%=E08JWxvNnTkl$!mP7-_T=QvOiO~VgCa2CX)E0f&#z0P z+ZqD^`7&vCklc*)#U{yu_#*rF zT@TVU%F?jFG0Vc9wcjbEMQ-+<)!Qdq&wdX7-1;VF<8z!tqwKlx9IeM~*>muq1*WSe zMDTLtwH2=BMa2`dinP}>%PptKm!HiSq<_`mU}%tAtXjz zURkgw2VMZ{z`=kxx>U2&X)_@?NKi;UPaKIyr>9N$!>N#8zmrY?^-5r;hH&jo^g|8$ z(gz!FFab{Z6_hQ>9pvn2yL>B7@pwa4vnzu_ioZy;7}bhWtXy_^G0#dDD9u(PiMI59 z?jz5k8-xybHxBW8gl!u1T+~c9A9=6xSYuSh`yEVE&07PD=KPNzcs@Bx|Kq9ume&=@ zwdr(L`va=z?#T0Eq#v+?M4%wbcQ|d^1=tqeU)`*S>;EVXXF-NBYykHM0ib!e%R#c2 z3|_X`X^?qfTx!m|k8L`BXC9*4j1 z_KkP)y$c`ihoz*=uG^ZgzHVMrCNl1M;0vroc-j+$8$nt#>Ep08=R$sdQsRtE!>q-a z(z$K@B)0szzZ%B7ksd!<81_eYeoBL*-lvN-rxwE1Cw;^bc8lI7OGc&^8TF)c*Y1+> zn&6sEBPZ$e<(f%Pj%8UD+pEO1d_c0dga+dYy!+xqZrCnAk6`Q8w@~5JR|AF)kWKN> zO(V|D7v7v{#Os=hd8c=N8m0#^cFmT)-acYx3W?Xd7zaajKk@?FGf@|F=zN=wF{e%i|Yu7awwwQI`7AycU`)nw$xIRymW<-_qBT7^s{Q3*-<8{!q z7HY%azzhRK@6(N3fma#w^&WSTbsEw?C-V&IIi$#WZEn^Z(=2vhSrTMxZ1jIB%&w3% zS%5<6x&97;d8haSvhZ1tnr0e|tNqq-Q&8ojgu5$TKeQG+`RWwWIfm*e(fo7*Z>0j; z6CuofS{Z7-BDbstYB*6PV7ru!A-0U)P&zc{bFGy9lY+w&ciRQ$Vs^I3n+{=*3R|_H zDD%y}J)Q1w5r2=niW|xhrqIV8HVtAN8+GcJxi$dN^VK=CK)o9tJx9ilDmB|=Ddj9> z3sk!056w9844bUIMPxI(ojEXOQZTjtvaz^E?;3K~gYW^rGR#HY@OT#__BdKC2>^>Q z=UR)=v1*l=dHKI#fhDLsR4uh2$IXuS>-x4v;!}|3qq5{?gEcKk8dQ9-x%oTN?Bn-L zr84D@kHh?YiRZZ4y!MIm44JjN_GuRj#r{Bdiow)#ER*<@Fqn9g$9YjeGh6G2qx_B5 z{WpPr=-1=COCIIz6i}Auj_Y0qxVEJT?QgD?yXHQAZpDq3d%7m`Bf@p{8 z5|4imh~@Q@aUJW!hZGPa%yE2GL0oy)%*pn-tPR;sTV$VFh?#9pUYF);psGmrU?x?H zinw!cdd$q&3hlh`l(*J8<9Fzvt&v2XJT(ole4E^ej0rHMn6GP47u5QX@cwQp_!4~z zJ1dOSgDd+)F^Z^i4du>~*4W#*^9L0Oi@^g*Pzs<;Fcm}C8tgr*;JYlh*zn}-jceZN zYAvs^8Wd0!{T(n+yy~dkT7#1ui1=y#Nv)OvZ|VM$!RwxhhMV?4H$>!iLU@~F$SQor z@{$X@ZP#K7VLl~^{-tZ>aq@?UJ^miECq7!ElBgD26{$c41~lXF!XG2dRjVz#u4&~W zu_p|xOn2p`_J#W-+Seu&ZY&hOqK>#782EJ8!#k_lyBrX=b8?Rx5QgyRn?lXjvZ#3B zy2T4%5LG|A>P*s*{3!6Bh%=5VPp$ozc%4w58W+H|_dN#ENF^Q(db%*ojv8OukBM}8 z%kNR#rnc-B|Mouaz^4p%N>5R>F{Q=f4#W|0Pa|vNyE$6*%@K?rcDC!Lwhwqtg=cJ7 z6^&zT3!V#d8dB$Kx!YS|dAA>$#ncXFsQ@&~N~^>2&oo`#^Z~8iLV;aVy_hxTj$auA zf?&YWifB?NJv8-NSJOgfzP6v6R;)z$S>oRM-P4A*13N>{fq2ym%z^$s%K61{!i_7$ znhZ)xa308D)$CvOKz1peS~|fYG7J|11vQQtH)hkR%Ttb=H#EL6Ib!hHMKb$O2li*5 zg_N)hjg^z=LsQAi!ubq)xUc@M40mler=0NgJ~W)SpI9(*5ZC$94RE#d8yKfiE{XH) z0IUc-VhxfO19J+lA?J23@l-@HX=%viTv%O3$w zc-_5e!3GT*d4%{=x5q{{z6t4z5Y~w26XS8txjIT&T3LBKsC7)U?o?a&~v&Yqi|fKiE#}CfgOy(!gUztfG zLRa$>mw&-(qx2LRHKmX`3_(Kfu=fPpwi%Y$7+_bBb} z$%a_p98-WCHNQKqqblSGY=P$!O6ZU$N$d!$^uh-h8qILsi`Izp5|&vUQi)!}QjKKG zkJPLCqC;fFp9hu9V+S8xfOcp-0jT=WQgCQPuW13&%}21h8AU8@TwbvjI1{E^?S1BB{;Q^%ok#aJzAUnLltM2OB{pNBwCUDf1GvItrVMjdq z$-7k1Ui^R z>Wn0*7U}7Yh6%>e+Dv4gJ3r};r zlKP&SW+?14OS+mmXWv^gMpQnRW)pv?O(m~Si&{*ZPh{Yqw5)fvWP2$Du1*xVVlH+= zELjMOBFH%a-31>~dv{~vy$w1#;OC=xdYV>g`hHI-2ooc< zQ(1n}SJApqg}&%V7_X%EwJR0-SoJli75flq=pP1Vd5^UC;rU(7kNDl+bTE6dB?DAF zPdu!|zB=&fg5QOlLCz0x-XV_NX|-7d}a%;k4k5c7XIqfY=jrEd1iY4^GEUWb8=TG`a)xIba!9hjOHg- z%?4agG7xjd@g82ytr?8qF`k%Dy;%9?4-q{!tFhEAPr85k56- znIVhpJ-_ZBsLGX;&28zmLt`M>Up_Y`qRj^~inf5<16u|HcfEyuBtD*mj@V+P5&`sN zIshT3IMmhm1Qz8d!T==V8mq#FJcd_y#o>COkZm3#Y15wIz8Q^Ac=@8N&`E+ygPL-`03o{#^k0&mjqXPghJys-}i1JS*RXfdO44# z-DkSjE2cO}of2csq>-`Y1YWsG!V~LT>0)^w3o{U1-gq z8{<-3hF2+1J-v`87QV9TRi7Il6k`E00Ct!R#m5_z4go|hYGdwIkR;t}HYYz|r zH^AHh^7oHrN)c<{+u*RJr7bnLcuOe3c2Sw65f?C`OwhLC-8{LR(*o-PAjkaJ_!i4oIZkZfQfF{M3cw`W<8F74&Hl?$-Kcc%w%R-yFRDq62ATY$*pe3uADYs$ zGm`j08@wPMAIQDF36kD{|1k;p4;qWMw8f%{?>{oPmc}_?1zcNi?K|ca-Z@uIv09k7 zHxc8dA=SR2dsA!Iwe-zaPtwCgrg2EdAFBxTHtMOS@k7c;Mxg7Z#`Q!_-)8n%)8&@_YV~X{Y?x3L$e1#rJ2E0_ zl#9{H!>CW#pNT+cqs%PSlpTRT38KV{}2&5-FDZftiS0aThutiFhik zHpZJi9Fr|J`&<^JU4Wyu%&Sgk8o52Zu48FOje5_}m*Xj=UNf%;MkiKk0Wtd75V?T& zA$0JnodaB!3Wr9CUrlW-m6WWp=_3Q@jY5*c6>nm#0_64NwfZ?rK>I9K+x(_B5Di-Y zJh!D;j|`sjCb6q>aq=1D#*A!g`__+}(q_ps7VQLh+knlSJA>$RrLR06_z!~o2dTr} zD(JRvn=?4?0OSQRt6>4Gfb(*#AyRi z26%N#<<2K9ZAr8N7lj99OLaQHWro$dlehk<3{miI3XC5Ld@N!EU`U5;-Va`FoFvj8 zh)({eU{{}tg^6E^{!UA5?VbFE_TW=J834?0rbm67(!3wj;|PpYZ(h zzp6>(rUdDf_~4@fPsMc8^y?GANgui;7BOG{)~YuD?JrvC|7w#F3TMk}1ZpEKtKr47 z)YqVLEEU#a)>y#O+EkUYzO9v(^^9``88@oS%dgI@@FP4F`w-pEISGMK^Lj=o)b`qB z!>SRdRwV45kOdBuKj98VX~$ODoeQ(-ypFrbC&zgYK`3KaC5==er^%A9K*GN{iXO#l zw_86H4q`Q(!yFsK`|DbZzI|c=+G4Mf>;du^JGLypc{G&ackk=6E4hBCwCkn-o6a%) z38hPXO*VT|G^-+qzA-Lk5izUY>BFfN@61;*2%m4`(_$z1{Ty@sBLpQycOvnb1?$fi z&!^@u(O9=cx0s0HU|o5D$P`TSJRQzoMuFCbBRiUyH8jY$*zlgY)zWovx|jTstAkz6 z*Q|k6X<&rqHzc7l#)R;_6j)g2HUJ%ZWb(|Erl;*AmNgsz_ostVfTMONUqzplWzR2h z#J!&DOC*Wc_x%Jzcm18-b#N(QW9xYpd3CLXEH9BcZ~o^!-I#^8lxXN$^HmWB#faNwtO$EGBlt?7pZOk#c0LzVSRNK+=!(hVJ?wH)5Os@ltF znogU|s?a3`_2pV|HcpI&7|um!qyAKfm=CB<3CA9li(I{2(Ao%UO~n)Ad^fQw$H08F z9gh9Cp)g%lLWl>w=dwjTItbXhq^sgjKo9y%D72jvKN2X9!~6q!42GO~hnk-E;Qxwm z-3|ip-!*f7XRoVnUQlY=nQXB&(>@WhF|5%m0}eJ+i`!UUF8p(CC*4)vK)M4}r>YIm zy6DqL$pK8}iKz@tSpqNyCY@XKv{1rrYYatC1>EDLEVuK1nd)_&9Hi`ZbBRp`+Pw2N z+Or07^LFJLPGCB`L+_oILHqm0_AOI64}XyceEkk!LWeyC-87pqkX)yj5I=)hVI$tl zCQdic6)fdAk}9V*|M33XDjQgc$>3B^OW<)g3VL&S;5sd0NVZ>I7qwO=+S!{J@$KH> zB}b*@wB~tVK0bs7h=*9@SRS^&$%42gVIfgOAJpmJ=9MCU&0@{01pfe!?(tQB;F^iQ z1P-fs+LIQ-_H>qcnvo}Y`9FCc*#un2cj#|J!uifj-{izspWDvos+gl&ExO*Rsc$XD z=!~w@HQ}o-U^456PYu($J56cfJ@ugfEIyk%FZx&VyO0|zB8&ImD$|++=-;pj-}2$| zeC(F1hA7J9&vLYI$y_Cg?B(|F-*@sa>3vrIU*4}YFcM>lXU3zg=K*UL#a*pwl)3Tt zp-U?0=eH-7mhKM_z6wvEXKLmJEr0gZ99bQa&((2q8v(c5>-D^lpswJfxKi>YNbPyE zxM|l{>3$DXgN_Vs(?*Tp`YjFH?-@MHMoiM*QD*VY$1?6&FuzkJR z*FwgmJs0=ohMKcA`8$s*`cdibrLLTzk^*Y(Ro=3DahItLIj(P4NgK~-G7{?3M$V2C=JQ=}Dl zzb5*yi`o#)hOA}r`00T(xKXL+{5{~o;>3z#izv#LYfffo22wAlL6@!SnB}z`=C;oPS`&uDVUg*xUJGB_jA~+)D{b{^J&HHmJDfX9hmDJC|qPhxG z@Tsz5<)yNfd&VG(c9y!5P_Cq%6kW4v+HP;|Idj}KW3q21$8*BLstw8v{stM2eD+u3 zm2ZxxF%!r5Il*N2#|d4g{7;PyfHo?JkB?Mj-%n`{zR36P@%19|__1k!fzDZizcmeO z14@lYJcNG)udKae1H+ny2C+_jiCiB$3#5rOQ_;uj;r9_p&@p>_?dcU-%|jh|fz{OU z4A8T>Pyd)mLV)QNWV4<2Du@wwa%eJ4Z?+PyF?5v{m9THPvPIDNv&x8YkEA9#K6&kG zS}3hvToSf2qj&r|WobVnRMsF8tQSX z?!tvTKkVN7qW9MRpG+?3zYBZgqWa6_uOa(KU+Vwj$_>`P^!!Qbn-dk$7r8&7T>iS) zu755>W5=!?zv{o-?eOEv-R}2#tP<_UWmE-O2y8GT*b$RKn`=SVDW(1r;P`ft?=DnG zqb8~(3OkobR>G6#h!v8dc~rlM^-%9~_7#>!$QrrLC1IA8j%W&Xgz#qQ z>0wY7zgbO9<)M*Zri8o3cDIzzoY=PRm!fV@vhT(dh}H&2mJ&?i z=*Yv5C-;addxFwr2}Ui!#3}8`2dfGnl1k507_#qsKUmSUArCdc6|yZL8E*Nd_zw++x(e`^W8Sz+j5D-z)K1`nofgblmhX084u z)7lBnk3?pu`;n#`61iuy}_=SzEhC;FGmD)WX@Wf>E>dfCGrAA$!3%rKka+ z)^49APjv{HjL18M)fcTmF~aayaPaPMh3rurVrIer4}LlGf+E3m7lCh#k4%ByFJfIx zY|8gc4;g)7&c-ZsyeRI-W>wd0_rTm0dQNpC0L)leN<%{2#b!?@vhoEFj_6Okt&$@4 z6}U>zGBw_p1rq=2+E(L3h4uyu9!nFpONpP^#)%mbbLbo*1{I`wRtXbhEC_a@KGIla z6t)Qem4DoyYTj!eFS}#!Z#vST9#UQ5C*2Sm8}iW9%b1!XR=VWl2v0gz9GDQnbQrzS zQ1?OQ*GWTO>E893-|61pVS z?V8tz&Cj6qXgv5yiwM8L>~f9#C=cAYWMWaC*kM$?>8O$6J_~00H z^S5)BlWV+B?bz(d@ zA`!a*AwP+oJ}9v2;47Sda}w~6bXX`TUm%-jE!$R$*#dVuaR`oo;~bd%}xy!{_r{(L_kXv9N}^YGU5v9E_il zzEV>dq@H%Uw#~OeRF+C&C$XY&{MO`q-t*54TrLZ9`u2Hi~l4Ouw3qC{Aua;T-oN2?e-!&FJvZ} zj``phpiwzzd5hr)U5rQ9zRXS?Jm5V{Nqm%J1@;xVLojt-@^{Ulj(iW5qO+0)5GxDH z&@N50vd++3w4G;_I#&Q$eH_IQ! zTF&R3230E0DU|<3fa=75p1iy)C==f>Rm}S_FQNWsX%u;G*lR@gJXYs#><#37coxN$ zKAL_ZXTYwp5(%Kyg?v^pQul1<0_)Sh#DT6qg}Rb~WdH@ea?XQw0PW41ZJ*-VFruL+ z))L}OK_NM1^OgO#_BMJN2fa4sW*%d(?B$F3Q9{;6lHRk7G;>a~){(NETJDfft5@!NW7jtMM>M2n z;e<$Iu~GRTBXU(x49-Y%v+qWJn*3vRTVNv&-q*bNdl-L2*4w*8w1@sONawrC(PxY1M1k(?lZ^{AxW{(lT&A=<)=Y z3r}kdYs;32aQND_ezZ_)9>2QF#WAEhO3()!oToJ1imnji$!`shs9cr~zGKWlC`5Vd z(1UkDma_Q_&5^9`*m*;KOQ#ED*cV?L+#CsIdy18~t?ngvDii ze_4pD&$_rN(M|GhmNcG)@=U2+j|%WpMSEE;DYU3%D(QI zO71#FY8Z$US-RXanRC---uW@OM0vzHUlP__cQJg^x&;&r*BU}zvmFQcSZ(2S(f@Y4cki(4YyaQiw3HxoWU_o&}XndCD7q#8(b83;hh<$i&(jr z@dKC9-!{tn6xDufTB=m*-R+2<>7wVco|k!tLBCmUUjN#c)iG4us{Yge zPOm;}`tj>H1dr+t|19Ohu+FJgxD`*Kr3Zy~)crvqS^HIF{}7;R`8{wy=kO=tg2-OG4{SGub_ z&yHqS-e6SknwFLE$yw!ddgKb~fdKy_nt(HcqMPkPL+2q07o+?uf)EGq{c-B+P*~11 z4CQ-sv^8TSp#Zmoz;4{R((7V?Yf!z@1xb$%s$9D~h|gJOJT|R1UXx{C>9QQ2yT}l2 z{`l>f(*1%vBk!XwY=gz@<@M53HQHcc+lWaw3sY=-QQD=luv>u+tEr&bN9%EQOMf-v zbVi=6p5(ozjEls2>j^X)E7Y6A-{(Qy_71o|9o9k?EvGz{NGNMv#W1$#3eqI)woY`j z={qRqVfZbhvc=sdl$w+YP;$e8RJ~dcVfNuA6ke@SuGW{OWtj?zXiQ)CoKUVFVo4I3 z+IUAd<2Lq{_u=2XzRjA8`iGQx5n%PP9~c**T|E^Izd8JO9J@xic@oFs501T)cHQ>|IgI6flj**e>s9j;J4vjoQxCAY6$x=b1y^ zMS5%G4rpLMSx)KX{;la&muMO;rPOAA_R=QkQ)(zJf5z@@fw8$5YPp&`t}eIvsr+48 zLUV~4VjUQm+sm(-1EQ08)>~3)al@C*Kbzt z;-qbb20f%QYL0U6iJWB6) z!0vXrm;3xJozi{vz>SDhha*UT9?=(ArDPv(LBjfjJlN6VrO1@k=eN$l2~IuF$IVMO z8o}>3EERS#`0C$EKXpD8_;5%L+g83p%=*$|mF9b69Zvx$$$)8I><1`PYLe#me;l2A zT+(Oz$Lne3v!{dG+-7D%Ok{=kv*UhX`&Wx3?fl$ek1i znZEC?X{S!{Zf8p}NXYI#1`kgq|wZttg zy8gA_$E<8~x4;#Kt%p9Pw8k7rSxR`+HpT*jz|Wp#A>>boB6;u2O0U3a-L`E7N>65- zFIGP4_j_PtRIU3iRX>U?xQ;y-kt)5*vGs9t81&=B<);smuH)3}I&Tc`<7D%G&VO>F z?RTqIz!_3WgG)-lAbN|bd&BFUz0WL6K+uv!?Bm}U+;kbINT`xS>u>FMmIKK6gC}D2 zyK%R=QbXVQ=W@r0#t-DxMwP>=qr&h`Ol%GPN^&wB!&h!mm(bctL0Rt7zU@hpCk}<| z2Z;?siN$rqw#Fv-;(55}s^&@BQ|Fok)Saj?GH27OmxO~8_xxdFPaw@>cEmR~>`yw* z-OGVgw=l*NW^qZWr57kl!}$~^+7}Qt_g}nWZbBs*v$@7)ay-pEZnIs!V@Cc+JYJUR zaG)?(a7XzB5zC+EdiB^vSVS;K2uxq4$BN+&$K9H5fr+j+KK*Z8paXD2Z0#9}WOxiw zXuOR4yWV{{uNMZMYX!}*@Swpq$otC<_Rp=x%6#2-Cf8iE+}Xdx>REn=oEHsDq+6GB zk_BzVA$z-Y?A!!9wi;4BGofx{q`xYnegUjz!eX38pX^N>SBoh zB=vH*I)U6MU~vq?oSAwX!&Fg_%12gdx#ox(3=bF?8nYtDf1#!}70s^klz&sAC4ffm zo)%V^oe2tO|B?OGsikAuj!T&W<{AiW({g)SH4}};JC84FZ;rDnD8+tUALD}tscEM7 zMG-q4G8I90u%r4Q@3-~O?DrSCK6879{WXi87-8||1>t%#3u6&*1om5qO=-tF(o(1@ z3;aH?5>&V9giUD)o&GgtB24UAEdMXvNX?#{MVNvBi_49hTFRE5%Enm~$kBvqVtaqL zSQJ}?t0aN8-zBcs{+_TqX|4nbTz=c)VI`?L9zew?PDCiH>Dh=^Ub`iax`v#EC|MHqGyvZwRY=a?h~1#imrSmTwovq@`=?=K zM9!wphpopbyNzJP2u1AZZ5W_aaMg1tx#^ihy zKMM=^UDtn@Cu;$GnyD!GTG9@+=QIDEGB}Uq5>t|ncyh`#Z(z-)KLV-eK$L{$6H8vo znAnqWNyqnboNUI4`%QHP>yi2Catn%ORrhvPkRR$Iv166>Zhl5fLB=6U4p6Y0;z5GW zRKtx@;s09j)6;@1?aLzlOI8PNx&!LBkl?qV_y90{ATl%>lR%Va8ew2G)4U>`1!n4A zJ`1F>u9MepkzX3L5VII4)K&^H8na6FpdnWz0vM|ZmM&+5zKbO^>j`EGmuzeys1;)n z;}{XXdI$ej^v}Qv$oOn)dPOZWFdjH9)LX`sP#4%ahA4(EVlxBPz_pEx_fz`I5M#A@ zb@qm! zYkebYkYE^uo0!5id*c81WoGR@-4ec3nq@kF!m7WVt=vym>?i)iEO7oHm}dXeZi;;= zv*R<3>-4K4(65FqtDs>oed$kePlX=p;_zuFa$^T<&}S}h|0dn=-IS7Cb}6+*R7d!3 z41b9+c4Nqi+FkQ3t`BGj8n{D0&7sC-Jmbtq-GnS*o_bA4aDz{tp~fD9>T>`#PuPF)JP;{r^7&#H#4etpwa=B)*4cBxTt5Yx z-;qJ?Iylho@|NeO&NFgwyck0c6PbBt1<<_4HuP=y{m#_KVBPSUq#(dI?gglkM;%Oo z4eE2v+qT%b2;ue{>fu20xjk&t@QN!42HhRb;9KBH@6-fx7T1QEN&5w&?oQFH+2LF{ z^cShYbJ77YNXtzkx43x)%5I^0{_5kKW<8~0K;>nj2Vshco0?6F#0=%Wy#veiT&w>P z*i5!er3sp!b=9VEa@U=Ryh)(p6|fuo^**BQ`vz@ULuaneG8PcoKvryk0L5-VhIX>Z zI7t;Av}CC_(6POufePFAJcda{TvpeAbnmoP!7f+nQ+4$!pf|d0v}my#kOId zz4(gOM(Ohjj!scwUT^1C4)QIrRj+5r_3f)tT}GOs>&VwAUg>M^nlBdvUE~Y@b_ZoW zof0<^3pw4Zq92#XJVmHkkl*A$0P`n*`YcWKBh#m>wKJ(*v%h-CH=y8)=|9zl5rZg* zIiP6!T;c1ST0voa- z%8ox5o;l8+DOH`#tvUh!PfK+2r?41EV|X8_#be&jJxY&*8g*TH%VUx8FUjp9+!0-* z81DKL(K~-Qp%Qxv4#4ooCmy02ub>WnKU3Y_=v=s+dyb0sfD9c*IruCGjDDR_9X(mU z&liAi(MOS0QE2$Y`|G9KVgJRfU-0bx|Hng>YZcAO@P6ZU%f29k#bcsGo}Jx4T8>nL zLev7$x5)7z<70sCF|o+>sfdmx0db3g@}Hg?kHc4wqZuEbI$_S?du?-jq1zZ=;{WO4 zM;!Z9WShJRD6n+Ti3<&;CCi(2#xjo-;;Y9g#zn?F#AC|D!rlnKR<@n#2%@8G&XU?{}63VHze0M%5=)mlSjC^ofI z7HwC4OxM|vvkqCXf_wx{C##1Zsxr1N7gXxvnWXf%I@4-X78zkhc=#u+skHhTcExWz zPQEMLI1J*#oB;DVKj;@Dmy5aI5>;ou+dSzzJ#UMeU{AL8g;WR3vL%T9VHdbohEy9| zebor(^7gT&0J)7qfxJnNE*h#s$wS*1 zy1OgB1hv7bMEGB&@hr?0v;XV}?|*AKUjQH1^lENvU4V@93mZ#?2bEXfXet;>we%%+ z(iWhw`;xM43%+kS?V4EuH?hzRk?6qpGX;pJ03PW|Ea#UW;hOA!AReAAVd}1*cE@XL zLyz^0(K7B}{{)=>XG(U%++mgyu(o}hLGaDJOiK*62)@p5vDj}>F=(0uQ1xYl8k|rw zOS`PZU7(9AR>2z6_X_RIRg8aIk>S(4GKkHMT=@+{rGb+gC|AJZz-gBtjDUz+&Ak!O zp^V7khh1yapN2p|nlZ$qxwOYfG_8>hZt~YV8AtUoyU;4oZhzBWeOrTH-?tkmXmRI& z=PdO83g*Oe{nKEqyd|7m)TAJvRc)!Wt}myb5V|IP49eA{XTl7hD6MUBw&to(?QEF? z56vO4E8ZL!JQ!W2wpYnb8x6Zl# zC6TZ{F?PqV2~QFv9eBwsso~t`k8dJ&y%yD4yrr-DX$1ZYw@SZvfwc70Ib~jG;Eb;LLyG;$@W~1BQ|*2uZoAq=@OSZHw{5^JmFzPf zY;Rp-F#e>=!Ek$|q?0qruHt?9vFGJ44(Xgn&#Yf#M;jhyE!3suuUri$ZOl*TNsK7+ zQpNg=T}xT|{JYmc)pasX0s`gtahnR6zMm`j`3O0!=2)G3e!A25aQ^TZrw%ag#>^gy z4&VXUH*Q3tgNFw_9Y}8%6|aRp5J$TxVEzw&(OaK11Ackv?h= zJMsPd{&uUFr;Bq;Nbd!EWeb{UoDBCrpT ze?gj*x7>#9lOY8E1-GUY@+SGWO#Ehh=G1$MUq&t1r{_6jEes^e4C? zpa(-3mRg-alZx-mL$cSlLS_07laIbChRo#uNn6pCD0gFrm`gSnwkY?hRzZQ3^$f4Y zluDw>px-Qd>p36&6QrW< zeb5%wc=32;{98%3RU%AK+le@}XQ<1D^j%l=UcDvf)Kk@chd3kv?^REMTasimg@NIy zXW6MoIExaTB+2>~CaiJ-7wkRs#QkwmHh1CdER>FUmGd20Ei1a$zBt40+Jr&q&Ou5% zwLK`#eK3_IqohtDlY_)JDCO_V4H)=c)H?GE#0e&PD>g4b&B5(Nv-(Bemy(wchrgTK ztAW~k`(a6~{7p;*WOn*5-YRrHYPY_OO>d6EzDtS8Na4iMD5cR0kr14}yVCc*_*{M6 z1HU=v!klwAg^T;9`~?o`Do64xyc!{#`B4^lF9kpS3096Yk!kys1F@g-HkDQh?a1z{ z)bB4?0!NA`YfHo@^C#FBpqD&C;Dc9oyb_$T#44gP5*-!_tr9+KfBXXbcZlFt*%t2K z}Eo6o%R*1+>%I$x8L~ zZvVOM+>qrB@8saU{JM?Fa}vkVFnD<+%Mlv5u*&xu{8}w&l1T|mQ?ci_8kj-iH&buR zFj>5QtzF#7ltfDUT4b?2n!2(e2^>c_`MK{!eQtvwyOPv(!CR5PbJhyiEB7fKpgeGk z+g(r-`z|Vfj0v+}S$gvqD<8~p(%m24kdjDh>qS^IMJKW9yIyrMRyRE(>gpdN`H|&) zb%VCa#oD102aUK zQ+JOC9CF*}WdHYaOVsA`77_|~erble(~Y>Jk{F#VW|exJ!!r7h>KbdR$-=8i0OmaZ z1Nf{%oSL4!(gtIeO46WV#fOcLER*&td^;h&_hPR4F0M4?0{>Q+mA6%-cvQabLL5|j z?o&(N@CI&wN%<-rIc;r88qB^#Ml!`)>I%~9XG`yCP`@yrgdD02{v6EN7G31kHVGQG zNJX*}^N7$+IS!HtSTDjgJ|Y`XJ?Q&MpIr&P(RLds(zIvbMRaBOiY!k1jJUoK$PUxTPMp~pYcn@(cVn=HN=^Ze)_<2iJ^0V z1g=h^T)|n+#-No~e7DCmV^}U}VTAYdS~h;G=JLlU-QwC*LhV%rGTFjE@O0gu99)o z_X+u9PIU#liBtUKwoUk4{uFf+qDSzl!!gMHcdJIwGHb0L7CVPXx{Rv3S3<-mEurcn zg|U}Xx49)RDYx{$M-sl!svqdQV*1LWro9&=R!RQ4E56cr(yHm^_|+I?In?x~+UVCd z^pB-c0|m#?mCaGylvx0JD8@o~EG(}ADGrTM~H#uFD_@=yJVvFe|M1wWMI6x2So;Sa&RmC?{`5xr9bUYkw0AoEdH!2(o+D{YI zqfZLj^z>t>qJ!0v;FJaKgc!W)*m&NG>i|)egH=Iz?mFC;?c;tnd%`Xx1hKB>ncn$BQL&c7{vI|%0qV;a z#!6+q-4(kb2{!d_S1Y6JGqxhsR70I8=jmc@AZIcr^c_h%@>i&JF|K+~Ek5oI92}Uy z8UO1vo8sJKNkpI3%=mI zebDlPR(m~-r@Ut#HePOPv1&7RSEn9l2Dh5#E$wt#e!BzncTD3b`4)QOnUs7t0q(vBSADmWy=}LL zJmX)~W0AFe(GE#-%_KMeW7Ui}O~DCaOAD>5KDGKrLVp% zBmuIriWF^AZV4A)X& zAZOlPjJC7)qg%D#%PN#e_7E#eU+om>EWcfZB zLGcg4!x3*#@4z=#_!jDkJ-R~kl>e9TWW!ci)e2AlHRF`y_V$%IN{gX)nPDUL|W6Z`nhEfZ~CCw!pzD?HcV{H z7|3n&CY`DG1tjilbmH0`Q8ry`@z(vm2Y#t(s^6=G|&KH@{`!U|mr#BS+WMMzb$2t648=+183DjTyKtTpgR4zxXM+R?5m-L$F@I%a}K5?=BXi|I!|yu{Fvw zxnlP)T(6kcx`|HT;4gsVVY?;06w_OJ8y`4zY~dwL^*-m_pEdYmH=~`;3+ql!>`Ai6 z<8bcf{5*kNSE?I{ZOl6z%&X+>6vYgRy}?2#gT1uZu6(7_R?&tL-d`Eky>sQ?Ed8hm z`g?1>lw;d^qY0YlCSv{3z`L7run6N_E*WM;AAv8}c&c9Yq-{9{S;3!JeJWJ_iI?Aa zD~@{|hDn|J>L6mz)CG?(`N!)m%F)mJk`Y@U6{c8fX6eFaNq2r>>Q;4sc|uUbZe-7P zo;1yHcOKe|uwhel(a>}tC^M^%=H!xE?ll)wL|v|6z;3G>(+hj@ zvrpWMCT0EPK%MUJ9Ykp+`#sKE_`AKr@8XcVhq6+R{r({Nin^4PzY!wVNFPJUm&T9j zpombPe6QPWz>;{*xZ+}*rP41PaxBZo2?*7tcRnA&+>3JPCmudX@s!$8 z&ENIp?h1!I2R+XEo77^8y(XdCa@GHW?&00S)NHKv%MUGYu{ag#FWrc>*|TtvYKw9h zEwi)s$DS-mQanAOSDhE0?|V~3!$PN=u<->|hfjq)EAwl~-;hwW6lCH?-y;)S64|FJ zAHemcx&H4ENs#kWS<>yan_ftNL~B-%Rx|Mgo?(Z>O9O;Zeesaz;=VD^I;A%u0y6Y+ zJiadZUwCp2QcPuIUU`QF@gsdMcTMe)aNn$vcBj@)BnnEs4=(=OPkD$iFwcATePV1w zMEa;YKlt54udyg)%e|%okGb`<@d^dn<0S1?{`Eq_!q%lzzxf2PiCYYOg`zb@a_vgf z-KJV_S@J=#Ap4}f8~xjO#PiY>uhv^ylKt;{QjS^D3XXOYPlxIn-R#L;bt6d5-SG{Q z6cBl8$9>$DrbpJTZV8CzdBG$38$Pr8sFQ zPiPchK8-UDJAiP{@`rLti8-~LMCLke6kLB>jWFJ#jFm8SL2-flZ;}0!!KyM!%r#nj zK2gy3!aAXa{cF+GOWFG76O`SWdcuLJ!T&(6jkUO&(@WUJ?Td)G+di)*moYp&yW?-Y zSJlc_Zn{#3V1A)2zWG*rRZGYYN(A}orgGFX(netj5cLQW7HSvt+xKtU&T)3e6*XcH zx?1PEz{3wYUSLmkQ>;2=YeQCCZfLh;c*wRkf1`TJR_|-$k$mX$S)69!7&k6!t8V<; zRCfHu=@v+@{8Acz;TfYhsfe2>16hg|+IZYWuzKbgH}S|)DRF~61LrBQ%TJ#TYX60x zzMF`r6r@c*sdh;?+q`eh&gfP06DVm3_|{KV8q{7x^u=ayAL1^%Q4KPhds#rr;QuUK zPtJMvxW|o7`Qf3%r6io%s#b47{e*9$!yMaBk336gaUShh3e}&Y?FYn6M?lgneG0PC zg|@17qWzhT{DgWF7$X*Ha=k*yZ+%;uzVwK%XbV0EsoKAEC{+CmVbCko^b1zd_dh~c zn(@o_)8zNwN+eA6gMWK#-xBhE6S%KcFw3B~4zan3KUy%tDbJ>F58f=@P(Hl8@yT8F z@U?t2*f?-Rg&g@&R^NN4n4sO-d;_oQG1LVYVlK~q*!%)ql14cP+E(|t@{B{ujt0ke z?k3LT6WsO4n|)&X+$6ba$|@^K^#v92IvOKf*sO=jFT-ytCI8!YfvKOF7$afl93D{` zJqM!>0f$}=3AYP$WAwpa;Q*z}-8u0N3-vyjmJd!exMZe%^J zG_f8){hn+x6;>uM=lbMxIKL9;-cC6GpeFwB2lQ;%{r%rJR*$slq`ZeOEpm&f0p~IC zDO%#2;OY5LQkN2L|0Li9Y&&R=)T@8{>nX@y-+aH@Ttr!d9bf>Jx$Z-heF}!F-ct06JZ*EwTvJUNBfw~{AJjyoQjxw5MJcf|vj3FO zZ0gb=44jEvy2txzl_Hnapz&cW6c7Q1MU5{%PX^tZA~eeP=vsb`Rk!#e&fq?BG^T%l ztgeua7+rMCEDIYxG02vEmg!76WKfW}Rq#SxShcn~Hh3ymqZu{+L|v0@^rp*q9!gU{ zzL>SrQy$>9b7nd%!0-j(&>vM%Q&gdVb!sQLF1g~Yx8zUp?10AMD6@l^xsadc?WZcE zm)CUALth^@*5Y?yIcs8piBk7xW7y&HGt$ks{wupPatF5hH?^&EZCK)dZ1w08A{X{3 z>jGOhIfuvu(APOFgqAHlqjz<3s~ze}w>z&MD+F(FTV7wT-cLbn!l%xcSS{JrLZO + +Want to snap a quick pic? Press the volume up and volume down buttons at the same time. [Where are the buttons?](https://support.microsoft.com/help/12649/hololens-whats-in-the-box) + +## Take a video + +Use the bloom gesture to go to **Start**, then select **Video**. Use gaze to position the video frame, then air tap to start recording. To stop recording, use bloom once. The video will be saved to your collection in the Photos app. + +To start recording more quickly, press and hold the volume up and volume down buttons simultaneously until a 3-second countdown begins. To stop recording, tap both buttons. + +> [!TIP] +> You can always have Cortana take a photo or a video for you. Just say "Hey Cortana, take a photo" or "Hey Cortana, take a video." [What else can I say to Cortana?](hololens-cortana.md) + +[Take + share photos and video with Mixed reality capture](https://docs.microsoft.com/en-us/windows/mixed-reality/mixed-reality-capture) + +[Find and view your photos](https://docs.microsoft.com/en-us/windows/mixed-reality/see-your-photos) diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index dfe9539b1b..5be69e50cf 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -2,9 +2,8 @@ title: Cortana on HoloLens description: Cortana can help you do all kinds of things on your HoloLens ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed -ms.reviewer: jarrettrenshaw -ms.date: 07/01/2019 -manager: v-miegge +ms.date: 08/14/2019 +manager: jarrettrenshaw keywords: hololens ms.prod: hololens ms.sitesec: library @@ -14,14 +13,52 @@ ms.topic: article ms.localizationpriority: medium --- -# Cortana on HoloLens +# Use your voice with HoloLens + +You can use your voice to do many of the same things you do with gestures on HoloLens, like taking a quick photo or opening an app. + +## Voice commands + +Get around HoloLens faster with these basic commands. If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use the following built-in voice commands. + +**Select**. Use this instead of air tap. Gaze at a hologram, then say "Select." + +**Go to start**. Say "Go to Start" anytime to bring up the **Start** menu. Or when you're in an immersive app, say "Go to Start" to get to the quick actions menu. + +**Move this**. Instead of air tapping and dragging an app, say "Move this" and use gaze to move it. + +**Face me**. Gaze at a hologram, and then say "Face me" to turn it your way. + +**Bigger/Smaller**. Gaze at a hologram, and then say "Bigger" or "Smaller" to resize it. + +Many buttons and other elements on HoloLens also respond to your voice—for example, **Adjust** and **Close** on the app bar. To find out if a button is voice-enabled, rest your gaze on it for a moment. If it is, you'll see a voice tip. + +## Dictation mode + +Tired of typing? Switch to dictation mode any time the holographic keyboard is active. Select the microphone icon to get started, or say "Start dictating." To stop dictating, select **Done** or say "Stop dictating." To delete what you just dictated, say "Delete that." + +> [!NOTE] +> You need an Internet connection to use dictation mode. + +HoloLens dictation uses explicit punctuation, meaning that you say the name of the punctuation you want to use. For instance, you might say "Hey **comma** what are you up to **question mark**." + +Here are the punctuation keywords you can use: + +- Period, comma, question mark, exclamation point/exclamation mark +- New line/new paragraph +- Semicolon, colon +- Open quote(s), close quote(s) +- Hashtag, smiley/smiley face, frowny, winky +- Dollar, percent + +Sometimes it's helpful to spell out things like email addresses. For instance, to dictate example@outlook.com, you'd say "E X A M P L E at outlook dot com." + +## Do more with Cortana Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. To get her attention, select Cortana on Start or say "Hey Cortana" anytime. ![Hey Cortana!](images/cortana-on-hololens.png) -## What do I say to Cortana - Here are some things you can try saying (remember to say "Hey Cortana" first): - What can I say? @@ -44,6 +81,7 @@ Here are some things you can try saying (remember to say "Hey Cortana" first): - Tell me a joke. >[!NOTE] +> >- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English only, and the Cortana experience may vary among regions. >- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the All apps list, select Cortana > Settings. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. >- If Cortana isn't responding to "Hey Cortana," go to Cortana's settings and check to make sure she's on. diff --git a/devices/hololens/hololens-find-and-save-files.md b/devices/hololens/hololens-find-and-save-files.md index ba459eff13..e147ac2845 100644 --- a/devices/hololens/hololens-find-and-save-files.md +++ b/devices/hololens/hololens-find-and-save-files.md @@ -16,6 +16,9 @@ ms.localizationpriority: medium # Find and save files on HoloLens +Add content from [Find and save files](https://docs.microsoft.com/en-us/windows/mixed-reality/saving-and-finding-your-files) + + Files you create on HoloLens, including Office documents, photos, and videos, are saved to your HoloLens. To view and manage them, you can use the File Explorer app on HoloLens or File Explorer on your PC. To sync photos and other files to the cloud, use the OneDrive app on HoloLens. ## View files on HoloLens diff --git a/devices/hololens/hololens-start.md b/devices/hololens/hololens-start.md new file mode 100644 index 0000000000..1e8b575f0f --- /dev/null +++ b/devices/hololens/hololens-start.md @@ -0,0 +1,57 @@ +--- +title: HoloLens (1st gen) first start +description: Go through the first start experience for HoloLens (1st gen). +ms.assetid: 0136188e-1305-43be-906e-151d70292e87 +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.date: 8/12/19 +manager: jarrettr +ms.topic: article +ms.localizationpriority: medium +--- + +# Set up HoloLens for the first time + +The first time you turn on your HoloLens, you'll be guided through calibrating your device, setting up your device, and signing in. This section walks through the HoloLens (1st gen) first start experience. + +In the next section, you'll learn how to work with HoloLens and interact with holograms. Skip ahead to [Get started with HoloLens (1st gen)](hololens-basic-usage.md) + +## Before you start + +Before you get started, make sure you have the following available: + +**A Wi-Fi connection**. You'll need to connect your HoloLens to a Wi-Fi network to set it up. The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. After setup, you can [use your device offline](hololens-offline.md). + +**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](http://account.microsoft.com) and set one up for free. + +**A safe, well-lit space with no tripping hazards**. [Health and safety info](http://go.microsoft.com/fwlink/p/?LinkId=746661). + +**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](https://support.microsoft.com/help/12632/hololens-fit-your-hololens). + +> [!NOTE] +> [Cortana](https://support.microsoft.com/help/12630/) is already on and ready to guide you the first time you use your HoloLens (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings.

    + +## Set up your HoloLens + +Set up your HoloLens and your user account. + +1. The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks. +1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**. + - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your organizational account. + 2. Accept privacy statement. + 3. Sign in using your Azure AD credentials. This may redirect to your organization's sign-in page. + 4. Continue with device setup. + - When you choose **I own it**, you sign in with a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your Microsoft account. + 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. +1. The device sets your time zone based on information obtained from the Wi-Fi network. +1. Follow the first-start guides to learn how to interact with holograms, control the HoloLens with your voice, and access the start menu. + +Congratulations! Setup is complete and you can begin using HoloLens. + +## Next steps + +> [!div class="nextstepaction"] +> [Get started with HoloLens (1st gen)](hololens-basic-usage.md) \ No newline at end of file From 3305a59949c4270978099fe54f0972b1f2644a1a Mon Sep 17 00:00:00 2001 From: Sarah Date: Wed, 14 Aug 2019 16:32:52 -0700 Subject: [PATCH 22/53] toc --- devices/hololens/TOC.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index ae780add6e..eede34c38a 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -32,12 +32,10 @@ ## [Use apps on HoloLens](hololens-use-apps.md) ## [Use HoloLens offline](hololens-offline.md) ## [Spaces on HoloLens](hololens-spaces-on-hololens.md) +## [How HoloLens stores data for spaces](hololens-spaces.md) # User/Access Management ## [Set up single application access](hololens-kiosk.md) -## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) -## [How HoloLens stores data for spaces](hololens-spaces.md) -## [Find and save files](hololens-find-and-save-files.md) # [Insider preview for Microsoft HoloLens](hololens-insider.md) # [Change history for Microsoft HoloLens documentation](change-history-hololens.md) From 11a12bb7546694302d172aba4fb1ba7b763ff060 Mon Sep 17 00:00:00 2001 From: Sarah Date: Wed, 14 Aug 2019 16:39:33 -0700 Subject: [PATCH 23/53] devices and accessories --- devices/hololens/TOC.md | 8 +++- .../hololens-clicker-restart-recover.md | 2 + devices/hololens/hololens-connect-devices.md | 46 +++++++++++++++++++ devices/hololens/hololens-network.md | 39 ++++++++++++++++ devices/hololens/hololens-offline.md | 3 ++ 5 files changed, 96 insertions(+), 2 deletions(-) create mode 100644 devices/hololens/hololens-connect-devices.md create mode 100644 devices/hololens/hololens-network.md diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index eede34c38a..097d6d4429 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -20,11 +20,15 @@ ## [Find and save files](hololens-find-and-save-files.md) ## [Create, share, and view photos and video](holographic-photos-and-video.md) +# Accessories and connectivity +## [Connect to Bluetooth and USB-C devices](hololens-connect-devices.md) +## [Restart or recover the HoloLens (1st gen) clicker](hololens-clicker-restart-recover.md) +## [Connect to a network](hololens-network.md) +## [Use HoloLens offline](hololens-offline.md) + # Device Management ## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) -## [Use the HoloLens Clicker](hololens-clicker.md) ## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) -## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md) # Application Management ## [Share HoloLens with multiple people](hololens-multiple-users.md) diff --git a/devices/hololens/hololens-clicker-restart-recover.md b/devices/hololens/hololens-clicker-restart-recover.md index 81c7ffc704..25e49740c9 100644 --- a/devices/hololens/hololens-clicker-restart-recover.md +++ b/devices/hololens/hololens-clicker-restart-recover.md @@ -16,6 +16,8 @@ ms.localizationpriority: medium # Restart or recover the HoloLens clicker +[Clicker recovery](https://support.microsoft.com/en-us/help/15555) + Here are some things to try if the HoloLens clicker is unresponsive or isn’t working well. ## Restart the clicker diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md new file mode 100644 index 0000000000..c702921e14 --- /dev/null +++ b/devices/hololens/hololens-connect-devices.md @@ -0,0 +1,46 @@ +--- +title: Connect to Bluetooth and USB-C devices +description: This guide walks through connecting to Bluetooth and USB-C devices and accessories. +ms.assetid: 01af0848-3b36-4c13-b797-f38ad3977e30 +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +manager: jarrettr +appliesto: +- HoloLens (1st gen) +- HoloLens 2 +--- + +# Connect devices and accessories + +## Pair Bluetooth devices + +Pair a Bluetooth mouse and keyboard with HoloLens, then use them to interact with holograms and to type anywhere you'd use the holographic keyboard. Pair the HoloLens [clicker](hololens-clicker.md) for a different way to interact with HoloLens. + +> [!NOTE] +> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported. [Learn more](http://go.microsoft.com/fwlink/p/?LinkId=746660). + +### Pair a Bluetooth keyboard or mouse + +1. Turn on your keyboard or mouse and make it discoverable. The way you make it discoverable depends on the device. Check the device or visit the manufacturer's website to learn how. + +1. Go to **Start**, then select **Settings**. +1. Select **Devices** and make sure Bluetooth is on. When you see the device name, select **Pair** and follow the instructions. + +### Pair the clicker + +1. Use the bloom gesture to go to **Start**, then select **Settings**. + +1. Select **Devices** and make sure Bluetooth is on. +1. Use the tip of a pen to press and hold the clicker's pairing button until the status light blinks white. Make sure to hold the button down until the light starts blinking. [Where's the pairing button?](hololens-clicker.md) +1. On the pairing screen, select **Clicker** > **Pair**. + +## Connect USB-C devices + +## Connect to Miracast + +> Applies to HoloLens 2 only. diff --git a/devices/hololens/hololens-network.md b/devices/hololens/hololens-network.md new file mode 100644 index 0000000000..a3082e1e7c --- /dev/null +++ b/devices/hololens/hololens-network.md @@ -0,0 +1,39 @@ +--- +title: Connect to a network +description: Connect to a wi-fi or ethernet network with HoloLens. +ms.assetid: 0895606e-96c0-491e-8b1c-52e56b00365d +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +ms.reviewer: +manager: jarrettr +appliesto: +- Hololens +- HoloLens (1st gen) +- HoloLens 2 +--- + +# Connect to a network + +You'll need to be connected to a network to do most things on your HoloLens. [What can I do offline](hololens-offline.md)? + +## Connecting for the first time + +The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks. + +## Connecting to Wi-Fi after setup + +1. Go to **Start**, then select **Settings**. + +1. _HoloLens (1st gen) only_ - Use your gaze to position the Settings app, then air tap to place it, or say "Place." + +1. Select **Network & Internet** > **Wi-Fi**. If you don't see your network, scroll down the list. + +1. Select a network > **Connect**. + +1. Type the network password if asked for one, then select **Next**. + +Also see [Connect to Wifi](https://docs.microsoft.com/en-us/windows/mixed-reality/connecting-to-wi-fi-on-hololens) \ No newline at end of file diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md index 49190e6907..7de0cc1381 100644 --- a/devices/hololens/hololens-offline.md +++ b/devices/hololens/hololens-offline.md @@ -16,6 +16,9 @@ ms.localizationpriority: medium # Use HoloLens offline +[Use offline](https://support.microsoft.com/en-us/help/12645) + + To set up HoloLens, you'll need to connect to a Wi-Fi network—the setup tutorial will show you how. ## HoloLens limitations From 341bc26804b2cd6b4f23fdc2ade49cdee438506f Mon Sep 17 00:00:00 2001 From: Sarah Date: Wed, 14 Aug 2019 16:40:50 -0700 Subject: [PATCH 24/53] devices and accessories --- devices/hololens/TOC.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 097d6d4429..fe85d293be 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -26,10 +26,6 @@ ## [Connect to a network](hololens-network.md) ## [Use HoloLens offline](hololens-offline.md) -# Device Management -## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) -## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) - # Application Management ## [Share HoloLens with multiple people](hololens-multiple-users.md) ## [Get apps for HoloLens](hololens-get-apps.md) @@ -38,6 +34,10 @@ ## [Spaces on HoloLens](hololens-spaces-on-hololens.md) ## [How HoloLens stores data for spaces](hololens-spaces.md) +# Recovery and troubleshooting +## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) +## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) + # User/Access Management ## [Set up single application access](hololens-kiosk.md) From c4f3c8df74786d2c55422822526c0d32fc1e3539 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Wed, 14 Aug 2019 17:19:27 -0700 Subject: [PATCH 25/53] CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081415474726 (#904) (#906) --- ...issues-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- ...d-issues-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- windows/release-information/status-windows-10-1507.yml | 2 ++ .../status-windows-10-1607-and-windows-server-2016.yml | 2 ++ windows/release-information/status-windows-10-1703.yml | 2 ++ windows/release-information/status-windows-10-1709.yml | 2 ++ windows/release-information/status-windows-10-1803.yml | 2 ++ .../status-windows-10-1809-and-windows-server-2019.yml | 2 ++ windows/release-information/status-windows-10-1903.yml | 6 ++++-- ...status-windows-7-and-windows-server-2008-r2-sp1.yml | 10 ++++++---- .../status-windows-8.1-and-windows-server-2012-r2.yml | 6 ++++-- .../status-windows-server-2008-sp2.yml | 2 ++ .../release-information/status-windows-server-2012.yml | 2 ++ 13 files changed, 34 insertions(+), 12 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 56fbefcd4d..6c32625e16 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -33,7 +33,7 @@ sections: text: "

    LHo1(t6U!_YPE&!2nxNqeh$Cj zU|IT=Gy+Q`TwC%KNI%q?OfjzJK}II-JbthWo2x@Kfa&s6Bwt(yA%twyQ~Kz#3%qX0 zg5C7QB_r7%!%-2WpDvnPDpWFttCr5f?&0i^8>4i%)*ICgF^A?|oz-{2=4Ge}DdtRy zbvPlEAp3wruM{z{_p+VLr_8>0{ILp3DO%#+ZKn8tJc+R`N31~zv!Stgv!`JdMD@q{ zElKWit75spmj(f2rI={`XfMn}7_IRm{;~KEdEN6DN79w94Q3<}kKW4p{9L`~7(pE? z6u~eum}5N>h*vuSo{)B)w|LdsO?#bBgI5uj{PPz@6F9lK!&4K7yCiTMSXMko{Wa#c%GEn@ z5EmAnIAjP_ifx5C>6KZEp};P2j9j~sAq_Q+>dm8!)f+6!6k}%dcel21Ey9sQk)YO; zn8%Jlw}p5cSg|0AagGw`P|&j_jIJCp}H_{EGbS&;`~rEupAwW*kTF5?w#>K zHfn#6St4!Q@TUU1tToKDxYv5Z2L%fhM2B}BhIA7^udMX>RcudUZ#J`!n zxAM6NzXT?l`{0IKENjCs76{ij;8#V*;480KX=WuPOM6GCS5u8X0wtYgR@w`5F)S5A zZdRoD85A2JMiPr>tU|{MGI5U=9_Y*_5g=Ww17r`1LUDsJ4Ihatvy5!K%NnGq2Z#hQ z(6A<|l+)-J;1c6QxVo3fF;7Osnxy81L09=pItKp%Wo(E|?b$p>Fm&K`ieo$-d~Gv4 zUGu|D0Sj&z7eNfoJgBL^gCxXuI6I6;waIRrbhtHQ$oy`2x8o7`E{YD1x_q}1c;wNnL$J}6n>E~Fi88TkU+Gj zi4AK9ASldRRlg72?(SZi@{a15qvv9*1Vnn*kLSzvESp68WNcYGVZem05;#trdj`2Z7gjl|{(;y-1 z`7CS3B8`W5b!Sx%WXOu)IISXuVAeMnn^-9nn(@8LkuZ&5EGRfI&M1e^8C>-Wh_PIZ zOt-nw6PuQGT8skmO=}12zMEHQYnm-J;X$6ma-ZrpNQHKTa$d62g`oM$guLMg0UM&N zvpDHx=;z0O+zvUveM1fP1?ar*w)zB!k94^6Y0)^{UH)J7g`nm;Nky|K_rnd3JKkQH z@rz7}5YkdIbB7Lv5azt3Lv6G~N4_NlUJM$9#U_LnK)2>Ht4VFGUn91?M~4P6wXrq{ zD|VcdP&J9Qer;lmnLlf}1AWp5%>Dvz*gZGF&gHHSN~9PRnp%hq?FM>9Uy?u>LkTf8vNTZm0z<_h z@MZ(&YT=4;(E+?F4{BOgZB&&vw5OTgqM@b;UJg7H=VmCP086^#%m}kV0tBdUSIb%% z%0VFx!=mEV3Mzgg4`zCA`4M;g)Mtrs?1Z_PU`{0xVZy77#TP3ULwgrAu*5uqW*8Mx zh?>F*q(B~;$KdKEmgR7%G0yR9Rc6yjD4Z?>(4~qryeUPlo4-i^7(rN@n=?1t(Nbd^Jl-a`d+8P!bECe5 zU<8s*{8%+@Nx?A8@M7_A^Saj*Sca+EmGL1AjzfzHpXGF|48F@xaSfKO4aFNJK=Ugg zWI&C9>OY5?Di%71OZnuHb{tk{^q;Px1ZK z;*Tq>3QaxflCWFjrMGkQKh%K=PXrtspzC!C{XX*AZOP^(sw>Fs3mu#427L# zN8rnG(;}kzYD6q-^_6X`X-#!p2ZU+Ta#_0(JwK?vYkNe%4S!_{2o{q`e8(@`RO`XhV&l6 zE_)GW4s0-g)5rMnbF*=bw*!C!A7Jznq$+sEnv@2g%|53?zu8!Ry!T5{oSJ5Ss>dWa3jbb8l+bU%M! zHIDFuJO*~`PSC|II|rxFVs7cSt*kruM7V?dXI-f{@>(>d8$uX<7 z;(X4I%0U?1?>9?pP*z?;Zz^^*Er&LiRzm`ymkOW`s!9h-a!F)Nxg9}`@NHS`%*u2b zYHKY(*P>|}92%IHwq`jg>E>zyRy$mjtDQyvDO_c1pmfEwFhlc==6nNo$WpanRx9D| zB)kqsw5;+^1kpb=2nYA^0FbfP2hY%yi#XYRme*oFMv$Q$Ov{mrfCS;RJf1Kz5h`Pt zFb$ms3S9e`7(ristNl$Op$l_xZsLv}^BY9&D6{|#$G+eAnTDP_HREa0$h*6j_F3xS zJ7mj7O2FaL7mlxL%u-J%+z)^|`ym2~#SN)K^U<;JpS?Dif9~OdviG0OWvd1r+Kz?d zX9Ix%H14r!Gmp3id`bV!Jd}o2p4QZ`(sbhy!U>#Cm%A*np#V8@La!cZUP2H?MQBTf zJ%dvnr94J6N=+*rV4N1nSR5gm->Np69C$vLZDC}wfA`XLi}1W$kfC{Hf)fTU6xzmh z^_F^WnIYG`)TSyCF!*INk6~~pnx(egYK0fT*vulB(85fO!t5?oa#>bT_^4S{)GY~- zFOq4oeuf9YF8!S{LwmW9Y3@-KLYA(vaTII9UHd0U8 zuuIc@J=8Sy(qOkCz5r6y)Y6gGe3V~E!Z1T50f0h9R>iG*F|84%80E9Iyir(vaTWQ) zEnECTnyC`LV&7oCo2x4&9K2fr{7!ppaF}$|4bsRiE%#GGK~y%)<0s$zc9_ow^`8yr zpC9P-hiHcL*>61tGy;pDH?sCAP0~p=c!7SeoojV3hT2DuO2%2GyJ!6=s%u%JPNhWE zQHS0J`iktR%ek${?YSZO6V?GPg!?W#%Xf?td%$#bYvZcYR$kcL}NEJRYeYD0d zioz(s<_d8NLn9?}sPxySH$?=Is0y++fEL~}HP))FXsa8Ep@vZ+j4sm)(zQ&}Sy3*S)c{Md{xtQXnf6XgKP92NOUTc{~^ag?mG!dmN4750UtfZEXK;-EksZ6VT9| zJAYcAK)ELTLTNnrlessPu2I-SRHu0$+Oo`-oNKhb!ei(Lc(!693@`LF466oAv%EM zihh@Ta}mLpaIY3#Up=Oa=saY>@+hi~?ZVV2J_DL;WEe(@DFPgFOF>Z0@ zSDI(g^y`d&uU$hEzW(eW&(^Ug|GxSX_$F$dy+u-uaML6wR_UfsT;v|Q*t}lPj8<=* zPpogHE>P+8>}xwZ*}BESi%_?4YFqxJ0WT5ll59(bBdVn%Re+JE%!hJJOGsem=?e9;T(Pk03TYtNsq3&$JBu+8OkFj*o z7EX~AHVHCxe@fWeiKukb?1P9$+rlAMogA{yZlH9*omp>aR0hvP)M9T8dA#kCMP!|V z$gkXUr{<0K4D!K#uW?)n?moTBSAAK!>~O`qp17P#jjrupG(DS~k>^}ii%sExxG|pF zA(2e|rC;RYtN)?nBWfYV2Pa;O4~dp1C*b$IDlN(!nxM>zUrE;9xm;9nGv~`M)?u%A zZ@26&##HDuv^;J2k7M?$j;~KU1CNY<&y8ZmTHrOH`)g(QUAM`jxC`9}580S8s zK{D!)<7c;i8tx^h#Niyoo0U6gLvna_&K;&4PRnGxPk`gK9J974yU})`4yad>sGA>Y z7Pl3y67-h+T&8Ee2c<1zmjJDhr4JYFc9K7M8O6?M;3u*8cw>uZ+v?fjw|3!cogPJ~ zr6uAFXgZC@b6wp!OHS80KSyS|%AMqh_|u37MDZt((`-U=6!JyAA4ofo0x+MGz1Q+R z38)h%rGEZ8Z#I}eix7PMME2sulINOtXjeE1^>oUsACu;FUvNkDuE<5>A6-jAf-B7@ zJ2W+K!A_H72*LtDbzi(*-mdJTbFLpo-j7*ATW{S_Iu|V+<{UPv`QWRa#hfmv(0oAF z68Z0JyNV+{@%;yqksq(WN4Ad8`gFRIu}%D5jFsE!L+c$|dx$7Y|83mU|B(Mk;l1&1 zGYmcF5tUuR%%~#wYDOoae70dNUvptuy4gDqe5~%lc8enDT+74G zWf1$yEGqeMpgirm!50adm>#%>z#3~|xf*in9AvlVOhfLfZB}`eMc>?I`WE?6KOf>% zA#dXm0xnM&&xI0_&uf&splNO7Rc8yF(XeFGXL`=Ot)E93E6Q6;->vEKHsoM|btd}- z`>*K|>h1EJVdJR+kk0EEWP|zup*Y>AnY;(5wj;EkXn8YTDgLpjDxEyDSa^RCBh(0v z;M^zWq^bWPFG|n8AS@t-bxWZ}4WhNP?S{pgL0GvtT*r}pd+em!wW&Gu_F}KUw;pnp zzSGtxTulBP(?6^{{+gEJ#<}-|j&P@NNTBz;1^&)Yw&0I5Hbl(*l!KfuFQ>X1`jbs= z>LEuedJ=3yw9q-sI7A4T#~y9lolruxlHSVU7a+GT+i`6Oo3~1-8zsSskN|awW-@!z z)I@Z8AbXru@9smQwfk|tE}GUKyUY1+N?lHhewhFjH&*>ny-Nr5>uewM((Ie~N&))G; zP86rJ&wCDf!C$pr!HoKG7ZDA?RP;UD8LxPm>qGFK6p^=_wR4kt{1B(@+_hMHP6guE zt*GUrmK$G5o15pkwV?5#SnQ>}oe|TdBLwzZv$dp+v(rfFjeJW0jE9Z{aD1++5x`3l zx+){|f_l@`=JzZtg1rU`T0#7Dv0zc~nB(I%8&IYGW9~Vp8#1(mQgDXx&i4iC#$s;A zrDs+N&-BSzn#$#+kAdb=$B3ZL;?x|9PnI#5d?hAQ)%2oNH#ybt)BTuuwlCHTDWKq3 z4k(}>brz%3hM?Q`Ad8ZNpZG}@w+x*sP>WzL7wV^%lY1zfSdCGt9ZUDz3t=TwJE-jW$ZzEdp9O07>f0~hUpNn=8lZiiF0_z$cQ(L2eU1o zID#netO>km!zwJ&)>_AHNZ zRQ1d3G4jwX;)j3{=rY9v12y0DH&-rbAdCRmrEjEB6+cfFpwjY3<^#*Td%FAw&u@^P zFP>@1BActTe~WN|&$qTDUEaY=ij_Qb1Ywo54Wl9XWsf}kDA=I?l{POrRbucQLS5f#tZQ;I36ip6`r9@+!3pNpKjLobJu#QE; zrY*r(GR_tCxMkXeAe<+Tm%iS)Bqm=oBKMy!HyoUbz-^~W!fv|xiCeF=?@fr5$h&9y z?!mo7hNDF5=>|jZw-9jg{%zCWdJcFn4HAswu8D_nAjFlcW z{@p*5zGghr_$9JJIj|r2Yk71}*@wXIo=`po`lQ#{jgJowpBx$gm;U#@Sl%SKdPh$* z_8;1Cwt8eLdlWdi2#y+f5>i#v>zzhCB>iTxK`LKb=rNXjel+{oOLgA=>1f1C(8sQZ4U&P(cg1J`pABF4xEVA$gep zZT(`cxn%8|2U+mD--<>jbEB?y|2tlBo%5{6-EE78`<1E{0eMe4Y*2p@RmEuE%?&U2 zQZ`Lp)7lk#G}+>o;t?a2CDv=XHG^bY+2EF`@|^cOsNP4qE#W-*2q(Dx_5-Dsr1P`c zg}JgLzUqpJbM=0<9#Z~zZ%F-k+-0{K%W6h`a(A2W;<}Q2u%K5v;XkE)SK<^I4M=4^vbUL~|YN;Hg|H%AwLU^DN>S)McoN;1LxMv@}pTO%V_f z``w@4KX7wDc-)Wo;d))y^Ag$19rc-ZEZPO2WChlO@EEY|1yz!M31K{L6;V>CN(e@O zX3#TW+WvkYcPud%GEWAloYFTLq+15X_CF5`{Bs0cl3;yNu;unuPZJ+nBXoMAa#b$J zc2}edXQ1Fj$qU>^RVRGeakW%36)G_#XQy&<#bGP$pdL9>jBf z?S9v?RQ^vSi2YY(sVIVFnJ~TmZ_;jjg43PF&9nr@*>Q{NVrnkRMtvlNZcetcSqe`V zx_v&h=Sr2B8Ph1amA+s4a*0SiPr}HGYc3Nt4CXcdkF;U$*dEv%>Z>jX)%jCT|!o**YK=_}L zlCC)6m1))N!543yLcEkaW~_Mz@K58bLgI8I1J_alpF#=})dU%M0waMQI#qA~l&KrO zARyS~?p#kN|Ad>o48^)UMU-92H8tSYO{_1VIA<7X?>z~Ya_wZ?};Y15yFr*(#C8r{H)Cp zb+2Kp-X9L84~~*x6yzWJYT^*KbqFz9{Q7wHPxR;2E*>#eCl&LW@e-S`+J`7sU?Zu~ z^RRlwe*l7n2E2v2q0}Qy^(w|znJ)ro5K{_0pmpU!4+4I;rd%$g{UGYBRin?aePkZ{ zxA9`+)c}n1r;3rSmf5z}>*?HADLG!?A?U7YmsTL@F#pTk|LJzZyoGRM-$#Lun+#3vG!8hat@RzK%FZ%ffF8gl9GW=Cpw8B=~YJ zGW(fHr$-VFdt_ZzTv2jB^)zh1P8r;}oALP2$H#}U)1y0+K45uHAA->CdB8R#WbM5A zFqJ?Zn$#_M+i`@wf9slV_u)oT8b69vQI+dghJBHz^ZH35|B++$LW^0P{k45&7u>^$ z2r_??9XOc2y*M}NB5Y3>uW#Li<2O^+4HTJH%AqXHvK)N-84IL!^^{-_d68O!XeP=L z=tmL4&K2O8*s&88i#}?vghH|FLO>xkp)L)XPL>rx|IA)Vc!eusRqa{2q)ZgPU(;i) z2ykSvfCKfcMGI$r)`8ZxeiJio$Eba0RZ#x&ViK7VHNtc*Z`&~Yw2)L>_iH>qB;l_S z)aQ%gyY4LS4-O;f|MzioYQsTI`irqe8^}yk^$4?9P{6#*`~HpvMu9wFJ6-Coycs)Z zj!kK(lqWTe7%QsFke9kj09fcnhCeuBiZQ?qTspO96W{YA^#O`_0a*6xh@n-U+TMAp zVeJIj!B%fm0P%a=#211cq61nD%73d$o-u|*u?IKJyWIlXI( zpBUSV`)9(Fjms9X=dIk7&z+aN9far9$K>(`Nd_=?PTl#kM>$Dok}td>IVkilnE{N~ zBTE*WSkF3fP>ON#{G*)VU~{bdCSrkTz1qH4bDUwmS{CC5Ll9J6CpE2EklW760tZCw z!eg!rrl6Hm)FNFw4(!ecO1+HjwSv<#I<|;BT&tdD3K9Dw^0u%wg$*iBot1}nBMMw~ zn_K0Mhb#`a(AfLA<0M2o{8`OX%%JXHd+CJR;Ud4e+v|)^`wmcmPDY`7T7knK3D&)g zD|coa;D%(d_7uYG9EtbYUaySuR`%Tz$sPkD+r>0X3@;rB)9)WU^!gwFaXnB3ffo|x zywH@Iv^qe=V*je`D}`v7Mr-HPhU!UM1_(;+JG=2pmXl~RGdf15|01q^f^coTLGX2M zYCCEHYs}vCgr(#@3l@-8>+nhAQ3o(3>QZ$`ljFd*F0lF|l}oG{wOfZX>VBSi=9_(S zQ$MxHpw8azaB#Z=tSqFmd#{I-BlaS9f|dK1>7Cw-}xfgq80~9=%C!!>LTyZnS`jPEBV%)KPQK&~B*oGYX%1xnlU9hAqes^djBaDeMNbumw0j|eVu1+jxjPDq68-|omEUxHi zT_At5!FB-#D^rMq&U3Nc4Zkc$y@=y+^(MDXBTa?%5oRn-*%dE;UCU{Ilr) zJZPr;Rjyy1asMh{#(VWMneY%2x{0GcfG$>^eQ*@U9@9*@>k7gw*fW!kf5eWSK%9?kmG%>J%yW?Pgr z|D27zWzK2_#hc|yG9T)!Ca?IMK{dW0BAC=Bd|?4kKIw+Ztk@?eOOB&t>GgQ8qeJZ( z7K$>5zKh$*7lm0Jj5D)`?3SxW{3bmz2QHCaQXS;RUTl+ng_RY-`9G|Z;b(phiV%mb z-B`n?$=#CfGd*XZy%{Xqcl_YY{0dEyKKGQRwpIpyO0UpnFv8xy2Lheyab;#*YuKf1AcS3EP>jPV8>KdsS@q7;5lGCQ1s0)!FH zezDq-(YZgAQ9nX$^f~(Zm2L~d>87&Q%L$3tgIgW;>v`T$W?|?)>Cnf8&vm6!iA{gusD{x*=ooNZvwP zFKMF4-l7uT<>6eMlQL5BaU+mr^%}W-vI;Bd9CxgjrQ?w~i3LIn91dZtnnE9|djj-S zF9j+0r!j`$pU!DsU~dmeuiQyn(+Oali5@Qb>0l-4M)NEFRS(X5w7X8F@r#6Q)~Qc1 zcLF_25N7+O|CO3{0y6)s54)Q7_Y9oe;@x1NA*VwDkOIl7ApAd-xm3849+`y{@z3{6 zmfFPN3*npUUv;m!U=>d=icblNAVsywO!+gr7^n^$d&&}7v+$azeU-s)^!9?LG3>g0 zE~xMM`c@rmWXtZ9?ngNlQj=Ji(36oSa)a$f6vx&X)p$c+U4k2nB0@SCQldl5&wMvy zRoE*5?z9!O!n?WIvjVP7rY+ztcvsUE4sutfM>)ixt1DlE_@Qf}T^~wY04JzD`e2UA zRZWp5JAmw$$^T$3Ig{dp9tY10x*IVb6MoH%W!~7js7o+!hRdkju8_@2KlTwQh%UKa zXNJH`j_!X$F7N7oMiEFlCse5jx*Wb@g%!eQomoL{f{O{wI$EjPFVP`B+h`&Ujs637 z=filWWcU(%zq01-)m@qNWz~<9Xi!pB#7G~~4kJ>mQX zg~*=_k;t6H2AHww&}oD;G*)dH*B5Uxcxw-ryWu9fNBey3uD7P!3peu}l@c7`!Ct_! z_S(%*yvsi)y5_pFH8;r$%U^}Os>KWQ`Oj0lrA3|kvr9|1^0C%z48K}-R*<>U<(2Si zPVrOx_{_rG8;)L5YMQbRO%6^4oPrIM6lmtN;#5?l$rNO6K+oP=F7b+ZKZJt0`e!O< zJHJXXd-=JX6kjL5f=K@_%jr%K+Y^S#ytVTaTm@{6wIU^alU!A_DJL3tfwXH-x#sIk`(u%bGdhoR4 zcy>-0ZTNg;&S+t$C6 z9+uxm64U=pPpC$1cHCq!U|$lJUI%|pTbhL?+{j*~kGJ~kXcSUK?+#tLbyoTLY{v(` z(N$Da#=NtV{N?6*=eOSTNtPs9+B|k)3_X;Q(i6>YhkvdZYYp~XhkEZ&(DLs89=>@s zb4xBi{}Vs^S`x3b{-L=KEH(zTZ%g*BRvYe~z7U}%fL6X(pX4MY)Ke`17}l)gN*EZh zZVzENEE3d=ImN-`YIPF%H%$6m_QUN_(!mTMb6K?hF|8NWh}Ex7$QR)hTVhLg9^1)o z(XcN*UT~U-4e=k)zSkp}HC8pqEF5>-JR(RPZ84&c?3e|AnQPK!T68m-Q$ry@mX`Ru zzx`<2Iiz33q#Hhmd92KkYqCo`cJEa(!uK6jdoyz%epr3bI$VYbeTHSQFh8LCuLf(n z;+x00pEk)OL%-QXi@}gw2#nm9dEcUgrz!>0HT>b(^y#*32#&m1pKzUxHXM9>&nD<} zU+;kEa!$L);U*{J*qY++wT$lu7LAui+}-1uuR{jQfqGa9Jf^9{hSXO-DcO(xWB)>x@q>?mj2#4iuNuG6D9toU+fjJbu|IiK9> zX-{fwQj*+bffd(dGL~EK5LtIj=te=>>Ig z*ed{GdFl+i!qb=cF+@C6Zi;k%dwU_xaUYOidvrA+#RW)J{#~RZO;cJkbraLfyl6+6 z=ZDSfEzOLlF2~`MEX2Qb@#NG@0GRAs=a;ndPk=pP35yM5QTL z>XXcc9*N_Kumu?M!oXNX=C3=m1mA>Wo^y=rSTd|G)J-WV zqg=?jT&8^uh^~wNx2@TK_qrs^1n35k>}2x-rzi5-tV$T<0ztq_zBrvJ3M(mElINdUkPc3cEt8f)@_;Jc`R}v8kF1s?BAx@sLyGbeoSr=xU+!5uYFW#hhCp>GDhXhT>lRr0qc}$gsYWJ~S z<^6~6=nBnl%Hw{ZPw#EwFJH^4>DKNFCCbE9<`QyU{tVcX{Kf@nSIVFb!n<4 zm@#|krY@=%yf?A>U94H{6f?szK)So^s3xrLekvz4=!5JNf@xm+P@Fzm84|)!?yugh za(X&c^uZICyh|&=hQEKt5|a#s$7?#*Fj3R1Wmf>&HJL@klx|Wz>Dl3(M}4Oz=^G7j zush>Q4;eL4+C{=of%O8oWnlH6Hd-8C(a>l)&02$0Vq9M9dfCLheec{f9`x?=H293n zn_HkFIZMs86KT(7Wvw;UG%Uwv)l>86dOYicvsL6Π&D`t(Xe`a`?T0$AV49`Uj% z@d6-)@?*-@Fc#AX=s_9k^SMm?Mts;*v9aoSoEMz@g8sG=w;ZKK@Z!H_hTfH3=(PG} zKOEtD7`66E)QQrbyKNVqNi4)B)ec>;N$GP6FVWPlxgl+f!|LH-`LL9rD!mqXWNb`F zks@nn^F|H@IYjkeG|>ds?5-VghXP@1sJ||TSLzB+u;pm~&t~Z`+2yGt5ggqc8S?JY zPPH!n^a`86Jf8XkIZ{u!kY<^xC7C1L2&ID$c$$FX`DOj2W{OaGJ1LmoZJOeanHsV)7@6zN7G_dJS z;z*P%-SSuK*gqUTb|ND1ns)|`vyH+alazk@RNcrrQMA8Klc>5!^9`t~m51k$=zFy+ zMM6)E?bB!OxtkN2i6m20vRv5OR^pH{;D%RdE9}B4u6!`(|mcr z4&lZX>#FIebZ4N)l!Z2OnJOCE`4-swrZsTSa+OwbK zESuCNdE?v^)xnIqmgl$$QdlmqC!`Q%6~&P!-4eOo?CvEdg3;!9Vc@rh5pu>J0$6vx z%!=I&($0UW-xoTvPxmeEX@?qgdd9|sv4+lFILlf48hIbKYrU3YBVbW8ZONcqNjZut z`}sfpM6@_06VQ{dMEM#DnR?RJL5loUJa;T6jj_cP+wj&tnJ zuy2qwCjHNsAS3sj4htMC#9j$5wd(QINtw01WnD(4`{Ma}%TZ}beOg6gQ8~6lA7Emu z?WJ%SOac)}y@@%%sIinn-Yrs_HfK+U6UpnN3VIN;!^c#J#zL(iAn?xY^q^*R6-qPAUBrcwFkp2I`jEzMv}9fix9wl z5S?tle7N%@Po92XX!+sl&!!g6hS6>2u|SsTiqjJ60DqT#61jt$HWbDfcwVHNd|%WD zn!I`xr)nHOc@wkP?~AIdGezo#%5IcV)A0KJ0Tc6+1(P>7+L+7D@dx5S#To+cq68&z z8qPpd$tS7*vv^{U!vuW_?b15TMmm=Ij2$qd{5;?#eAX*c93$qzpT*y#&`lP zFWLfzJPvB>JfyJ7ouXMrTas{VD{KgAzREcoDkvfGlIelNf1P>fDoh~~C~YlW_X90K zWVa5*E@JVzi2yLhG#6Fr#~Wvw}W z3oq;>VUC42J!vdmji|GkTSI+su%u2)>2_pU{ae;mgKs1!tsttJHr$tIE&LzjNK=>z zoJYsQj(XJnZpy>Wrq=8r8>_iUUEF?+>*u_@vLqk>>9z=CHg4BXlD9wpl$ESZk-pTO`KGZ&Q7^kE)I>P%MDddfi-r~H@3el^$LEQ*40p{@ttB} zCSdR1c+a6>)E&IwBCkJROJ)7=eD<11FN>0i zI4GDg=K!t<>KhyN#GaV9zj>ZIxb5Dolhed%$#yE=sZLn+ot6ZFCmE7&$k|N*piDiB z2;}c>&B@9`RK{nVG_WUqPfBx{b}l^XC2d>woVWbUA+Z-#OQcUPR^X{P6QWo&>q8jn zdBw6;&NtOKda7r|EHpn2CPCdAcVdB6sw3F56KpnuZT4V?)GrWnNT!xM|1Fkj(|7j6 zlC_$fFw}+o@2d96?&+8bb5@Igi0Jj(v^y2Nd7l2-Xz9j3vgdV(oJeD#sBd?7ASgl) z?2yDnju*kI^j;rdoi1K4u$On7Ath$E9Kym$B^1Qop8ta6h1R^)BD>Y{Nxu* z?gS6As-y6lnDMr`RzGnueW#TgQCCict$+uf0DJw5Vr=4w2-I?;8<~KzeTym7R zl-WqehA28nS?}3czeCKC^bp5~Z9W{vGDT;p)8gjk5CG+IdBmw4wyJak!g5Be&WpB&;4EZ|PMoR(U9x(Y>UV+UY5zDlXu@j;ABx}g(a zu6I#VJgX@acgsnvq~CQbO9F)TYlJEIn=`8wVov%;Xl9k&l$1<+c5$cUiDNCaN;X@V zP$x+Xzrh<5l(De;_`H`FVwLpwWXWo*sJ?1p;Z?$;w?&Gbbhj2(#lE)rawC2PzonIZ zT}(;NM_?UJO0Aq_F1Q=Ss#D(IhQRNB`O7*4+<5pg(VlXkHfd96Ky49R!Xm#$DsO%| z-$&qp^S35@tISG9?kx&v9jxHPRFGngkYX8RJ57l?`2lE3`V%u0DYLS3Rg?-|v>K)D zSqf^f&6_=YdKHRX9pIZZ`hoLnhdo#ic(L zv+Vv^!A$K&C2CBA)j>md6f-qmsw` zxwa zCa4Og8>&3PxD<2SvHo3Pa*5Z4@u>8eTOnJbfwR(|dld6!3AIPVJWp)yLq^nd887rj z6Blz}x4G3iBC6^cs4w0c5!>&smUQVM0m~<6V33Mk(Sjz67SF616w3p_|0cF>yCK{f zUMNQxZE`5Uj z1dlj2%|GqJZk78l4JIUv(oNDVR>8iW0aEknQB8&PN31THY{c;wn@_tW!}>_{pID1s z@MPzl$&zg=$AiQ?1W#*Nh+Khf((x?kFan0AD-@O|#63mMsGfEo7F46t>+sk=c#0jS zhnxKbr}X&(O;im`S^lV!I578bX0VFT(1E4Cq>{6ZF=6?QIJ+^ z5^5T0eQAUlUFkn6&YG4d@uUa{w||@nK7jb?1+$x5;5v?|7M92e1w3YArR1=QgHX$ z1CCTa2j|8p-wu@)`(DiO^%ErMK0HdM*;uZs2I#~RNtu2LRJ)eG`_7Bx_xROnCP|VCyET+@@60C)^mw!Qzd#hM*<59i!s%fYz))0}W`HYll%gn~e~6Va?IKjl2+8!?I=agvi$PoKKz9$PK#M6}cvN78pDhr0vk9-|gle`BXBayV=3 zd+YTEsB!0a%@Ryuu6^mM4)#5Q*$96fmQhZ!Z^>Gh>@Hg`G;4(3O;LQc>e&bY*xc8n zg((9R&!B%LjRLSlcH<=Yj?A{ON`JF(3EvewH}yr_?FDYMu7bM>-f$~O1Mz$>PhRUn zHNFbwr^YF`fdLKD@V|W{2r_(@ur_-Hr#=o~Yd}(3%$=N7l&{Uw3*mXrmx?&7hk!eL zT`{&{6dCs1^`b-J7dZzN=15(e)`-4aF(n9sFg+A+wFR0@;Gp9D!PA`7giKH&?SlH; z0a*@$2)8{W<_;PtLWB7fNif%9Mpo}z#S65f+XF>WWUbM}I>+3@J+8m{)1|o3)LllP zw*mPNMi`I1h_l4Pj}24ZG2Q z)pZbMQn9zDSnk+91o1G0Lor2Lz7K6s4^l zE=pQXg=S-_v6piN%4A%_t-c_3zENA_?k@!iKY&cXn~|ORnS|U{{TZH@8pkzQO8Q1O z=Fis2FkfBj|U zwW$_%fpKY|6U~DANn6f2M=t)tN5^vhtSwFpHC9}=9_*fS^qZwD{@BzD428zE#yBk3$-r^dh9S-Z!Ok)uG>;qwl0yqdf)v6e&5Q5&39|V zzZrC4lb_~9EMyFw4ey4E{d9ninCP{(C{9$}K?m*6@dHuDcMPSLSbP1=8?~t)8>{!N zJ&@<qRG75`@V%<%rB2~1oLNp!GTk^~4}w0p7P!Z z)Y|VIEFMl6I~!ox;mNuXuC2~bzu2ajT~`VE@$3+R6ocPvUYuP-CnD^Puuv3V)3_#F zVc(dMw~V`MaMEQ?H<;Fo({$K$scSVERocQeP>{0@=d4!^HvNtB(FflxKX&V>UDmak z#uv7;_X+)gF(cupLmR#LX*&^27b)9_O~c1DvA~r@8F9>BBj%J|^{b1Fn(`5v1L~Tk zc|C6XqP_V=AZ_(D(Qks3W1ol99GPak`2@GWo%z%5j~h-~G#w?RMrTI!&M(P2ZWy=b zP^cfk#pb7ybSl;TZf^ErnTpiBh(&Aq6BMzUJ0o(-sf*R2SXme%1EwNC{r zok9ER6OOS#d;hhOHMQQd__1gwqk47EwF_oOjAI~u?f9{N$SG2aH21tq2p=>7i!M&T zwFUI%fDkZbN}k}9X;~`PE_gEXgKk924LwKIq2+&H-M?TRN`z%4)|ZJuIf&4R_C4?j zkPXMa7={{$*iM-j({ntDu9P@v{6pe%Q(9f4;5zdpI=j=BxVsGff=9?BV~#O!0~fd! zJry2`?vG5|HxVOwA)gvBZgs!RO`_%=ysOl@B{0h7+yuVFTp$aCUwfc6em6L~!^BGr z9kb8I`Pqn1y-V3opE9v@*|}@fRccVj(@gfBA)|fr7yt;=wdu`mfv1`dka@x zlaIe;f82iikU`vsw7V&sA>Wlw1<8mn=;+m?I1EtJxMAb$Zqn2)><^qR{6lv$-^)$qZmHxr zVr6H(N_+x=0+iQekEDu3T<(WY{ITI*^g_}N>3`V@9%o|*iw|-nx%YD11J>@K?iA5Q zc1XkWTu3&2k70R{Bf}1HK*6}3dXaG_Rkof5VU2zsI-QiG`!T73>}P!`uIWDferBJ6 z=#aBc(6luttZuT3XEK(Vk9QRPJE8fa&OEj*pJdWJcz-UV;V9lZv*`UYnbM~N$lJM z^sb%g1E4ccxYg$MUOpo^NQWfexb#5cmfC5& zlf@9C?&lax^CO*{^>>DV*FDfj1G!GFti~5tWC?udt)~ z>LwK}MhV%j>oQt2qd1()-?~eKHCwRHrpyNf%GCpwDyWq@mMUALlD{^ef6mU5YXWYM8?3*_}EjbNl&tncyL9! zC`LI>$PfIh?)m4~S^d3$<%3mx~-W}5$Lu}D<+6mxF<*C`K_J>or-U_>Si1{}sQJ>yaQJw=BD{@V9!=-`B)d9YuuSoeB8(N>+(ug9?R};tqB<0UY(G z^W#(ZshRQT1xog$M-Q%Mrp424p&aJs%zFrdRC(0tZqHWt?N~q&W z@>|fzHsy5mTs&ELT^sd2WR^?9mV~Enfm19Hi0Ns&)jLDvK;GH<&s|&RKi>HJ?xyPH zQ=1cB#twS1IfmsSAv;+*l80>LrE1=xQaRX0Mr^u4vb(*o=v0+zdq&Xmm~PC?o#5|R zi_R0f4aC54=$&A2P!oR30g2e(Vna1l_X?h@?_WQ`3Uy&ui-s!n@Hc}Mbr2E8+ODtV9M8-FQ*l^x-}{pQPS2S#vc^o~EWdW%c<@43a8X=qy@p`si3G3DoHa;b ztMO>sZ&IkGymOD6YMffex)+q8__6+>eZ~f`!Us7kt!P2|25pQBY8eGn(X`>&WGheY z2LtgA7n{@FGh4;2-%$KG^w{VKhDXz;YGax1y3kJulHC-#ytSK}jG__bh*;!f3gHVD;suM4B>*^bpU^Z{m`E#{r#O&jp`*Iox+>zV)0kyURw8Gm=k6fp z&7C?a-f#m3Zt-5bQSVkd+O+l$+fdBf>yQ{nH-dmiuOx)Op_DHLoKg0F3Mw5YXm5CM zEgc<{?rPui*-m2Saupw>4m4OGyV;|aFKnj&UQD!7oR3%j)sm__)hf%Jv1=FP%{`Ku5e550nw|{QzeziV$Gy^@ zA}+&pXKZ$Yq<9@Q5l}~Pmxu(*=7Xr6j{Td23}6iF7vZDN#9uj-Gc>~-@r@1&?^ga4 zJQ$#=5&$-r#ZBqvv50qaHe_JoGyU^e2;+Tr@+6_c7Q*zqn{p<>xFVH%Tr)c0RM$uI zUqPKzuwLrtT(6OSffZ1^&)}G(%d|?AqX*RPW|L2`?-F&NVo|W4NT#UjUYKC^pqvbj z%1U6e|AaePEo*B@2ZY^be|Xzy)#qr(w4;#mR#)MPLICU81^p{PebiwI+NK25D%>U3 zyeo>2Cr*8e?UMa77mdgAprsqN=#Y`@C`V`ZbIqI_s%o+GM84oyJ692T8qL4o7%7hf z+-<_DI8oEXX0JZdkjx=#Rq{Lqf>jIw!1_RmudHsx)N3hc(b_&ii@!q=1TCZpq)Go0 z)1rpF(1Nr+l+FK{KF#ud6fSJvu6yy#Tig3j9L~2LR-9SrUfI<{wV%$IOnhMDQb0Q_ zHDyxu40Tj5k9VMRgBfrB2`P%qXk1K(N@wDbAh4uA(5Iu@!6o7h0Xu9w5SGI z)i}<8$vg9&keaUB^)@vmlcC5vL-*sAg{ldaY$ps8_0oHB?@iAK=dEx+QI4bvI&3;2 zNej5FKGFDSL_Gl}tHX&GL_fvVQ>%jE#Uj5hG=39Y@XVX>-5qxDcOr$2$jhfv?W%^h zB6nf263kZ8&CBDuIE1_4?O%nh^}E$gSf2^iIjlNqfqIOLMiv%o9y0N)*ZFv$tP(y% zc9lCyURw^8x^unQno$n8_Ov+}|4l<>hx%axjpC~we1>Ij1;kc z439~hhh7HAz~IGeyq%F%z>IN%xRfz1!;xkI_W5)!PPsc<>A>kjf$KR>Y)MV@V?f&GzWpJm7S%234}%3_b)=P zTyyoU@t_Q^&zxzo#Oq6BdQJF&PN8iJXrR`c@2KRaPpb{sCpdd>epV@AYdR0c1_<(5 z;jm`-EMj_VBi?r@qAs5FRad)%-Z(ie{6r$C>&J*@J;Lg+qgTF{M|j5cGuA)wGWwl> zmIvZnA1i|ohc~x6;u~_?pG7GP5@Xy|lKc(1rwTt^GJ(PI+>xmZO!R_aI0KKeuBCXZ zkDv@W<8UGjJ8W#%c6E45rk=OkD#bo^tDi$Xs@h?xJh$8&~i}YpBtP(oV3;z5UZ!d*3zenRP zYmdner;}`C0T(Kb(Ry*O~MH>`U#waGh@WGk%NUkF7s6*rK56yi9d79 zKGjX_`6rlG%X)^ktVy{bxhk$NGhWE=;GBI!eJQM9O@^rb$aP)N8Yc zW`>Ab>so?VYF#wdj0*(Q3jbF&{*<1xeq_}WF6QglshjW!f?dXl&Sc6S)OWEU9pDl*=bsI4M0CGJ zW$i?c3t^$dvi~UN(Lh&42@le13O!pEaYEsgpE%CGj_CMV>)mw}E1Xv($ePOc-|PySzAW#qVc z+oY}E!i#N{$11L6m9E!Y<}%T7v}X>?%d##S0x@8yEy8Diw=DU|Rag3+Z z;oP0Tng${a8T$|e5F?^s2h16m13ju^MO@W*oi+Q&R&5MH7FkeehtRLDo-4-;Qj0dE#8M&rF`Grb0F_UfYd_}o+g&>}W z=c{R-wv#TiaGMDoOW>w1Lp5}wJQMDGvW?*0EP0a+rrluT)Mtk;L_7E6oPRQX(>4`k zvg$k}06GBRfPp3B%e?ppIyVvG54sPZ*x3I4_-W>?r9-msVmZINl-c8boZHoS5WP`8 z=sRuFU{Z!VwKR;n?azFOwV$&0E=wd07hjIpv{YAig*J?k(je~8P){ezm0>l0*ocfS zvJ;I6PJE<+bckheWqp%i0a2@bZq{|d(KH9>czfnBsBz5^Z!xy7pJ=US0H4c+n8+OA z6vR7{_s3re^KW{herTg8L9^h7q*7qa2yldnJaW^QSl;T%R>-3iiBT^4zdNi`f z#_18`cUz?`wbb#a@PVt{k%1iiMim@P*DC%3O0!+a_=lXCFp>3o0j(@Q&e1EpwtNV> z0aOGui)|Hd-CA@lmY;FIP!Uo1?#s`TRrw}H8i03=k9=1x#{6fNWDC>~hvw-fwrtbW5 z7@Puda3`;q1!~BwI#b0E8Qa&oR&IZceWV{$Q%S2o`{=4yPzfgPK=`RVs^caJQ?S0} zpDIiiN{3Z^E}DoQzuQ{s-A|j2C=9kvY}`807+!4k!Qi-``6WtCJSTM z=&wNuBjA(=FB+UOd3BncCt$?;^z0d-9`IyGFE(Q)8!Oxg3`MAsdKpMa*;`S8Xy2s& zyT}a2V5AN!%Y&?6rd}NWO~)cPy=W1=mi&3>cPqJ12Nw^H`cZRP)RYpC@Sbfry|$@6 z$MD3oZLVm4=1yG-cnU$VZtY1PMV;oZK#;zf7><=S(mqDS`XyLRUU%Y^eB@e}Cf1^y zUlh47zYS~j8F=9-Zb2F-j03R)zBUp5M-=dS>d(eVp14T-6GON0`fuX9j;ggL>EAPnwM2hxjIumB&R>?@_jh*lFlv z9PCR3ragiD2YH^=@#~$L0I48x4d&_uOxcFmvlnoZNOVu3RHTi{AGx5Mr{=Mef6tuO zfYhM#ieI$lrsx($MX?=jv0P>{m3=hVq>v7KiLF==h-G~sq6tFs;b7-Lx%Pr=RGudh z2sG&iH6*IDN4`>33)9GRPQ-%0R{#9bmURedsh-`{I=R|S|9YEIy_7QoPY=7659ztz zYs)d@Jf|U+R)%2kP*(OG@@__yi7aOfLC6S8$hp!WtRZ4J-ym1O`Lp2HZ)=O-K)y{_ zBXsQ9r#F++^qD!O3jpYrN=D?}dmhY zWRnZSgS}Nr_43(pssa6f@5@Msww_A9XKbHeB5AlfJi{CcX5ZW`@RJu~o(jm4@IyU7 zya$=fLiJ1({&aEfO`bxbBS^e7ZL6>O-OM6x?977H4_KCT<&-=ms$>=MYIoY=4|Qep z7*hXf?YsLR|LPs&#hQ%gu!!UK}6KDbHg#E7&$sW|>g-n17-cMgEx)Wr{K#oYlYQ zpO)szuc@L{%Fwn{@MNUKl|RdRf#OXvr<1AviZN z@%NFVd$=QCZA|Uj=8RR6XXkSwTJM8fbF%BljKWW5WIGI+8X8nva=js;`L5hl`+HkC z(IWwv``0trRu(<2tKEu!+}!3$U0n`SD@`j2mRTu)8=eT7qfu$He1*I44AC=P!Be>i z%$2dMrDn&nR6#9U{hF-sB)_{JcNV)-4)0fcnf>v*^fgOzqIu$MA+KWb>dvfeS?h*= zmAg$r?{!hmeP9!&R9w~~-5avEY2k5Nob#IM_2L@+>2;giHd-2a&C}jTFc;>rw(!)( zPxIeQkruD=`+7~sE`t1@sZQ7NQ9cw|Gd|H;>Q^93x4rFrJ@br{N7kJsD{gm2!6J4NpUeK)bNFf9(}y2nUa3F${wW zXzquFnbv*j+O3v{pF8Z*yZbBHrChlk0LFY7W(*uCVdnr)r!{-CzM zOS-FSi`_aox*NA~+83hJ8*CHJfEeVlR#2u5oWWuobR-2)^su+ogH-Uz#i0MIS+;&{-n* z^kTzDcHz{*4=JQggv5MMQzGFH>Lb``7lrWom-2#?{O24=yy?qg&e`&`%L@QzkmX!f zMJK5|WNcVPAAZ^KEAYWvcI&V1{=>bv2?okvncpI9%M0P54RjlqyvcV0M}&LKX zjl=C3_sc3@ofuX-y!15{OLy~_68*~5Yo+u%$_ledm&SP&i` zbGCP}(&+zi50 zq-QrK2HbmA!S_Ey-4?f}g`P;w*KQ87u;93wPAw8oiiaY>z0RG`u{ zQ*l95RInz)OoUVfLB&dilr0xP!R7b-{^W2Dhx71o-}iG}*Z1>D!%9O2g!}4yevF(D zfH$kki!*#Y;IT`hZUp#3J--kYfKQq_YJYKScgTidGUF)@ecK&b0_6*QDGS>hdhZv> z(D#%e^Nr<&&~NlywjmJ-ZXnN}p66SSD9cZi*R&T7R1U{Ae421-#J{1J&Kz5vkBm%K zP-y`bVKVtElD;&Sn(-Litylu4=LQ63fw)9*SMu1T>V)2RJ{>DOLLU)Q1tHjXR0`^q6|~MWDU8- z;f~KeOBr!38JtWt*Arvn=OJx1_7@xCdY)G`N#a^xk!#}e4=1m!T^(Yl4<#k_PySnN z(@0xFm`T|cNjCv}#|CP^IhjxkQ9c`f)Y3pW!f)i$2I8a}e}NC9YS!xlMlg3Xx=j#m z>EIw4`{#t^%97-Myy(JfRnc)jm7qgZ4HlI1Qh|z`L(mAXMT=pBTs+AihttcOJZ>1X zKI9e&4xGgKY&Lfk?ifKFvx5Eg#eOOJLDnB0Z!$upZPqFWJ9r4zOYXzG97Wt7GSPp} z$3q!RFMx9n^5|5+_I#59P37bfd(Rx;T&~3OxNZ92y-61<9mQ>WSiZXYxVoWeEvrya zmIwB_0I0Iz(GTrDKYxhM2a#|{v>~(FOB}eT!Ue#s6q}H1U1kny8VWIc*VSJMs$?fu z&Ns~zB>GO@N*|+FM@bHMLnD++N8oSWP)>CHWoy`o>Kd_3`~6bEg4%qRI9Zi-*S=t~ zs&d76urk_hq->!x*bYz}-HuR}5%W83ta0L5<8%oGmD}2__Zgf`%mEi)iekoa+-{0I z#hy$*AuD4)AKPGj8N!$52N<6I@_qk7ei8JX z$4p55kSpBiU(Co3jj^Hd5NTI@f2z^-1)iR+QE2A9ol^hnzFnQ1{CS}w1xx{tZrm+F(PLVB`BJ#r6jSr=uxD+2v z=1v^(QvP9-!{(z1xbk8X$2p-o`BDij`2jK^T=PK37`;1Y{#DqxnU6B26+Cru+J`bK z6M=YW35izn;}w5ka98nLe_d@PPyyI=-EaEa>l|a0brdkV;VbpCZ+0ua?uP`NLoY=4 z-1z~PHAE017$6_iuji2#9Q({v_r>J?ni*QAbmcwk~q*zIj<~}=RawdTJ+qDd_3Lv<@DS?yZpgON3C(dd2i{_ zffePC?YxC@e)-KQ9C^s6jcT_{58v8*5PLgot0Z~lX(S}KotUo|&#BrKQ4hJbd$Y%o z#}*oqDUTQp^&a!?sKz(%ot|WSi()wSnNoWR#D5W?NbP^2pRn~qQ+^mO*gTsHWcmxe z%iXpX1fuU;^QxkP{cv&9pA~J3Q<7ue=$NkFswnICE~7IG$LhLATc%~Yq)0rwa!>dD zdCCj9z%{tL*-2tB8^6h&umv6g$-|fFZrwQNK=fFs{k&w2__ewO;jb-7f863a{kw;T z8#?E!tsQR|#aSje)vvaP_q%YoEwWls+~q*+?h1uue+{T=6r2umUyAs9&&=GrEhgD# z-1e_dJ4>Gf?+XcN%YfdnwI$C67jXirtQ2Cc7$p52U(8*a#+oVX4`H@j1WzsI^eG~SEsSKMb z6pFhXI;7(=enh@s7GMljcx)xcnR1cCMi!zS zrfR-C{T^cMb_*5}4#M#c@RKWIfrEi zuw_pW_@$P)$5F&xBTA^GM!t5;q11i~(Ta&5jau=~S{Xq^N*=3b0(UxG<=?KE1l+*RWx5 za&_#44V+@#8O(>6$nY&H#O^TPJbz$v4jXGWaB2JNWskqUMtjbq*v`=e>@YLWqH4MA z7MNml(4r#jUm+bzeRKZ=5I!P7E;BNUT|-|Jzv+cj^-r2THEgT(Zw^fGd(LcA_O}^b+eOvHw6SygYC032y-)KskU*0Cqsg!zwtch3~(J_7rn_lpMHwg6z4^atAO26Z;$ zMno#-*jf@n4o((gm0@|qrHB)3vrN2HNYShfp$H*{HME&0avqA8VgTIcn3H7Xw#t&9 zvkw^dnIZ^%J$b&9n#wQ&oMb$)w$GR!Jw5lSg3WK|m7NSfsu5)q4J|foB;?nxP0#)} z=Y!w7IJrx$d00-7UFauasTKU?I(HAQ*q-?ewsJX3SSh!>1LsU4qIu-x|Kc*du0!0O zmuLaVs?oZ74!U6=J-1J`-GT4E!4kI{cGH9*@Q&&AV>f%LL4&kIHPkn_#Ar&OPj3}| z$$H}6X3`yq4^K3YV21{|c!SH77gNq4{dGOH42le1W#u+f$riEbA?mfyHz12T6!el#m+ z>n44ce4F5lRRk}dNQhU=9!O@Uv;MJ~mzvb~5TH^PiRUvBtoe$@u1pw`{b5HVD!}{) zCNyF^UKUzE^CbCVid&vr)h_SF-FTi$hb`$qoWb=>EjD1}QL1@G`-;C~S!@B(xIy+l zeH-Fa{y-PRlRWp9iK+d_kPn>Sz1((NJy+Rg3wN_i_UZ2;5_ewjp&+kp6$SM-g{)o7 zt{tYjsv80wu4-tqWn`f6k*g0+y4skC@y>s-l6`- zW>wgGKc!~yQN z;;f|+zEsv@x}ogVG|kywZ^*R7qQF^aJTLUlc7y~pA+Ueyxb`-x7Q*lXF~|jhnQnQP zZ8mjDF-#lk4wO@bL;s}LY~m4Rm36%%eT;g|KLO(Pk7)$dghM|SMSg?xI3|k*e2|}v zwD{4K0=pDhsN_uxlc*(^sNLMgbC9}s2RvVqIZaYXwzpFawk}xj$r*ALJ7`4C z`q8gRYX<7X`XhBI78J(~R4I3zAPppohqH&z<$@tikhk@M^WE*0W z%=Ub|x!@-(BmHJqmksOe_&NJ>%DS2R;kCT(To9y)gJ1~eK2a3p&F||_mIav1pSa~G zIXo9v$;^tcVrJ5+vN3QHFaZJ!7uqyMB^5`13k{DOp6)mDAEt&t~|bNgW}L zv$L)=9dR{rp_XjFdhHR5l0FY<*0>8`3pbJRpWYs_o&iD??UknTS+h5HHUbubk<}ns zqQu2i7gB^vW9Y2%f2@;qA>DuYT%)#yRFt}mrVMj}wg-(po@KfS?-XRNGe8k>f;%<$NF^@j$FXt*49g|fql-;$^$ z1;LXca7cGF3`hTs^$n`!S!DD15@+Q>-45)(MEg9MZSt%Gr8FX^D{)0|iy9W&OG|SM z%I7}SOxjFU_$}7i(GWxDP)pw;ImJd*O{nO1B|LC0F$5H%2?hEQTgDgkCaYdi1|V@M zP|aVfT$XBKvM-KPH;f2$tr@0;t1}8h&V!OKRi5^!`p)pAgmgk0pH|xD zNq(Z)$MkC{EFtOUL;sUH4{+~h7#W4H&*vNdW@tDtY)*6uWKP<^Y9>Kz_2mgEjqF?P z{`RfQ19&6*w1r!*IQi1qM|5d{PfezGiQ`u2aKp6{g8CPaWMj9X4<7eNcF=R#N*BRe z+?=nQ^yjOs-5lD?wOym6?pTF_b9H|5TX-7SvOHYdWfvHk{dLo5m1k<_{J(7%S@@4T z%lzXiXAO%s+t&70)zDbX`gx%7y?DgevfA>_qJBR#FNT>yuI9}STJ|;chmmNZIn=Zr zC$PJdWyX(p-AQ;}N^6k6qHBqkU*M=XI%|8pY<`fQLk~F$i_K59O$e^qP~_+2Ewa=* zAim<$Qe#poVTP`U(xFJeY2I!CB2_ze%qn9G4?e=mIe`i#FiU5~H`kjgHA_&gKgFr= zXR~$1qSrsna1M2Lq!Ino&>@y`&U?s_ZirOm)X^8X*4#Sydx`3uKD{*3OgaUGu;D6W zUrhE2{^hhs?YFwNM&8l)u(@;T8bMKeHzMs6=^NKzR#jI2Y}P{WOvwOn?D3tnoLhmq z2qg$Wqn@j>-HgCyC-@c+`M)TCV&gnK-a@2|!pXok5yTA9x%V zR-WFdT-o8p-Rk43xD{y=EQLnCJ46j zEq10%e)-4J+1!du9k_t1*WA4WPJOc7xatuFd~jxO?C=E+{rTVdR8MPDzxKPACb`NV z_>P*!3f)8VYrE*A6Y=*V=QL|e%c;LfE?6aB^jO9A{#S(|m<-u6M3w}=&|NKlQOY}X z^+%m^oA_!C zEsAfdULCMifgXkWQ>|T@bfE#Ya&&jYD@b*(k_ASIXQA@hQNwnHFYC>58Z$Rw6J|PY z`dSu7$XhO;szebI?g_7M&6C@Ry)$?BsS^*E_zO$H#h}y@`6J;FTS+%dIE;|GNHQ8q zCofd2Us|_y-9__Wn*{10$tLMfNJMq5I*lg0qIi^4QP#X zVQ>YIncz(%C^7{~vgnvR~`~(o# z1c9H-1Z9-qFycPrZmc*~w&M5Utzn-TBzw5jzI%1{r}QOXwZ~dIZHcR!-unFD&fK6r zENp8dEyjGLH;-pc+pmM)uw!)A zH%*1a+cVb;%qMUyy=Rm@qZ^RlQm*)M;Q#7M>o#B5D3|iQ)Kyzag&nPS%9t!U~(;JGjNWV@G$FkSMIT&k(&dqgZX3}!wLH6`A zDaMs^o*u4Lk-U~HuF^+0{T}q{D%+Zr9UE@8&Pz@g*A>PcO-gT%UR`WF5SF zlG%KdlGeNp%OCaqZpC+Jm1Tj6OGSTq5tZu`9(7hY{Hk{M2iTCowY>CdXf(+1f+s1= zfUhn48@=$%aJ-3_6DIZpj}#IP3{h65?mBvj@*SlUN3Q^k1)R8*oIQrK62*zO5kGs`VPplahCNV zxxbKmc7z92?+%?BydL#AlW(rSfl?nn=f-KNPgnPNLjpG+ssol&7Y5$t(y?Kx|17MK zvb)U=i9Z{dQ>554x*)nSKfB;{fF-*!*uA96R?mx$6jk^C0(m3BV zzJksO`F`!+N&$p0-^Iz;JEgG%r9KvzarMuoGw-5*3&q~pVdrx3G>lvc1ScO+b#0PK z@X9SZzz|Wq>QQ(%+jBwu|tg@osYUrLIU%&&c=8DTi*S;0mi({d=UR`X$1s(MPV|mgDU9 zg@$**%07LK+qkF*m4P@X1##)*!`P>RYHu8dI7S1YR>XE@`NgSA`P@*I?-0XuWhAY= z7l3{xn-4_H;N?~`p@G7qEcxbmlVUdS_+x^r7|l`dbd%@#HV1AH<@>lde>Q}vE6v6h zEnbc*ocO%?Wis1Pj0Nn+F50--oeS52lykf&lHB<7YL|M&y^AwNIo~TKzUh7>3rf3BB$LQO+0LV;?K4Q@I+^&_h0B%p3l7~^+iJ<>WaAa;NOK{D~$|a~9(PMym@lH42#DVTJZZ4<;2x@I-q{0@0NYeDUy~dm1x6W<+ zx!56|`fkHRX;A3Mp&z#1+_N`lx^I6`*0D zS>k)J%&ITIE>1?BgM0};C+C4ZsD$m^R=Q!YW4OcPgl>x~=|NT+=3PgL;t1G?#}=%xVEJ7apy1AJwcPPoBFxBL#HlZl!TYe?-+fWKuQ>}xtIWI9P7W)*#^BQ4t$>8M;NdcN8>*8FSrqtD4)sW2_>5QPuwozdFDD{Q~DKvUz&Uj|CakFJEYn;t!5nao<@4 zZF~iVr-KXFarrXUb4ecLPb~udkpR@u;t*~(jW$kGVO_W1vVU}^al#cMSBk*hc zQLaF7>2B8tJOOxxdqi1Vkw3WPu2$@84pd!OzT@LGPh?-w(9$ON?!1_(DU)SB7U3-l z6yLQH7rlj%y))^YXfza@AF0Yh_A=X|7CIFc#dXR{$BanmV8rkLztab7e9NG8F&o+6 zgd#^Gr(j~Lm%=6}3yHQg=VYmRzM$8C39{ah#Vpy3(vNs!2Ds863X{>~g6TJ8XOy*b zRsB|y;T6lV6t)`sh(aeXkQa=ng`5{#+Dxfe;Q^O+Qk|2Wk<*`d+BC+Q`6C@5j7>_HmzLHa@N`YG;^37sw3 z?ydU~!A>0vO}RVuggukRygK(p+o23!DPWg}H3V~3q3LNgoc@gc^%2qliOc9{A2}#d z!A8}j^+!zmop5)kDamQ+h-UoptWe;t5qGjDS$gsO3_L^jSr6W_uO4O^S74vGor0XX z=Fv#8lZlOIaQ|_HeK18GHTnvW^@ni4fckymQQb}sSF`s#T z-ikBt3O7G7e|VgGgdM>b|GDNilo#l59BxhE`F&|jJbZN5wM8_&&Tt+x8O&5=jW{p) z>L#0HfW^v3nf`nZapTij~{fg;5)4*Xfpe!Uqq6z&|}G*etF+G5l%Zxlv_UAQTLygpFz1M=fB z#xE~wvQQ&CnD(vhj{2*6CQbF3b@IGMG>GYuXSCja;KKcnLT!T5IiVu;F@e#VrQJ7U zv-Q7yKwucm>6PIDaQCidvp=T~gm{T47^a43Y-*(318;aTbZB0mUk8rq1;DV4vCqdC zcYn4{CKm#~OzWvR_CjxW=W+BTo#ou7w2mto=0L$5CY&Cw(+EKZeby42| zNSU$wodn;QR@a1pkebu?H&5e8W?`@v1`u>MA zXTJaK{15-VD=xhE``yQPHh+-4+R=CO-q~|LUw>cm^*`fJV{^P(PPZINdw%5dwC2&H zFagI^=c0k6FpW@bDi8YX;quEr@)p5LO};%Jnl74S)Ur74Ns90s>e{M<-AuD2W6~5J zCC28df*dz!4hP2LQSe`D}$v zRhEOL?9g&_4ZO#w_UeMEcOH`3e0dje?n|&L5V(@>4)Z^oj+L+}*3E2sOTxb7Mx}@$ z*jIsW%*h8HhKvcjAhHbQgADc8k#-VZhN6gBWt}w6bO50%9{qu z;X+Z=knPf1)Sr+>#T98p^yW|PSkpHROBGx=!3DeYWQLq!vBK!;g(RscV=zg2AXYgS zrnOM>rcl{O8^fo!ELij1S1mqK!1W!fq85_HeGwK`3D*w^~30+tyd&Ow32=o=R@>n1&3RPW$;)7A^ewN zblH6>1Qdd3Vl(wX*kqynTX(~1FZP4A#G2jB!JKj9I{JZYJ^KVzaMn+0fzTV|o~CN_ zBxeb5I86hp!NaN$4ly-0KU6s+>NKuj4=o%ZVkk!PaI^ynouzO~uRaqn(eg}@#~SSN zHXgHVSxA_xAh;R7X*j`9o>EW3JPR^DcLg*yl(rPNIJEkxE5RKnO;Ml}75>H@&O0LX z41t}nA=;TykD>HHo=x>pWS3M zmf*$c&Mt;b8!j2HZz1c%>3*-)If5ac}0`g zRgs(dk5aFcHF>}@2Dsi08!gHM2H;mF3zr*G$0HE#<2gq4mR<48FRe|5V1~OMR7JSB z^BT$C91(dvRBw@)=FTARGL}we`M7l|!(w6lVr^AeGKH-1kTwnU#8JI_m6z`W^Y4X` z(!K9Z2y0hJAhLY%?eh321;bMFAZ!d#(1BsO$5L|R(YHf4tkJ_03xVp-O8MzLP7m)h z$Z}0Kq%{^GTEb^RIb)&iC!ot=9<(-z?~)gUb-k^kBsH9qa=nzY{Q7Llk0g3t;&$nZ z`5LQ8@_;9*>bU0v8FpN1bT03>H%MGwf1jZpFiwDK&dP>;4dV_XVYiQ!|7oD^)BXF8 zD_fhFZb+Dk^0y}%&Gc2WfI>1bbBg8vnY^Erq3zqOoXJH9w|{Uijqv0XWN zkQU~6|4+4?KdSXVgVHw7(}Dj0NM~C%Rg^?XH^ifop-BmO>q3jAwc|%9?4L5q&u`pB5R}AiTd%!Ozg{X^Xe@kl17~c9 zuY!e46e42&P~?s2kN1@JkXXUN=6q(lVU+-r7=PR|5?Ffxdke>G*=XKIzap!dxF)=X z_l*`G~98^1u5auEVpJ|{~Dm8R#Hi-21_bXM5 z#Zqp!ID>U+c@T$<#iu1#SyBB>T(qh=_T); zS=aX#Z$sk5;}xm1H+HMItf-e}h!|2Td&sYUy}drcV&mrG2f?HsHal2If6ljp@69Z> z59J#vhoNKO+c9|`Y@pOow>(6$`5%P#^OEI?(3UEwRiPz7q4lA1cC_owr#j72r{JxnQ~l90=R=P85zs?~+AU#T=)k zC9gigwzRu2Z)J!>46%tX`fqY?=27f;H|?-(`WvwpADnm_XLE{NX-?L!`!III! zSE$WF1D8H$^_-ICDF7RJ7 z)hFwB*2ytHl8mNRk2T*eR=OYy&u$D?p5xe$4z2f~60)U9@-tWwT;wg);3$DxK?Gxb zVGUaSnXG8hJ>(7n_MKIO0v_$J;S8-YMdNZgnNRSLh6@V=_`c5x=m|r$)1Q+pCE`78 z0RgLDokV1cVZKBcU1@{czsoZ=9vUC1QOA$dZR}$KBP0zkgM!mIy|aYa7{9R*Z5>Nl z!T;l4*sO7hhkXcr*~3<1C|bN`>q_O8GSc4U+|5r0YJ<$RYv0kVyaGJ5Skx{ni^2cn6)+xJJOPp39OPz&4BZl}Ekf9`NXZSP(b6r$gt z#h8HGU5Q31)5VL?=H7`RJKbho@+F|Bw;^|=E57}8$Xy%4Be(}hBSN}eRoJ&!l?uJ_ zyEG z@*1y4A*r{!T&DL*>+Ar@Eu(s-GG?p;aTTjPgXO5lHmJSJaVuseY-DfJ+|YZE?m}p3 z(%1w5vY*xq!}q(YEHk3MtasdgK(TYM;2Fb!znT086M9IC`fna2Z{Y)a_OWpsP-pL7(pYrE3x21}lKERWE%3q2imS0h!$}_FR8y;*ce~mnc+W{MJ&r}Qz zj7M-j3$fQ;YJKqxrMfElQXxdu);;Yj-cFm^lDR)v+h}Nyk0xxWEiiWD z=2dPZPM)y-YTQE)SHtUeP)(anWR>c$9A8C8#%%#713{JJLCXpX<2-IY^KB1nh-x%J zzqzL7>b-qsDC~3Ih|Ui!EC%mW3lQoll=inFF7;81b`3>a_P*|?(9EWL%-%qVHKDFH zKHbvc$UA8gF58T!erUvbpOQ7<=CL8ZDP6hmIKO#|YM+ohS^p68fgyKz@$*W#THq>8 zGykL|mv?vU{)*Uh5a#v6+pmnB_HlL`fe#~;_fM3seU;N>h^L>Bymd!_sc3`iq*a*} zA7UdL_OX@5Coh*#^fgQ)Nrq~!GR^{BlGmZ(v9Ms~Esk?Co?|o&ox#6B3;QB6we)Eb z=b++myUdSkeoV3XDPm+^Oj?S2a~cWx2V?|ADDzm7m}DpZE>%T&(fs*rGYzp&uo~+B z9wGWEXyQ4s(u(J6s4vmXSv%@*`P|wa2B5F%9%^y0O^+24j*fB!fIMpvK z)w~AI=FC}o{4RBDK`J@_4d>jxGHL~BgL1VOc@5$eXKSzDa9NHVAL%@^i*~seGJTIB zsRq1nNrck!6PPrGhIg}lT6;W>n>~W1)sVu8mwl0F2_8EuSRq7UiB?oi^FueO6Nief zv1(b(7u=)&HH_f7PM*Dlx1_d{^f!`)p7*i~*cf zMOh9bZvO_+8@0O@>nn@0M8icGtfC!1CXI;o!t`}8zgH81MgKj|#2eg!vAOyqe+G*T}F62*ICXHpusC!VoKwBb{b*GgGE=~J%F_5&j z@LkKM{$H^T$b(I&#-g~&*PGq|BNf)g)m$J@-SilfRp5I$3`;3|uxH(Tx@P(P*Kz~Q zJJDDyA@$E`Be`(N;{*I$VbNMN!-#X16lQL>@QI^~<%uQC5V3pshz?n%THh0K0r{wE zpOxTcez8<{p()FlO6u${Ul&fys*F8YCT^02AUSA58xoC>IGwzIsZ@S$0wnMvC zzIcvA=h15drf-F@XpA4N8huqAOYs}9Fgw~Cgrpd1(R*@q+gAp#=WT*YyMsbp>N~Mu z-|J(u&u%|=YE3|#)913v#S6=CF6>I~tM3p_OvZ?f4Dub8vu{ZE9Tc=->F@@rB#Ue)vC49PZIIobs6L&f8~a6!MeL_&2N@L zMQ}Xilrk%`4P%d`V+Dzp`O}`7?vC5(-54(`Ej~|yR8Mky#k91-a7b-7XRX~xwRti- zt9$b~38^?h9-1DMi2$o})eDW?-i_QIf5Bf_aC7E70vMv3H#`)^ns@TT#mcs~(e@|t z;vH{O)2NL=JpS!~z+G(+E64$$MJ)+~q1$?8!{lOIo`IXrS$v&Kv=+)RWLGcxSNZ1q$BIgK^SWL zK$mwrzTG?x(PSZiX&7^8!oG85&b=g}^HDo`Q-e$$n9j;FNSOF8`erB7-QLSoYyMi~ zye>zLS6u0@naXO>OXJTEqE3l?pWzi*s)L=$CnlD(wvH#(hOW!rteZCuneI z#d|=m*+i$Ava!o|TJE-tWF0I#T}i!rk%KC)Z}REg!0(Lo?5cTQ^(afjV&|c79`N^2v_ncY9j!he89G<)G-zJ52=GIKWpyAazsu$EOt6Ho7UXhbsdmW2L*^5N zBY&=BM<&dhs`SFcs?5s9D#!3G3qH2+AktA(Yg1A3nBYp%8F{ltYh};v+a8!jj<;P75G}ys`w(j#_dTlu8w^uztOa0`n(L z@M|P#=2fdH9-K{dKz#c=oER1Y_5Cw^tY*#($4ZfSH_KT{_`okFqAMX z>8Drkm^E>AoFC63YJ;`dD+K8Do$~~q@ldjFtLUxW(OvUp1w$LGes`=jfugSp+ZSf1 z=|fBv_|xfHt5z@eOHB2!2Y_dhQEH1|5w%yvvFRS8F=?zT(=rN_l5W_TJ8j`*4}7a} zUrFOa%mijX^Rp=d3_fKUr?~SlFte(ML`=B}wmXz%)ljJCka@oKTXBTWL66zW7oSQ>YqUV%09?*yQ)dD;gy(l>p~-hOx!j-oZ9fp`R!yM zJ@pfm+L!gJYkaRPaooG0ZPDY@R}K5Hw;M>QTzhtuS#;BCPCZ_(7 zKATn0=U6X1I)zO9_gMDzCht=k9_f25VZK1dC+dZz*B4r?Y+zH8Ni9xScdT`ER*8j- zAcK@C&o724_bL1B#+=pj{k0wyHoGe_BOB{HZ*hG$rL1r&^DW)= zUyEIwU7`}u1CmyJlNJg(&tH{!JCIzkFZ+8#;tJAIhmv}*&5qHOTrP_mO)1^ny0U6# zJoA-*dXI46G`ezfg;nqYfFk^*1)nSfXvaC#Lbxw zZ@eN##5!pTl;Ip4O zXv7DIcl}hGY(+2P==>*}vF!)& zz2zeq*%KL?mM0FYa$=Oe`k?EcC=i{i8k%KePcz`>a=g{YLDDAPKBylgzSi zYgc7}G&)l1WKl-f|MXYL4z=uVs5vS#gG$zGc$mQ!Z_7Fdl8-y|8)b^WP0K~&Uxlu+FGlZ4Qm2-8t|!wEi7v!Wjw+`3>t{D01KIu1(bXrG6nEh(yp8*^)3IAle_)zbjTS?%gN zC=0!XdvRzAg^X)h!IxdE1#b^WN{pj}?z`hCpn{brU<9tqTEu9+TsU9Ceb9yu)O36Q zYG8Vu^v#O>L>|y`eDh_W+dHZ~Z=5hHwy*^zQM>IQP%n6fYw>qePij#^teqCs`^WEN z$W%>lgtJ5Lp$5oNdjmBy&YhCw)0>vO``RhoTQ{(E?uUw7JB*Z->0Z#(ss5jK01_r~ zrNog`lzx>QozqU?mtOam)Tm6>t0I!a*L)T_*`k(wwiCR1yEmp-W{Ve;G-66u^mx|U zD|sa{6o+7bImIHCH$8E&cx@nPV+9qQ*qqk8AUT_D)vk5BW{r)q9~rD%DO`|2nv6W8 z8FSNJ72kVn2T>_1r%%P3>OWQr_FaSU8+ykgOS0Rbi&jHG;Z=nSWdEcr?j{mOF`z9A ztpSAsan2LX|Z|D)^iRj=)8pzNu4gsLd|f8<** zxTidHFA-)G1~;8^g>Ec+WOzRn`W~?xw5NVouOoP}Lu7z18!(-VE?o&v zIis=0VvtLjE}XX}SgnHS%BIYAVXsUSp)REGDAMyozGuy;-Fz~ogDebRl-EMjKhV=X zu-d^cS^)P+z@}fp!5zEcUYMh;rGG(QQyf=Y?Ph}G)_M4wW#nlvAyP_GL1KTXXTJy> zU%Ho>&quW*=q|)rQ&-toc!J3U zOGXJ9CZTv7G%~-qC zaec1_wB={%Ry9NEFeX?f#t%jK@{Go$jCRbsa$10pSe{U;_$eE>jy#WFi9hZFW1;`@ zKw+opdGlItP2!yULd-MJJ$*UhD5b~P*dsh077lh0sebB5c=>tslJTJGt-ag}wJNU- z78L#-bJG@kyXdxyF{iSH0=-;+we{JN`sLz^EM7R;dt7g=DogkX%cqnn`c-E=-7gBg z+rQUhA5Au80tG85=aC1$^w(YJux#cp@zUcYH;HJc(Qn01zq@goB|K%ixc1dU|I3-e z0o9wkU}$bwqMI=OYAj?Xf8WLfM!RnB4naL?Aw83M;y1Tw8>sYGrnDoVSml+<)|PcM z)ZF;ScG|yTyX1Xt%`|H^_%S%A=RA2W`n@$4|tMwI2fV1 zRv%@lWgW$_)2bOQ88-FnMar`fXOrxoDUzPQGpg3dIBbzy<`r3LiboZw@lz9Ig1GKW zGI#Hrl9=Z!kSf|0vdhH1DoNHIY}f7FuF}6iurP^mlT25#d$IR#aQ9d;HgAr|-ii;g z21<+6K8f~}TH|XDJmcQ3zL<22u@gL4@QK^_7z-1{AypsjZnIN!FuVn>r~5ahaw84` z-;28CjC9*(+8k_n&2j%V0u+lPt%*!OaG+l%oRHw51K81kfK6?{^xrMxr%heVOEpXj z2SayL3iL!UMA!KPwwNarrlk6$5K1)YqwU(RHgS+hq;tNI?Tea)&Fg3-=d*-fVMlS9 z+_OQ8{u<3W87|0MFrjPYlt~1x;e1ioGH^-Od5DJ41RHN+3{x>yYK4yG;HdEmZ&ks{ ziTeuoO1@Dim(c0T{E5LvRk4+@bY<~H7llqD(anat)x@i*2Pm8`_rg7Leyk6}>N;oH zY99UXs8%P1i8>R|ac0|QT6&4OdpE?*2!M2nc&|^!M_#NzFHi&2rPDIZ@ud*mgD(k`fJCXr zG+bGw{Km5SIC5E)L;nn7(;02wmtY=1Z16L#sOCBe1N+XM$844yUxJ<8)>!RvU=|qR z?usU3|L~6x3%!}veN;Q_a^=maV#ay92VoS8o1I)elsDryn5LhR{A+;P(NkVvK39`m zLwEJ2)Ovi0x`?gsRaoJwB)Q34-RCS#WvWu}8179IEH9wa{(&H#MDb4AD3j2l#^t=v zl?6(McltQaccNV@4Lb@e?lSIo#Z_sWJFfOO0;8V8^lfTI(;+X9Wxx6X=jE0JC7N^; zYqG|AmBbZJ=qt5OZ*dh`>{ks1rt~S_Z$~YD~+V9@wz05_Y1pJxb32gWW(s+q+er%C>YU7;itD2fTMk>2|fbyv- zUIgPOY%qzZ>7fDY7(!d59)<$i)_%!9xnrT$<>^FA)nv~MUM;imN`fFxbVwRJTEQUL z1cGjHdCYgTMWI<4vF}*$_~)lS}gv1*5ZEl-uHc9``Xu4@6?Paoc`cgT?LK(hQi93OuvJtu22ih=U#JP zkoI5iTI3kL&>;=}@M~$+RlvvLn3OJ9WV#3s{6vbN-K8gy!WAz^@JC=~YnAC(j3^Ea z`d7)PTRk+oH#S9N=pC=9{9T}L*4M_DBKYoHn{)9oBfna6mfquB)dj4PKF2U0U0X< zuBKEP6CLdB@9(iIil&P6YKoFiWy}I#jn?Q#~9^B%1Qa!~H#M$0PX6x@qes)V_l$4Q~U> zP(4s3Q3;{kfbBx1V#ex4-h+4IyUSez^t+a8UqRwg4&$SNBZCxlt>fhb?K`ga!EVxJ zw^L|-Y|U{bufUgL8Vr9pXm_}KV%qOtqytY3Fk2Y5N3yOWns8heihLt~e zuAhM19dwK4Zeds5xN#939qQ8CQpo^LoH{e9zXi(Kz1++ldle$Fz1!bVPCB7`<@X0f3^70x{IXW-JP??)6|RHTJDVE3>w26we#NrnJyw=fLCm9LA88}azHF|TC>)DS`(j31DG#lJZmVVnpsCaPQ`n6j$ZlyD}mEjL~H>#v_4 z+gj+p__r@hozW~NJf(RN#!eW?b!l_ts}tATpryCN(B&5o+emMZ-^A|ba~b$G(yo_@ zC9IL(dA&#PdMw{!p$XBx^PIpa__k|OSVT-Vd3ax1h~$P9ULJlJu2C1D{!19R-~}8) z?Z1A4*9WZ)ICoKPrB9*NCvJEC4Ety|5?s>wLyf*s+yPiEZXOx0Z(OiaKhWg5#y-|i zYM@qBYf_dg^Ox z#WmPup8sUy(kk|0QuAwmkyEm~#YiYHq+NuuT?cFz=>0_L+m@3P$)D__UL> z4~wOb$3=bP?h}487{GC32J1|@51JV$@Q{<}^NLNnO1xZqJ7Z8xdHB=zxwVLu@E54S zh%L2LM(QE%jxQ;~&NzXP9O%T*ax)mykI@A5ArU+5#dnK#a_?Sd5@*XHo1udC$mr6P z0Jlfcj$gG$(>(YSy<+eDx~{NEgK~lDl_bzMTc|s3LCT*)q6K{+(gFdT0l!QeFwNBT z0KW+9W`?}Z2DIQ7@c;~(Go{@NJI=4OlqTe)Bi>O>2Vw0EoTZuBsooddN)KRtls-3O zpFd}5`9uChz>>qLz+MiEH%Q0hIgZ9rtv{43z`EgM9!of%)Ft#-{|n9$>RW=saJT)3 z1Eyi#l#z*l^@RjvPV#+6Ov-8QjZIZmz^Jhwrj5xvDYY~B+2K8&O{dtz0>|rf4NG;h zqfo*dmhDlWSC&zc(=|6P&10Kv`0$;{C2yJNw*@O!cs0>?8yb7gnSbcd-i(x@LGDe$ zxFuS8&#Nn|xdQ?Lw^6?dZ)EGr61OJ|3<5xEL(&Y9bzVOT2K})2shE>g60dJ~Nqe4P zIe9?JV4TrV)?r^yH+aB)>LO8^tL^JTEq&)`)EyMYJ*_}T!jB{=C{ zwiDJK0tCo+d4YTcDD)vZabg0`)|8=;^348>Nxw6ANE?qV@? zoojsZr{XD#VrDr4KRC0avdXgABTDJcITwNN{?c8Is-gB}T$2A}wIX!)d4>2?cYG#O zr+poI*|pZj@&;VZ_1oq{w0yCf*Fi(ijjTCRH8%w%Z;1V*cyb+qSnk>@4k8cBOKy~w ztG3oR8lpKbQXhJ4spb9HK1N2v_+N@bo%{jIWad)YZeZ$f3zpP5eBtf4mW{fS(V+Mp z6aAP{E*9|BaT<{M7a~kB@{#%!r$q1^GyN3$$*@0L3gI(ol96|-U#|wF-7j&QnW+k?_a_OJx#`Hk7O4ZopD5uj zZ3_m33n;4)RmW<$G!PTwhu1x<2ae<%s&IBDnM;oG*sZ6Yi%7>%{onodTQ%WZ>9F9! zYP?RkE?qtMWGwgKpl`gfa+n6O1wbASfN^?|v_IZ!CVPISg!rqot8nBDEixWytG9B< zrP)a{nd_1&E0k^pyA`&vOhhH6+aAyzhZtyqas$dP- zMJi@Mnfy<}j5Z6_5(*Urr&qYzwRDt!jFH&U!}gXZLYMce%l;M6#_&{wAZw` zhlY2I4>yWtLU!Ok*<7eb^>ZK`WsqdqW zhaY_399+MWU+`dV)6TC%8&(hhv6-#o4tO-!R@SM0K>3!ryAZmD*o4~+dr}}x`Mc2U(3i^{(r z-HJK|CA)W1&)U>(@`xFA_D~IZd{4?Goan+i;uW9ZZ&W{lyz}%b3p8P7GduxrJ~Vum zj(^u`|HNNkM<>Qqn#c@(ee*s{JvS^`evACKQdHs$T>dE&hWFq?HGIHnYBGX`3W>nO z&+XcmvQt+Q;DO=~>Gu#`4l1NOL9(1Kg!ZAxe`W*dXjgPh4g10z=*L0KqN-qk1lV;s z3X&+*`MZl_S4BT`pWQFnOGxF7GoooK&IBkYcit&r`63ki^uB(47+nCW2cL43yd;iUIx4|u(w4@2+q1w=P z#r@Q<{+tfv2G?uk%C$n2TSwjY)hcvsSC=#}Yk5cI=sVN7P;$yXYSCIR`ZWCF zL&1de!QR`{)Gx1}M|I>W{tc13*88U>YRA*QZ6V4+nf-z07v{zkrmOMmfb<^^ zz8t*)fc>P1k-Tc$UuR6Na8y9L_k?+`F+BFhOvHmnc(^DaOf{uGFNLmpsTpnO=N>t7 zm@2Q3bg`r<961pR;LhVZLuQ_}9FzTH&Qt%-WFq^g3xYv4Z zRkPZ%n#TrE7&2TcEWd-sGa73{{5Y9;*2U`Zoj0rsff9l^$owO=yfkg*?!?F!nq!fo zJ!4yAx5d_?V1bFXE{mdWPHpf2r4XVsUx}t$K=1)NY$;I#@qTSL?pt=5tS0yFc-4}7 z#uts9kg@bbbeMt>uK~OC`<}$P7F*~H`kD0ayj#mP zg_fIT{h~qt*r?yyglLvf444f-FiA@xrCndNHodoYWFPZGZfC4JJKTOuUqrA=&PwU& zt}a-)l?_d8*e!{#Tv_sRNrSt0t#YAvnar`*tgnT1#}zeoEVpF~?c~Jh8Mf-99V&4^ zh#V`s4R}X`Q*dBQ)azvNjwSauIvJ!IA2Y50WM)VR}`Ly6)q%>uGcT`AO!a=7F}0uoR{81R|3A?+a8&w=A1@tVU)|G zHq96Dyr5VAc>P0ZENXmIK@7OTHXewq5HP`Jxi-}6CBo;SF;zZLH|<8gR>k-~^b6?H zhAb#CBz7ct2=!w;D!kN^nUe&BjYj092h>*ox{q{yZ)~HiqNtQE`Ed#7THgjbC%+dg zCH;cCyiP9|iqxWTwf9>`y5FV!`mvU5!}|CK-D&l<(@}ydl%x{dvp(3LMtpKcBoC1%IO_%5jKGamdoi&^qj^im!h)V zaaLG_%UtbR{2g@9QTbPes7aR={Jv$bWO4?r;mmxA;-i?nBfN}2 z!q4qv&toW=aKxowBLGWahq!SQ$~af6q0 zeCm}bKG-AeS8_%L`0)w6u&p)xlsu~P>OpvbEG`Z;c3;nOGM<#|k)d$Ix`9ScTs;CB zAy~~RTF&k#Kwdoq8R;iUyr7%UN0zA3|D`n=4nRwNhQ5%BvD2xG%rX4TI8W3j#|1O< za>#H-bdDC&`{MIiV^hv4n>{d=unjG>uizzoRWr6I9QORzqt6)9^jz6%%dOj~uLBh9L`>PvEz{NA_L zZ+6>d83wG41LDu|dphdV-l$|^lJQ?R!@t9!8J(de;Ia^xl;Jd0INjRt#@g5TIqAhU zW?hYwNH;{WnccM6tpSX50bZwyGOLF98U6ecxcDJlY&hkiMwsRhaC5a16oo^VN{A~q zq!n$a!G|^H!dbY1HhnXoAn|AQ}{zMrcUc{jrBDh zXHZ5*aZ4Zo$4a-&ErjNlf6v`62(k1VIzD5ue0#I3Xml%KI#$C4z2=?(UsQtEmS#$0 z9j=S}D@<{``YqEV{S-n35Pq9xG#pg28vdB-AT0GA2pOZh(o!HxeBhYy*~|;lBAgtH zT$prge`F`0@QQ7-zb18vsEkoAOu;5I)x20tuU!933c$;$Kfn@rY3<_DqN&MhD5n&0gC;r+QMod}poG zieqkcj&}tz3)EuBNG&a9id|T9$pV%Mvh{HMjn4=ARL6x2==0ke)rY+?yiw7$={#ar zIZgFHH!&d=(_tqm!Ob@Ni?-=GzC{abSZWcmpjh1&8zwdulgu=@QDJKLVZRlBQ)BC? zYsBaq=@^p`184S6w)KlESW6YBX=W{rr28BJicN0p>Xlxap_d+PRt6)OtDSDdjKu>3 zX!r;TEd43EYPqg@xR|Xirp+i|0)^57^U*>?xqO85(USDB&HOoMhCkOr8p+{zRjzR? zw{*rhEifvfLBu_s){Cm#ceWacU0sg|JoFq=h9JRR%L?J+tI_x(OMUGcrrREl_ zfP(75BMzMjl9`LS$?Ky;D5~Te2T0#Ze1gXJdx5m5??=Bz>I#|Z)#VN(Ts-S^us`S( z;^gED|4D!MQ)q7T;nVSTy&;?)_W8aPQ%NrML!irUloIs^=TkkZpZ6P=M&NEWM7SUN zGkifTDI6u%%U0tToWT2hhw(?qc#FW*m`8f{67v^@p(M&hmrn3{QXaxhUINiTApt z^@=0dstCYs-s#hBr)1q2_zs6H2?Lg;@YPJjs?t%u;wXyhU;Uh(!{BSHDT(?Ep=TiU zhEp1A^G9nMQG_FklpCTxZlLF`X5}6=esD5<(1!kKk^&~F(u=0>qHBn94cxpV3-+5^ z%&k(SxD|1Q$+bJ%t@y%Sdd}vs1^HaJzR&j>r<#!~-9Xa4L9Lz0TBoke25%A`lP>sA zg{tGCa)3F%!xaEYkNSb<)#yPB^+r2qyG_lQD8_9^6V_FKAE|!_xU9Z7FPg z^ZDt}^XC1H=`H0VG`HDBvpcpp$h%$y8q@EZe!9As-Kc&RdDfHG>!&72 zM0KIy3{h)2-PucnIhSjC(*1rzJ7ufTGwq?L7s**uD$tgSC=;JU*PEb!P11|c!57YP z1xqZMge4Pi7JS?cupN(YxqD`R6z`1@VQ5E`kQOr8giJ~V(Ks7ynh)l(os8hCY7k-m z8vMZDe@oZ)IFo&6B_5-Wr-KiCjbOLUiHa9M7os0T#F@qHnZ?Na6lt#RMXoo2)1AQ) zyAWqx93^Xan6A5h+zjz}jQi-g*onOqn|R=gCld5K@fj%aR{N1vCFfkQ;lnuYl zor|$IJ^a77g7bwh)=m6=K^87SjRlw|{)4+ExNz(moHjB-@4AwDii(FGBOQLVe0(}c z5x}YcWW^uw=BtS(O|EjZ^$30fT61Yc!hUYj{8|AhpgWf@?S~tUZR(MCB|%ip|46@( zFxeax@F^acmNsXSvN_z8c{>@iIPWG11}zSkw}G@-o|mqx*PF#&xWAZ~|C+fU2ExWf^{187lI@A=SGs1++tXrIV(H+?Q= ziat-R;q(!0n=Q%6CmFR7Xkz!HD8YNH42JPOd-Z;B#zsZu8^1Re>hByjb;K&JX}_w& z`Ic|)KfjrfurL#ztsZ>*)BT`_xPPk4;Yr$Y z``ZY8A~R_09JccvsY;#2@p?o$30vW6qDzA$4*l|`Aj!Yb=3f&{jt8sq5SW0TwjikK z*+X1f)jO28+7**bS9&?|b*P0?M!@WB1sjBvJ0w<+J z?DunQ?XwyK#!2$lFdk}YykZg zOJP3inzfPSWz^r%Xs2`o$<<(nzo+LY;o(|!@-NPFpx)YjYVLqBT~j7nr`4{Si|%He z4%R~s&F-ct{782kb*6)2^CKz;c2;vGw_-J~22j)^7!j%#QJL}jLSG)%DQ(~4R&<8E z7zQkE%~59T*&ecjuMcr|)6(1&&$OL5w+i#>iCs2x_cz*f^hv?9l3NMs)NGYNR|Syp z7H+Q%kA8QH?mGM50g1&}Szq6OQd!@{*9xB%6k+lQ|L@LC!)oCm9pshl&0+7&G{60u z!j#5|Y~qnZEz~;U$=jgj%faIyhwnEBvS;-iVt*%PZ)&eU-16cErAp+;tk4Z8;4?p`C#fshA&V76+6&Vvg8R+?! zKI78blp=lHoub>Pk}(;qqifl(j_)MJIj|?E1VleRXvPg&vMWw^0HMNaja}KDc5hC8 z!yf1{TIwD1_iuZ=g=;44EY)i|QpwtkEpKkdkS$}XDoV#QmN`%Rk8kE59_oVG>upU?$>W2+Z~fyP~DR!@2}bYpKL=gzvt4zVbeMUpeFMJo1P?zEp~ z0}t&~hR-D9`rAfnvb&yvTb1W2Bn%%`2~lv3BKtyFYf`yNt}&ZZG_>={ryu{5jI&nPa1}xm&&?-9ymu zkw3grVcT|O*r_}x+S#dfU2Wn2si%P0h$Ct8s z9cO5U6F!+?aQpWT^nxoceBI;H58=0M6NPpt0&l$7ecaN+UpJkJ8&(#f^i@ZT#>D~2 zr7L68sG6%7fAyJ+CGR)L_?3YbF@$uV7j^vFlA4G)HRsLJsGq}tR?C=k48Yr`Rph-D z@pM@&5dD-x{dz<~MG;a6v!Lv~9bXmw{Gob~8K@7btNn)Ed4Pn5e@}yH7$_J6Sb7c9 zmrfg>0hdp7J;3i_13wz1+@XUPt^JdRR+s>BFiBqG(F3ha7e_8KIkOkoddj%NW$6Kn z_$2jU^R)bh%K+=0%RU93WTFkSqTnBnDet}6MPNy5yQwU4FLZMPWG2#r7=OrZ*=qS| z>4*C}(X|1e&aEqn$R%vKl(^*u$_nC<@Vqo-OU%b{`$m6PzR;Zk4n!{1-WfUNiqap- z@xqQ^vUa;+r*o6fo~unEoXoELgBd$s@eC1rE~;2lsCF*2EQ?IoXE)56Y473Pn1*@T zJw)9acPM57(s zqj)*KxW?&kJO*rvI=X6o-cYR7oaSKI&+EwBpmnNSIk-e8?pU~fd39sTiq9MPILe9v zcfSj1*~c9xuC%%wOc^V#C>(10fw7D z?a3MEhD+s`nzGhMc{>;x8ub)&j~I2@SRcfH*V@~(XSu8pCZb(+fs|HFsTskpJnArW zF^D|*PtZXc{Y)e;O#Gff?0)j33QxV7BTZwCIui_AM6@tgKTixu$l``_Dz@vo zs^Bu`01~fD>nihZMvnFkmKy_s3a@}6b)|^*r5J$P3UGNV1ER1_pBHjqYkAj|L}WhV z{s0;{Iuy$_a3poFJePrq2gIev>D+BC(S9g>Ydp{i@K4n?W38k*M9S9 zZ+B3~^>z*t2{?beeM(8HT?nEQ=bk{vMM1mKv7a7{)bdB7fu0MMiZs3T!E?R1I9C1?)5H=W}%LS?0VfJOyb|c*d4Fg|b8QbfY;*mAGp~JlNE^$z8oK>xh zfMS$(W|*9hnbqVWlJ@SkQ1fa9f2X36Sc{X{u1xhXM32VXuKZ)ruHoKTHl~^! znZ6pT&)A=Kqme3iNwesi2zUIE{2*=_goL%Q9rU28M7t=>^-oY^8&WRn@(j0HJ>~mI~>uxX#CzuS_Yu5aPPr!cQf1p!| zr`>DH-)bsBhz|)@wfq3jgei^OMaO^}oF8!*66KZXwD>Lj`XCS(3oyUbj*BYk5z2J5 zniwC-1TrWY>c+82`I+f&O59Y9^^?JXwMyzX%4&4tE_&(PULTbd_!GB8)+DQm*Q+~Q z$FPdR4JyJ&)i|!{FC|k4Ohre58kR`P35KY1HSGwyXlN4 zZ|{T%54Cc=h3=>WU!fc?YDhC%Asq>*QR~*m; z(a5m%1fJWbZ1$jB65Oh>bYC_4Bc-=(#SM5#JRzFK@Up`OoyB3Y$%^oc--DvwOiJ}K zR%~?GEnnU4n@!zI>bm~6fr%p$Q!y#s6lK%9s{&Wqdmga2=qkROjFuoS zn|t@t?xAV?1{6c&%*3cx2S^@K|27~j`Lif(KG2f|2e8efMV(>v(z_ij`xyC}7;@~Y zd0#N1DS+~J<|x!q8v}7H-qE#~IdXDjeMSP^UnIuDmaywnV|PJ!18Y_T5bJq&$aU7y z@nONOVJ^#+gFSF>>$AgaIjfvf@mLM(1e4R}6X*aU#?SZZ9d)BA%Z_9$Yj3#d+cZg7qvO%EoFC|jA{)9M@_#t5+|B65^!F>zcOC%f(vY}3M{g{4Z ziq9QGQ240*U_*SvU_+>WI|#<)Qt5M{8b%6If8_dq5sbvEE)|gLrKk>RPQcVZ!B?5i zsN%X5%Vxnj5@!1Asr}lSI*Dt}RG+J@c(Ogj4P-iJe-n}Z^6$DC_qjl3{9lueu0|N{ z3-u;&m%d^iR9x?zqp2Qh4pfQYiX7_8BGtN!q+FgO6P+%j=5y`EN*Eo9u1VP3yovPI z#Rv$}7f8ljH`b(K+o-G({&RCRX5Jw!$)^K>Mh}* zHVa`h3bw@+0Jzx&0TC{g@0?vMd|?tqaDF3cqKFHB%N3X?y;5WDxPOBEOD&u9vR&EX z!{p*~96I<2V;BnM) zrq%Z=`=96Q-a9l=!w{tB--((;?0XrN*13wXsqu4&W_}Y!ITPZoap!48B;h2gR8xqB zqo?>@C-U@SxG>Mm#UXvET$2le1fbzx%!Mz)#b+=X&fKV9azu9j|4+wupqU_EWi}46 dy^K-rACGPgzB0aJ4fr|v!|4;%-$(!U{{SkM0I&c6 From d7befb5dab855ed53872933ddd5cb28ca03cc195 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 14 Aug 2019 10:13:14 +0500 Subject: [PATCH 16/53] Update windows-analytics-FAQ-troubleshooting.md --- .../update/windows-analytics-FAQ-troubleshooting.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md index 423c82f71c..9ec14560e7 100644 --- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md +++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md @@ -53,12 +53,12 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win ### Devices not appearing in Upgrade Readiness -In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and verify that you are subscribed to the Windows Analytics solutions you intend to use. +In Log Analytics, go to **Solutions** and verify that you are subscribed to the Windows Analytics solutions you intend to use. Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices within a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/You-can-now-check-on-the-status-of-your-computers-within-hours/ba-p/187213) on the Tech Community Blog. >[!NOTE] -> If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** remove the Upgrade Readiness solution, and then re-add it. +> If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id, See[Enrolling devices in Windows Analytics.](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started) If devices are not showing up as expected, find a representative device and follow these steps to run the latest pilot version of the Upgrade Readiness deployment script on it to troubleshoot issues: @@ -230,9 +230,7 @@ We have identified an incompatibility between AbnormalShutdownCount and the Limi If you want to stop using Upgrade Readiness and stop sending diagnostic data to Microsoft, follow these steps: -1. Unsubscribe from the Upgrade Readiness solution in Azure Portal. In Azure Portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option. - - ![Upgrade Readiness unsubscribe](images/upgrade-analytics-unsubscribe.png) +1. Delete the Upgrade Readiness Solution in Log Analytics Workspace. In Log Analytics Workspace, go to **Solutions > Compatibility Assessment > Delete** 2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**: From 3c6bd84c01818ca5c92fe2fd32978dd7eb3bc46e Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 14 Aug 2019 10:20:40 +0500 Subject: [PATCH 17/53] Revert "Update windows-analytics-FAQ-troubleshooting.md" This reverts commit d7befb5dab855ed53872933ddd5cb28ca03cc195. --- .../update/windows-analytics-FAQ-troubleshooting.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md index 9ec14560e7..423c82f71c 100644 --- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md +++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md @@ -53,12 +53,12 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win ### Devices not appearing in Upgrade Readiness -In Log Analytics, go to **Solutions** and verify that you are subscribed to the Windows Analytics solutions you intend to use. +In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and verify that you are subscribed to the Windows Analytics solutions you intend to use. Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices within a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/You-can-now-check-on-the-status-of-your-computers-within-hours/ba-p/187213) on the Tech Community Blog. >[!NOTE] -> If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id, See[Enrolling devices in Windows Analytics.](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started) +> If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** remove the Upgrade Readiness solution, and then re-add it. If devices are not showing up as expected, find a representative device and follow these steps to run the latest pilot version of the Upgrade Readiness deployment script on it to troubleshoot issues: @@ -230,7 +230,9 @@ We have identified an incompatibility between AbnormalShutdownCount and the Limi If you want to stop using Upgrade Readiness and stop sending diagnostic data to Microsoft, follow these steps: -1. Delete the Upgrade Readiness Solution in Log Analytics Workspace. In Log Analytics Workspace, go to **Solutions > Compatibility Assessment > Delete** +1. Unsubscribe from the Upgrade Readiness solution in Azure Portal. In Azure Portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option. + + ![Upgrade Readiness unsubscribe](images/upgrade-analytics-unsubscribe.png) 2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**: From 560ca12b3a7a96a76995fac6a531a0bc914cc728 Mon Sep 17 00:00:00 2001 From: Andrew Baker Date: Wed, 14 Aug 2019 16:29:15 +0100 Subject: [PATCH 18/53] Fixed typo on command line 93 --- devices/surface-hub/surface-hub-2s-account.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-2s-account.md b/devices/surface-hub/surface-hub-2s-account.md index 025b2b8320..b3e9822a05 100644 --- a/devices/surface-hub/surface-hub-2s-account.md +++ b/devices/surface-hub/surface-hub-2s-account.md @@ -90,5 +90,5 @@ Import-Module LyncOnlineConnector $SfBSession = New-CsOnlineSession -Credential (Get-Credential) Import-PSSession $SfBSession -AllowClobber Enable the Skype for Business meeting room -Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPoo(Get-CsTenant).Registrarpool -SipAddressType EmailAddress +Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPool(Get-CsTenant).Registrarpool -SipAddressType EmailAddress ``` From ebc54f31c6e63de503fc222bc2e538ad06544983 Mon Sep 17 00:00:00 2001 From: Joe Bartlett Date: Wed, 14 Aug 2019 16:50:15 +0100 Subject: [PATCH 19/53] Fix Intune "Cloud-delivered protection" setting Changed guidance on Intune's "Cloud-delivered protection" toggle to "Not configured" as per the Intune documentation. --- .../enable-cloud-protection-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md index 69fc95abeb..c9aca52f0d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md @@ -42,7 +42,7 @@ There are specific network-connectivity requirements to ensure your endpoints ca 2. Select **All services > Intune**. 3. In the **Intune** pane, select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure). 4. Select **Properties**, select **Settings: Configure**, and then select **Windows Defender Antivirus**. -5. On the **Cloud-delivered protection** switch, select **Enable**. +5. On the **Cloud-delivered protection** switch, select **Not configured**. 6. In the **Prompt users before sample submission** dropdown, select **Send all data without prompting**. 7. In the **Submit samples consent** dropdown, select one of the following: From 18bfa96b1b6533d8dfcd6de6cbcafbb4ffb06447 Mon Sep 17 00:00:00 2001 From: Sarah Date: Wed, 14 Aug 2019 16:21:18 -0700 Subject: [PATCH 20/53] enterprise get started --- devices/hololens/TOC.md | 14 +- devices/hololens/hololens-install-apps.md | 19 +-- devices/hololens/hololens-requirements.md | 195 ++++++++++++++-------- devices/hololens/hololens-status.md | 36 ++++ 4 files changed, 177 insertions(+), 87 deletions(-) create mode 100644 devices/hololens/hololens-status.md diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 36cbb30a09..131cd75b9d 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -1,23 +1,26 @@ -# [Microsoft HoloLens](index.md) +# [HoloLens overview](index.md) +# [Hololens status](hololens-status.md) + # [What's new in HoloLens](hololens-whats-new.md) # [Set up HoloLens](hololens-setup.md) -# Deploy HoloLens in a commercial environment +# Get started with HoloLens in commercial environments ## [Overview and deployment planning](hololens-requirements.md) +## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) ## [Configure HoloLens using a provisioning package](hololens-provisioning.md) ## [Enroll HoloLens in MDM](hololens-enroll-mdm.md) +## [Set up ring based updates for HoloLens](hololens-updates.md) +## [Manage custom enterprise apps](hololens-install-apps.md) +## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) # Device Management -## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) ## [Install localized version of HoloLens](hololens-install-localized.md) -## [Manage updates to HoloLens](hololens-updates.md) ## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) ## [Use the HoloLens Clicker](hololens-clicker.md) ## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) ## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md) # Application Management -## [Install apps on HoloLens](hololens-install-apps.md) ## [Share HoloLens with multiple people](hololens-multiple-users.md) ## [Cortana on HoloLens](hololens-cortana.md) ## [Get apps for HoloLens](hololens-get-apps.md) @@ -33,4 +36,3 @@ # [Insider preview for Microsoft HoloLens](hololens-insider.md) # [Change history for Microsoft HoloLens documentation](change-history-hololens.md) - diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md index c4f9c80521..7ff737a027 100644 --- a/devices/hololens/hololens-install-apps.md +++ b/devices/hololens/hololens-install-apps.md @@ -1,16 +1,15 @@ --- -title: Install apps on HoloLens (HoloLens) +title: Install apps on HoloLens description: The recommended way to install apps on HoloLens is to use Microsoft Store for Business. ms.prod: hololens ms.mktglfcycl: manage ms.sitesec: library -author: dansimp -ms.author: dansimp +author: scooley +ms.author: scooley ms.topic: article ms.localizationpriority: medium ms.date: 10/23/2018 ms.reviewer: -manager: dansimp --- # Install apps on HoloLens @@ -72,9 +71,9 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft. >[!IMPORTANT] >When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode) -1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. +1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. -2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_usb). +2. On a PC, connect to the HoloLens using [Wi-Fi](https://docs.microsoft.com/windows/mixed-reality/connecting-to-wi-fi-on-hololens) or USB. 3. [Create a user name and password](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#creating_a_username_and_password) if this is the first time you connect to the Windows Device Portal, or enter the user name and password that you previously set up. @@ -84,13 +83,7 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft. 4. In the Windows Device Portal, click **Apps**. ![App Manager](images/apps.png) - + 5. In **Install app**, select an **app package** from a folder on your computer or network. If the app package requires additional software, such as dependency frameworks, select **I want to specify framework packages**. 6. In **Deploy**, click **Go** to deploy the app package and added dependencies to the connected HoloLens. - - - - - - diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md index 0ff5596fa3..6d0b1dcf12 100644 --- a/devices/hololens/hololens-requirements.md +++ b/devices/hololens/hololens-requirements.md @@ -1,88 +1,147 @@ --- -title: HoloLens in the enterprise requirements and FAQ (HoloLens) -description: Requirements and FAQ for general use, Wi-Fi, and device management for HoloLens in the enterprise. +title: Set up HoloLens in a commercial environment +description: Learn more about deploying and managing HoloLens in enterprise environments. ms.prod: hololens ms.sitesec: library -author: dansimp -ms.author: dansimp +ms.assetid: 88bf50aa-0bac-4142-afa4-20b37c013001 +author: scooley +ms.author: scooley ms.topic: article ms.localizationpriority: medium -ms.date: 06/04/2018 -ms.reviewer: -manager: dansimp +ms.date: 07/15/2019 --- -# Microsoft HoloLens in the enterprise: requirements and FAQ +# Deploy HoloLens in a commercial environment -When you develop for HoloLens, there are [system requirements and tools](https://developer.microsoft.com/windows/mixed-reality/install_the_tools) that you need. In an enterprise environment, there are also a few requirements to use and manage HoloLens which are listed below. +TODO - [Commercial features](https://docs.microsoft.com/en-us/windows/mixed-reality/commercial-features) -## Requirements +Deploy and configure HoloLens at scale in a commercial setting. -### General use -- Microsoft account or Azure Active Directory (Azure AD) account -- Wi-Fi network to set up HoloLens +This article includes: ->[!NOTE] ->After you set up HoloLens, you can use it offline [with some limitations](https://support.microsoft.com/help/12645/hololens-use-hololens-offline). +- infrastructure requirements and recommendations for HoloLens management +- tools for provisioning HoloLens +- instructions for remote device management +- options for application deployment +This guide assumes basic familiarity with HoloLens. Follow the [get started guide](./hololens-setup.md) to set up HoloLens for the first time. + +## Infrastructure for managing HoloLens + +HoloLens are, at their core, a Windows mobile device integrated with Azure. They work best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services. + +Critical cloud services include: + +- Azure active directory (AAD) +- Windows Update (WU) + +Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure in order to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune) as an example though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2. + +HoloLens does support a limited set of cloud disconnected experiences. + +## Initial set up at scale + +The HoloLens out of box experience is great for setting up one or two devices or for experiencing HoloLens for the first time. If you're provisioning many HoloLens devices, however, picking your language and settings manually for each device gets tedious and limits scale. + +This section: + +1. introduces Windows provisioning using provisioning packages +1. walks through applying a provisioning package during first setup + +### Create and apply a provisioning package + +The best way to configure many new HoloLens devices is with Windows provisioning. Using Windows provisioning, you can specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in minutes. + +A [provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) (.ppkg) is a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device. + +### Upgrade to Windows Holographic for Business + +- HoloLens Enterprise license XML file + +Some of the HoloLens configurations that you can apply in a provisioning package: + +- Apply certificates to the device +- Set up a Wi-Fi connection +- Pre-configure out of box questions like language and locale. +- (HoloLens 2) bulk enroll in mobile device management +- (HoloLens v1) Apply key to enable Windows Holographic for Business + +Follow [this guide](https://docs.microsoft.com/hololens/hololens-provisioning) to create and apply a provisioning package to HoloLens. + +### Set up user identity and enroll in device management + +The last step setting up HoloLens for management at scale is to enroll devices with mobile device management infrastructure. There are several ways to enroll: + +1. Bulk enrollment with a security token in a provisioning package. + Pros: this is the most automated approach + Cons: takes initial server-side setup +1. Auto-enroll on user sign in + Pros: easiest approach + Cons: users will need to complete set up after the provisioning package has been applied +1. _not recommended_ - Manually enroll post-setup + Pros: possible to enroll after set up + Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled. + +Learn more about MDM enrollment [here](hololens-enroll-mdm.md). + +## Ongoing device management + +Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely. + +This article outlines [policies and capabilities HoloLens supports](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#hololens). + +[This article](https://docs.microsoft.com/intune/windows-holographic-for-business) talks about Intune's management tools for HoloLens. + +### Push compliance policy via Intune + +[Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are not-compliant. + +For example, you can create a policy that requires Bitlocker be enabled. + +[Create compliance policies with Intune](https://docs.microsoft.com/intune/compliance-policy-create-windows). + +### Manage updates + +Intune includes a feature called update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed. + +For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update. + +Read more about [configuring update rings with Intune](https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure). + +## Application management + +Manage holoLens applications through: + +1. Microsoft Store + The Microsoft Store is the best way to distribute and consume application on HoloLens. There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/en-us/windows/uwp/publish/). + All applications in the store are available publicly to everyone, if that isn't acceptable, checkout the Microsoft Store for Business. + +1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/) + Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It lets you deploy apps that are specific to your commercial environment but not to the world. + +1. Application deployment and management via Intune or another mobile device management solution + Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy). + +1. _not recommended_ Device Portal + Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use device portal. + +Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps). + +## Get support + +Get support through the Microsoft support site. + +[File a support request](https://support.microsoft.com/en-us/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f). + +## Technical Reference + +### Wireless network EAP support -### Supported wireless network EAP methods - PEAP-MS-CHAPv2 - PEAP-TLS -- TLS +- TLS - TTLS-CHAP - TTLS-CHAPv2 - TTLS-MS-CHAPv2 - TTLS-PAP - TTLS-TLS - -### Device management -- Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4) -- Wi-Fi network -- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs - -### Upgrade to Windows Holographic for Business -- HoloLens Enterprise license XML file - - -## FAQ for HoloLens - - -#### Is Windows Hello for Business supported on HoloLens? - -Windows Hello for Business (using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens: - -1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md). -2. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello)) -3. On HoloLens, the user can then set up a PIN from **Settings** > **Sign-in Options** > **Add PIN**. - ->[!NOTE] ->Users who sign in with a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview). - -#### Does the type of account change the sign-in behavior? - -Yes, the behavior for the type of account impacts the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type. - -- Microsoft account: signs in automatically -- Local account: always asks for password, not configurable in **Settings** -- Azure AD: asks for password by default; configurable by **Settings** to no longer ask for password. - ->[!NOTE] ->Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is respected only when the device goes into StandBy. - - -#### How do I remove a HoloLens device from the Intune dashboard? - -You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard. - - -## Related resources - -[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/) - -[Get started with Intune](https://docs.microsoft.com/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune) - -[Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms) - -[Azure AD editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/) - diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md new file mode 100644 index 0000000000..22c5e995db --- /dev/null +++ b/devices/hololens/hololens-status.md @@ -0,0 +1,36 @@ +--- +title: HoloLens status +description: Shows the status of HoloLens online services. +author: todmccoy +ms.author: v-todmc +ms.reviewer: luoreill +manager: jarrettr +audience: Admin +ms.topic: article +ms.prod: hololens +localization_priority: Medium +ms.sitesec: library +--- + +# HoloLens status + +✔️ **All services are active** + +**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical + +Area|HoloLens (1st gen)|HoloLens 2 +----|:----:|:----: +[Azure services](https://status.azure.com/en-us/status)|✔️|✔️ +[Store app](https://www.microsoft.com/en-us/store/collections/hlgettingstarted/hololens)|✔️|✔️ +[Apps](https://www.microsoft.com/en-us/hololens/apps)|✔️|✔️ +[MDM](https://docs.microsoft.com/en-us/hololens/hololens-enroll-mdm)|✔️|✔️ + +## Notes and related topics + +[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/en/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens) + +For more details about the status of the myriad Azure Services that can connect to HoloLens, see [Azure status](https://azure.microsoft.com/en-us/status/). + +For more details about current known issues, see [HoloLens known issues](https://docs.microsoft.com/en-us/windows/mixed-reality/hololens-known-issues). + +Follow HoloLens on [Twitter](https://twitter.com/HoloLens) and subscribe on [Reddit](https://www.reddit.com/r/HoloLens/). From dcfbc4d9ee7007eed23baa9714bba668769b9d02 Mon Sep 17 00:00:00 2001 From: Sarah Date: Wed, 14 Aug 2019 16:29:39 -0700 Subject: [PATCH 21/53] navigation --- devices/hololens/TOC.md | 13 ++- devices/hololens/holographic-home.md | 90 +++++++++++++++++++ .../hololens/holographic-photos-and-video.md | 43 +++++++++ devices/hololens/hololens-cortana.md | 50 +++++++++-- .../hololens/hololens-find-and-save-files.md | 3 + devices/hololens/hololens-start.md | 57 ++++++++++++ 6 files changed, 246 insertions(+), 10 deletions(-) create mode 100644 devices/hololens/holographic-home.md create mode 100644 devices/hololens/holographic-photos-and-video.md create mode 100644 devices/hololens/hololens-start.md diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 131cd75b9d..ae780add6e 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -1,8 +1,9 @@ # [HoloLens overview](index.md) # [Hololens status](hololens-status.md) -# [What's new in HoloLens](hololens-whats-new.md) -# [Set up HoloLens](hololens-setup.md) +# Get started with HoloLens (gen 1) +## [Start your HoloLens (1st gen) for the first time](hololens-start.md) +## [Install localized version of HoloLens](hololens-install-localized.md) # Get started with HoloLens in commercial environments ## [Overview and deployment planning](hololens-requirements.md) @@ -13,8 +14,13 @@ ## [Manage custom enterprise apps](hololens-install-apps.md) ## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) +# Navigating Windows Holographic +## [Windows Mixed Reality home](holographic-home.md) +## [Voice and Cortana](hololens-cortana.md) +## [Find and save files](hololens-find-and-save-files.md) +## [Create, share, and view photos and video](holographic-photos-and-video.md) + # Device Management -## [Install localized version of HoloLens](hololens-install-localized.md) ## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) ## [Use the HoloLens Clicker](hololens-clicker.md) ## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) @@ -22,7 +28,6 @@ # Application Management ## [Share HoloLens with multiple people](hololens-multiple-users.md) -## [Cortana on HoloLens](hololens-cortana.md) ## [Get apps for HoloLens](hololens-get-apps.md) ## [Use apps on HoloLens](hololens-use-apps.md) ## [Use HoloLens offline](hololens-offline.md) diff --git a/devices/hololens/holographic-home.md b/devices/hololens/holographic-home.md new file mode 100644 index 0000000000..d48aa839a2 --- /dev/null +++ b/devices/hololens/holographic-home.md @@ -0,0 +1,90 @@ +--- +title: Navigate the Windows Mixed Reality home +description: Navigate the Windows Mixed Reality home in Windows Holographic. +ms.assetid: 742bc126-7996-4f3a-abb2-cf345dff730c +ms.date: 08/07/2019 +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: scooley +ms.author: scooley +ms.topic: article +ms.localizationpriority: medium +--- + +# Navigate the Windows Mixed Reality home + +## [Navigating MR Home](https://docs.microsoft.com/en-us/windows/mixed-reality/navigating-the-windows-mixed-reality-home) + +## Use the Start menu + +The **Start** menu on HoloLens is where you'll open apps and get to the HoloLens camera. + +Wherever you are in HoloLens, you can always open the **Start** menu by using the [bloom gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) on HoloLens (1st gen) or tapping your wrist on HoloLens 2. Usually, you'll use it once to get to **Start**, but sometimes you might need to use it twice. + +> [!TIP] +> When the **Start** menu is open, use the start gesture to hide it again. + +At the top of the **Start** menu, you'll see status indicators for Wi-Fi, battery, and volume, plus a clock. The tiles are your pinned apps. To talk to Cortana, select her tile, or just say "Hey Cortana" from anywhere on HoloLens. At the bottom you'll find the photo and video icons, which open the camera app. + +To see the rest of your apps, select **All apps**. To get back to **Start** from the **All apps** list, select **Pinned apps**. + +## Use apps on HoloLens + +Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows, and apps with holographic view surround you and become the only app you see. + +### Open apps + +You'll find your apps either pinned to Start or in the All apps list. To get to the All apps list, use the bloom gesture to go to Start, then select **All apps**. + +On Start or in the All apps list, select an app. It will open in a good position for viewing. + +>[!NOTE] +>- Up to three 2D app windows can be active at a time. You can open more, but only three will remain active. +>- Each open app can have one active window at a time, except Microsoft Edge, which can have up to three. +>- If you're having problems with apps, make sure there's enough light in your space, and walk around so HoloLens has a current scan. If you keep having trouble, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq) for more info. + +## Move, resize, and rotate apps + +Moving and resizing apps on HoloLens works a bit differently than it does on a PC. Instead of dragging the app, you'll use your gaze, along with a [gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) or the [clicker](hololens-clicker.md). You can also rotate an app window in 3D space. + +> [!TIP] +> Rearrange apps using your voice—gaze at an app and say "Face me," "Bigger," or "Smaller." Or have Cortana move an app for you: say "Hey Cortana, move <*app name*> here." + +### Move an app + +Gaze at the app, and then do one of the following. + +- Tap and hold to select the app. Move your hand to position the app, and raise your finger to place it. + +- Select **Adjust**, tap and hold, and move your hand to position the app. Raise your finger to place it, then select **Done**. +- Select **Adjust**, click and hold the clicker, and move your hand to position the app. Release the clicker, then select **Done**. + +> [!TIP] +> If you drop apps when you move them, make sure to keep your hand in the gesture frame by following it with your gaze. + +### Resize an app + +Gaze at the app, and then do one of the following. + +- Gaze at a corner or edge of an app window, and tap and hold. Move your hand to change the app's size, and raise your finger when you're done. + +- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, tap and hold, then move your hand to resize the app. Raise your finger to release it, then select **Done**. +- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, click and hold the clicker, then move your hand to resize the app. Release the clicker, then select **Done**. + +> [!TIP] +> In Adjust mode, you can move or resize any hologram. + +### Rotate an app + +Gaze at the app, and tap and hold with both hands to select it. Rotate the app by keeping one hand steady and moving your other hand around it. When you're done, raise both index fingers. + +## Close apps + +To close an app that uses 2D view, gaze at it, then select **Close**. + +To close an app that uses holographic view, use the bloom gesture to leave holographic view, then select **Close**. + +## Pin apps + +Keep your favorite apps handy by pinning them to **Start**. In the **All apps** list, gaze at an app to highlight it. Tap and hold until the menu appears, then select **Pin**. To unpin an app, gaze at the app on **Start**, then tap and hold and select **Unpin**. diff --git a/devices/hololens/holographic-photos-and-video.md b/devices/hololens/holographic-photos-and-video.md new file mode 100644 index 0000000000..721198bb1e --- /dev/null +++ b/devices/hololens/holographic-photos-and-video.md @@ -0,0 +1,43 @@ +--- +title: Create, share, and view photos and video +description: Create, share, and view photos and video +ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593 +ms.date: 08/07/2019 +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +ms.reviewer: +manager: jarrettr +appliesto: +- Hololens (1st gen) +--- + +# Create, share, and view photos and video + +Use your HoloLens to take photos and videos that capture the holograms you've placed in your world. + +To sync your photos and videos to OneDrive, open the OneDrive app and select **Settings** > **Camera upload**, and then turn on **Camera upload**. + +## Take a photo + +Use the [bloom](https://support.microsoft.com/help/12644/hololens-use-gestures) gesture to go to **Start**, then select **Photo**. Use gaze to position the photo frame, then air tap to take the picture. The picture will be saved to your collection in the Photos app.

    MessageDate
    August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows
    The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
    		August 13, 2019
    10:00 AM PT
    Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506)
    On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.)
    		August 13, 2019
    10:00 AM PT
    Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
    On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in the Windows Collaborative Translation Framework (CTF) service that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
    		August 13, 2019
    10:00 AM PT
    Take action: Install required updates for Windows 7 SP1 and Windows Server 2008 RS2 SP1 for SHA-2 code sign support
    As of August 13, 2019, Windows 7 SP1 and Windows Server 2008 R2 SP1 updates signatures only support SHA-2 code signing. As outlined in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, we are requiring that SHA-2 code signing support be installed. If you have Windows Update enabled and have applied the security updates released in March 2019 (KB4490628) and August 2019 (KB4474419), you are protected automatically; no further configuration is necessary. If you have not installed the March 2019 updates, you will need to do so in order to continue to receive updates on devices running Windows 7 SP1 and Windows Server 2008 R2 SP1.
    		August 13, 2019
    10:00 AM PT
    Take action: Windows 10, version 1803 (the April 2018 Update) reaches end of service on November 12, 2019
    Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running Windows 10, version 1803 to Windows 10, version 1903 (the May 2019 Update) starting July 16, 2019 to help ensure that these devices remain in a serviced and secure state. For more information, see the Windows 10, version 1903 section of the Windows release health dashboard.
    		August 13, 2019
    10:00 AM PT
    Advisory: Windows Kernel Information Disclosure Vulnerability (CVE-2019-1125)
    On July 9, 2019, Microsoft released a security update for a Windows kernel information disclosure vulnerability (CVE-2019-1125). Customers who have Windows Update enabled and have applied the security updates released on July 9, 2019 are protected automatically; no further configuration is necessary. For more information, see CVE-2019-1125 | Windows Kernel Information Disclosure Vulnerability in the Microsoft Security Update Guide. (Note: we are documenting this mitigation publicly today, instead of back in July, as part of a coordinated industry disclosure effort.)
    		August 06, 2019
    10:00 AM PT
    Resolved August 1, 2019 16:00 PT: Microsoft Store users may encounter blank screens when clicking on certain buttons
    Some customers running the version of the Microsoft Store app released on July 29, 2019 encountered a blank screen when selecting “Switch out of S mode,” “Get Genuine,” or some “Upgrade to [version]” OS upgrade options. This issue has now been resolved and a new version of the Microsoft Store app has been released. Users who encountered this issue will need to update the Microsoft Store app on their device. If you are still encountering an issue, please see Fix problems with apps from Microsoft Store.
    		August 01, 2019
    02:00 PM PT
    Status update: Windows 10, version 1903 “D” release now available
    The optional monthly “D” release for Windows 10, version 1903 is now available. Follow @WindowsUpdate for the latest on the availability of this release.
    		July 26, 2019
    02:00 PM PT
    - + @@ -96,7 +96,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    10:06 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499164    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503292    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    - + diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index dbb57e0e0b..c99e109581 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: "
    DetailsOriginating updateStatusHistory
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

    Back to top    		April 09, 2019
    KB4493472    		Resolved External
    		Last updated:
    August 13, 2019
    10:06 AM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

    Back to top    		April 09, 2019
    KB4493472    		Resolved External
    		Last updated:
    August 13, 2019
    06:59 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart if ArcaBit antivirus software installed
    Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

    Back to top    		April 09, 2019
    KB4493472    		Resolved
    		Resolved:
    May 14, 2019
    01:23 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

    Back to top    		April 09, 2019
    KB4493472    		Resolved
    		Resolved:
    May 14, 2019
    01:22 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

    Back to top    		April 09, 2019
    KB4493472    		Resolved
    		Resolved:
    May 14, 2019
    01:21 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    - + @@ -96,7 +96,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    10:06 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499151    		Resolved
    KB4503283    		June 20, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503276    		Resolved
    KB4503283    		June 20, 2019
    02:00 PM PT
    - + diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 55d16a4b23..ad95a86417 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    DetailsOriginating updateStatusHistory
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

    Back to top    		April 09, 2019
    KB4493446    		Resolved External
    		Last updated:
    August 13, 2019
    10:06 AM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

    Back to top    		April 09, 2019
    KB4493446    		Resolved External
    		Last updated:
    August 13, 2019
    06:59 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart if ArcaBit antivirus software installed
    Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

    Back to top    		April 09, 2019
    KB4493446    		Resolved
    		Resolved:
    May 14, 2019
    01:22 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

    Back to top    		April 09, 2019
    KB4493446    		Resolved
    		Resolved:
    May 14, 2019
    01:22 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

    Back to top    		April 09, 2019
    KB4493446    		Resolved
    		Resolved:
    May 14, 2019
    01:21 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -77,6 +78,7 @@ sections: - type: markdown text: " +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 407e511420..91613ec839 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + @@ -85,6 +86,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 895bd3c1db..14b06262a2 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + @@ -78,6 +79,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Mitigated
    		April 25, 2019
    02:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 930121e60e..0f421e0330 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + @@ -79,6 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		July 10, 2019
    07:09 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 0d6c3bc4dd..43dd7629a1 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,6 +65,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + @@ -85,6 +86,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		July 10, 2019
    07:09 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index a6f1d702b4..84e577f6f6 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,6 +64,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + @@ -86,6 +87,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		August 01, 2019
    05:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 3ea2e03409..ac69403baa 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + + @@ -94,6 +95,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 13, 2019
    05:24 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Issues updating when certain versions of Intel storage drivers are installed
    Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		August 09, 2019
    07:03 PM PT
    Intermittent loss of Wi-Fi connectivity
    Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

    See details >    		OS Build 18362.116

    May 21, 2019
    KB4505057    		Mitigated External
    		August 01, 2019
    08:44 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -104,7 +106,7 @@ sections: text: " +

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in late August.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index f55dd568c1..e6f0096fc3 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,10 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    DetailsOriginating updateStatusHistory
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in late August.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 13, 2019
    05:24 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 13, 2019
    06:59 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Issues updating when certain versions of Intel storage drivers are installed
    Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

    To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

    Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Workaround: To mitigate this issue before the resolution is released, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

    Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

    Next Steps: We are working on a resolution and estimate a solution will be available in late August.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
    Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

    To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

    Affected platforms:
    • Client: Windows 10, version 1903
    Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    July 16, 2019
    09:04 AM PT

    Opened:
    July 12, 2019
    04:20 PM PT
    Initiating a Remote Desktop connection may result in black screen
    When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Next steps: We are working on a resolution that will be made available in upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    July 12, 2019
    04:42 PM PT

    Opened:
    July 12, 2019
    04:42 PM PT
     + - - + +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 13, 2019
    10:05 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    10:06 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 13, 2019
    06:59 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Mitigated
    		July 10, 2019
    02:59 PM PT
    @@ -80,8 +81,9 @@ sections: - type: markdown text: " + - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512506    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 13, 2019
    10:05 AM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 13, 2019
    06:59 PM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -100,6 +102,6 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

    Back to top    		April 09, 2019
    KB4493472    		Resolved External
    		Last updated:
    August 13, 2019
    10:06 AM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

    Back to top    		April 09, 2019
    KB4493472    		Resolved External
    		Last updated:
    August 13, 2019
    06:59 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 202c053f79..14996a4841 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + + @@ -80,6 +81,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    10:06 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493443    		Mitigated
    		May 15, 2019
    05:53 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512488    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -107,7 +109,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

    Back to top    		April 09, 2019
    KB4493446    		Resolved External
    		Last updated:
    August 13, 2019
    10:06 AM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

    Affected platforms:
    • Client: Windows 8.1; Windows 7 SP1
    • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

    Back to top    		April 09, 2019
    KB4493446    		Resolved External
    		Last updated:
    August 13, 2019
    06:59 PM PT

    Opened:
    April 09, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 89a7335b26..033396edf0 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Mitigated
    		July 10, 2019
    02:59 PM PT
    @@ -77,6 +78,7 @@ sections: - type: markdown text: " +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512476    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 5d1e15e515..08e207a24e 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + @@ -79,6 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493462    		Mitigated
    		May 15, 2019
    05:53 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512518    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " From a5f62c669d85e5f29228a57aa087f503df472cce Mon Sep 17 00:00:00 2001 From: Sarah Date: Thu, 15 Aug 2019 10:41:35 -0700 Subject: [PATCH 26/53] fixing build warnings --- devices/hololens/hololens-cortana.md | 1 - devices/hololens/hololens-network.md | 2 +- devices/hololens/hololens-start.md | 5 +++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index 5be69e50cf..d695fabeb9 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -3,7 +3,6 @@ title: Cortana on HoloLens description: Cortana can help you do all kinds of things on your HoloLens ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed ms.date: 08/14/2019 -manager: jarrettrenshaw keywords: hololens ms.prod: hololens ms.sitesec: library diff --git a/devices/hololens/hololens-network.md b/devices/hololens/hololens-network.md index a3082e1e7c..ab771501ee 100644 --- a/devices/hololens/hololens-network.md +++ b/devices/hololens/hololens-network.md @@ -2,6 +2,7 @@ title: Connect to a network description: Connect to a wi-fi or ethernet network with HoloLens. ms.assetid: 0895606e-96c0-491e-8b1c-52e56b00365d +ms.prod: hololens ms.sitesec: library author: Teresa-Motiv ms.author: v-tea @@ -9,7 +10,6 @@ ms.topic: article ms.localizationpriority: medium ms.date: 8/12/19 ms.reviewer: -manager: jarrettr appliesto: - Hololens - HoloLens (1st gen) diff --git a/devices/hololens/hololens-start.md b/devices/hololens/hololens-start.md index 1e8b575f0f..edf7ac3ae5 100644 --- a/devices/hololens/hololens-start.md +++ b/devices/hololens/hololens-start.md @@ -2,6 +2,7 @@ title: HoloLens (1st gen) first start description: Go through the first start experience for HoloLens (1st gen). ms.assetid: 0136188e-1305-43be-906e-151d70292e87 +ms.prod: hololens author: Teresa-Motiv ms.author: v-tea ms.topic: article @@ -15,7 +16,7 @@ ms.localizationpriority: medium The first time you turn on your HoloLens, you'll be guided through calibrating your device, setting up your device, and signing in. This section walks through the HoloLens (1st gen) first start experience. -In the next section, you'll learn how to work with HoloLens and interact with holograms. Skip ahead to [Get started with HoloLens (1st gen)](hololens-basic-usage.md) +In the next section, you'll learn how to work with HoloLens and interact with holograms. Skip ahead to [Get started with HoloLens (1st gen)](holographic-home.md) ## Before you start @@ -54,4 +55,4 @@ Congratulations! Setup is complete and you can begin using HoloLens. ## Next steps > [!div class="nextstepaction"] -> [Get started with HoloLens (1st gen)](hololens-basic-usage.md) \ No newline at end of file +> [Get started with HoloLens (1st gen)](holographic-home.md) From c896c03605a92e3840741c505288fa55e4390a47 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Thu, 15 Aug 2019 12:11:33 -0700 Subject: [PATCH 27/53] Update set-up-school-pcs-whats-new.md Adding WN blurb for 1906, updates about support in SUSPC app. --- education/windows/set-up-school-pcs-whats-new.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md index 27ca52dfd3..546e8c7831 100644 --- a/education/windows/set-up-school-pcs-whats-new.md +++ b/education/windows/set-up-school-pcs-whats-new.md @@ -9,7 +9,7 @@ ms.pagetype: edu ms.localizationpriority: medium author: mjcaparas ms.author: macapara -ms.date: 06/03/2019 +ms.date: 08/15/2019 ms.reviewer: manager: dansimp --- @@ -17,6 +17,15 @@ manager: dansimp # What's new in Set up School PCs Learn what’s new with the Set up School PCs app each week. Find out about new app features and functionality, and see updated screenshots. You'll also find information about past releases. + +## Week of June 24, 2019 + +### Resumed support for Windows 10, version 1903 and later +The previously mentioned provisioning problem was resolved, so the Set up School PCs app once again supports Windows 10, version 1903 and later. The Windows 10 settings that were removed are now back in the app. + +### Device rename made optional for Azure AD joined devices +When you set up your Azure AD join devices in the Set up School PCs app, you no longer need to rename your devices. Set up School PCs will let you keep existing device names. + ## Week of May 23, 2019 ### Suspended support for Windows 10, version 1903 and later From c94274e48fde5478f9a8507ded8cde2478035ec7 Mon Sep 17 00:00:00 2001 From: Sarah Date: Thu, 15 Aug 2019 12:36:44 -0700 Subject: [PATCH 28/53] links --- devices/hololens/change-history-hololens.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index b886719944..a228d800c0 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -50,11 +50,6 @@ New or changed topic | Description --- | --- Insider preview for Microsoft HoloLens | New (topic retired on release of Windows 10, version 1809) -## June 2018 - -New or changed topic | Description ---- | --- -[HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md#pin) | Added instructions for creating a sign-in PIN. ## May 2018 @@ -86,12 +81,6 @@ New or changed topic | Description --- | --- [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | New -## May 2017 - -| New or changed topic | Description | -| --- | --- | -| [Microsoft HoloLens in the enterprise: requirements](hololens-requirements.md) | Changed title to **Microsoft HoloLens in the enterprise: requirements and FAQ**, added questions and answers in new [FAQ section](hololens-requirements.md#faq-for-hololens) | - ## January 2017 | New or changed topic | Description | From 94479f861d1671b4707ce76e16aa7d9a4ed94e2e Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Thu, 15 Aug 2019 20:25:40 -0700 Subject: [PATCH 29/53] publish an announcement message (#917) * update troubleshooting topic * CAT Auto Pulish for Windows Release Messages - 20190815200606 (#916) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081517515100 * manual fix * change order of message * change again --- .../release-information/status-windows-10-1507.yml | 4 ++-- ...tus-windows-10-1607-and-windows-server-2016.yml | 14 ++------------ .../release-information/status-windows-10-1703.yml | 4 ++-- .../release-information/status-windows-10-1709.yml | 4 ++-- .../release-information/status-windows-10-1803.yml | 4 ++-- ...tus-windows-10-1809-and-windows-server-2019.yml | 4 ++-- .../release-information/status-windows-10-1903.yml | 4 ++-- ...us-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- ...atus-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- .../release-information/windows-message-center.yml | 3 +-- .../troubleshoot-onboarding.md | 12 +++++++----- 13 files changed, 30 insertions(+), 39 deletions(-) diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index ad95a86417..31a7a6d3e9 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 91613ec839..8118608a28 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,13 +60,12 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + - @@ -86,7 +85,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Investigating
    		August 01, 2019
    05:00 PM PT
    SCVMM cannot enumerate and manage logical switches deployed on the host
    For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

    See details >    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Resolved
    KB4507459    		July 16, 2019
    10:00 AM PT
    Some applications may fail to run as expected on clients of AD FS 2016
    Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

    See details >    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Resolved
    KB4507459    		July 16, 2019
    10:00 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 14393.2724

    January 08, 2019
    KB4480961    		Mitigated
    		April 25, 2019
    02:00 PM PT
    Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
    Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

    See details >    		OS Build 14393.2608

    November 13, 2018
    KB4467691    		Mitigated
    		February 19, 2019
    10:00 AM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    @@ -104,15 +103,6 @@ sections: " -- title: June 2019 -- items: - - type: markdown - text: " - - -
    DetailsOriginating updateStatusHistory
    Some applications may fail to run as expected on clients of AD FS 2016
    Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

    Affected platforms:
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4507459.

    Back to top    		OS Build 14393.2941

    April 25, 2019
    KB4493473    		Resolved
    KB4507459    		Resolved:
    July 16, 2019
    10:00 AM PT

    Opened:
    June 04, 2019
    05:55 PM PT
    - " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 14b06262a2..1b0889dbd0 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Mitigated
    		April 25, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 0f421e0330..39d57eafaa 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 43dd7629a1..3b3b4c6a3a 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 84e577f6f6..9115ba12a6 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		August 01, 2019
    05:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index ac69403baa..4d5a9c2743 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -95,7 +95,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Issues updating when certain versions of Intel storage drivers are installed
    Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		August 09, 2019
    07:03 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index e6f0096fc3..7d9fd8bc15 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 13, 2019
    06:59 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    - + diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 14996a4841..830012240d 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512506    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512506    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 13, 2019
    06:59 PM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    - + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512488    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512488    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 033396edf0..ffffcc852e 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Mitigated
    		July 10, 2019
    02:59 PM PT
    @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512476    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512476    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 08e207a24e..187dea5393 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Acknowledged
    		August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493462    		Mitigated
    		May 15, 2019
    05:53 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512518    		Acknowledged
    		Last updated:
    August 14, 2019
    03:34 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512518    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 85c3bf144d..2af37b5b57 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -49,10 +49,9 @@ sections: - type: markdown text: " - - + diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index fa862e9599..5f81c16bed 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -25,20 +25,22 @@ ms.topic: troubleshooting - Windows Server 2016 - You might need to troubleshoot the Microsoft Defender ATP onboarding process if you encounter issues. This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the machines. + +## Troubleshoot issues with onboarding tools + If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines.md) after an hour, it might indicate an onboarding or connectivity problem. -## Troubleshoot onboarding when deploying with Group Policy +### Troubleshoot onboarding when deploying with Group Policy Deployment with Group Policy is done by running the onboarding script on the machines. The Group Policy console does not indicate if the deployment has succeeded or not. If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines.md) after an hour, you can check the output of the script on the machines. For more information, see [Troubleshoot onboarding when deploying with a script](#troubleshoot-onboarding-when-deploying-with-a-script). If the script completes successfully, see [Troubleshoot onboarding issues on the machines](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur. -## Troubleshoot onboarding issues when deploying with System Center Configuration Manager +### Troubleshoot onboarding issues when deploying with System Center Configuration Manager When onboarding machines using the following versions of System Center Configuration Manager: - System Center 2012 Configuration Manager - System Center 2012 R2 Configuration Manager @@ -52,7 +54,7 @@ If the deployment fails, you can check the output of the script on the machines. If the onboarding completed successfully but the machines are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the machine](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur. -## Troubleshoot onboarding when deploying with a script +### Troubleshoot onboarding when deploying with a script **Check the result of the script on the machine**: 1. Click **Start**, type **Event Viewer**, and press **Enter**. @@ -76,7 +78,7 @@ Event ID | Error Type | Resolution steps 40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 65 | Insufficient privileges| Run the script again with administrator privileges. -## Troubleshoot onboarding issues using Microsoft Intune +### Troubleshoot onboarding issues using Microsoft Intune You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue. If you have configured policies in Intune and they are not propagated on machines, you might need to configure automatic MDM enrollment. From 1f8ecd37e0b10fe326446db3c5e5a0e958808fd4 Mon Sep 17 00:00:00 2001 From: SeanKahle Date: Fri, 16 Aug 2019 02:33:19 -0400 Subject: [PATCH 30/53] Small typo Extra s on the word "devices" in the second paragraph under the Quality updates header. --- windows/deployment/update/waas-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 4396b9d4b7..49efd6e3b2 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -90,7 +90,7 @@ With Windows 10, Microsoft will package new features into feature updates that c Monthly updates in previous Windows versions were often overwhelming because of the sheer number of updates available each month. Many organizations selectively chose which updates they wanted to install and which they didn’t, and this created countless scenarios in which organizations deployed essential security updates but picked only a subset of non-security fixes. -In Windows 10, rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators will see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes patching simpler and ensures that customers’ devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from patching. The left side of Figure 1 provides an example of Windows 7 devices in an enterprise and what their current patch level might look like. On the right is what Microsoft’s test environment devicess contain. This drastic difference is the basis for many compatibility issues and system anomalies related to Windows updates. +In Windows 10, rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators will see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes patching simpler and ensures that customers’ devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from patching. The left side of Figure 1 provides an example of Windows 7 devices in an enterprise and what their current patch level might look like. On the right is what Microsoft’s test environment devices contain. This drastic difference is the basis for many compatibility issues and system anomalies related to Windows updates. **Figure 1** From 48879207d5f87c77132c66d119009fd6379268e6 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 16 Aug 2019 09:45:06 -0700 Subject: [PATCH 31/53] Reviewed A couple of format edits only. Looks good. --- devices/hololens/holographic-home.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/holographic-home.md b/devices/hololens/holographic-home.md index d48aa839a2..576866ca2c 100644 --- a/devices/hololens/holographic-home.md +++ b/devices/hololens/holographic-home.md @@ -35,9 +35,9 @@ Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look ### Open apps -You'll find your apps either pinned to Start or in the All apps list. To get to the All apps list, use the bloom gesture to go to Start, then select **All apps**. +You'll find your apps either pinned to **Start** or in the **All apps** list. To get to the **All apps** list, use the bloom gesture to go to **Start**, then select **All apps**. -On Start or in the All apps list, select an app. It will open in a good position for viewing. +On **Start** or in the **All apps** list, select an app. It will open in a good position for viewing. >[!NOTE] >- Up to three 2D app windows can be active at a time. You can open more, but only three will remain active. From abfca66c461fde2452066bbb9050abca2b4e5af9 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 16 Aug 2019 09:48:48 -0700 Subject: [PATCH 32/53] Review Metadata edit. Rest is good. --- devices/hololens/holographic-photos-and-video.md | 1 - 1 file changed, 1 deletion(-) diff --git a/devices/hololens/holographic-photos-and-video.md b/devices/hololens/holographic-photos-and-video.md index 721198bb1e..25e8d4a104 100644 --- a/devices/hololens/holographic-photos-and-video.md +++ b/devices/hololens/holographic-photos-and-video.md @@ -2,7 +2,6 @@ title: Create, share, and view photos and video description: Create, share, and view photos and video ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593 -ms.date: 08/07/2019 keywords: hololens ms.prod: hololens ms.sitesec: library From 6dbc883bda694533fb7bc99089fb3d827d6b0453 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 16 Aug 2019 09:52:48 -0700 Subject: [PATCH 33/53] Review Metadata edit. Rest is good. --- devices/hololens/hololens-network.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devices/hololens/hololens-network.md b/devices/hololens/hololens-network.md index ab771501ee..6f7cb43370 100644 --- a/devices/hololens/hololens-network.md +++ b/devices/hololens/hololens-network.md @@ -9,6 +9,7 @@ ms.author: v-tea ms.topic: article ms.localizationpriority: medium ms.date: 8/12/19 +manager: jarrettr ms.reviewer: appliesto: - Hololens @@ -36,4 +37,4 @@ The first time you use your HoloLens, you'll be guided through connecting to a W 1. Type the network password if asked for one, then select **Next**. -Also see [Connect to Wifi](https://docs.microsoft.com/en-us/windows/mixed-reality/connecting-to-wi-fi-on-hololens) \ No newline at end of file +Also see [Connect to Wifi](https://docs.microsoft.com/en-us/windows/mixed-reality/connecting-to-wi-fi-on-hololens) From ad87484a5a31449d394082a09ba534cef352fe2f Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 16 Aug 2019 10:02:17 -0700 Subject: [PATCH 34/53] Review Made a few edits. Rest is good. --- devices/hololens/hololens-cortana.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index d695fabeb9..03ad75f637 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -9,6 +9,7 @@ ms.sitesec: library author: v-miegge ms.author: v-miegge ms.topic: article +manager: jarrettr ms.localizationpriority: medium --- @@ -81,7 +82,7 @@ Here are some things you can try saying (remember to say "Hey Cortana" first): >[!NOTE] > ->- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English only, and the Cortana experience may vary among regions. ->- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the All apps list, select Cortana > Settings. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. +>- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English-only, and the Cortana experience may vary among regions. +>- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana > Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. >- If Cortana isn't responding to "Hey Cortana," go to Cortana's settings and check to make sure she's on. ->- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (like "Select" and "Place"). +>- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (such as "Select" and "Place"). From 2dfdfc69f63be5709e1cbaaf1cf343d9ca3adfbe Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 16 Aug 2019 10:11:49 -0700 Subject: [PATCH 35/53] Review Edits. --- devices/hololens/hololens-start.md | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/devices/hololens/hololens-start.md b/devices/hololens/hololens-start.md index edf7ac3ae5..d303ee0c44 100644 --- a/devices/hololens/hololens-start.md +++ b/devices/hololens/hololens-start.md @@ -31,7 +31,7 @@ Before you get started, make sure you have the following available: **The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](https://support.microsoft.com/help/12632/hololens-fit-your-hololens). > [!NOTE] -> [Cortana](https://support.microsoft.com/help/12630/) is already on and ready to guide you the first time you use your HoloLens (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings.

    +> [Cortana](hololens-cortana.md) is already on and ready to guide you the first time you use your HoloLens (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings. ## Set up your HoloLens @@ -39,14 +39,14 @@ Set up your HoloLens and your user account. 1. The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks. 1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**. - - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your organizational account. - 2. Accept privacy statement. - 3. Sign in using your Azure AD credentials. This may redirect to your organization's sign-in page. - 4. Continue with device setup. - - When you choose **I own it**, you sign in with a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your Microsoft account. - 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. + - When you choose **My work or school owns it**, you sign in by using an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your organizational account information. + 1. Accept the privacy statement. + 1. Sign in by using your Azure AD credentials. This may redirect to your organization's sign-in page. + 1. Continue with device setup. + - When you choose **I own it**, you sign in by using a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your Microsoft account information. + 1. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. 1. The device sets your time zone based on information obtained from the Wi-Fi network. 1. Follow the first-start guides to learn how to interact with holograms, control the HoloLens with your voice, and access the start menu. @@ -54,5 +54,4 @@ Congratulations! Setup is complete and you can begin using HoloLens. ## Next steps -> [!div class="nextstepaction"] -> [Get started with HoloLens (1st gen)](holographic-home.md) +- [Get started with HoloLens (1st gen)](holographic-home.md) From 31fae324f179b2d5928f27579be9119fd4f0235d Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Fri, 16 Aug 2019 10:45:11 -0700 Subject: [PATCH 36/53] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index d9b2c3e1b5..2f5b0d9a95 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -132,7 +132,7 @@ Configuring Tamper Protection in Intune can be targeted to your entire organizat Currently we do not have support to manage Tamper Protection through System Center Configuration Manager. -### I have Windows E3 enrollment. Can I use configuring Tamper Protection in Intune? +### I have the Windows E3 enrollment. Can I use configuring Tamper Protection in Intune? Currently, configuring Tamper Protection in Intune is only available for customers who have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). From 321de700278025606127be7e6463b008c979067b Mon Sep 17 00:00:00 2001 From: lomayor Date: Fri, 16 Aug 2019 11:18:39 -0700 Subject: [PATCH 37/53] Update TOC.md --- windows/security/threat-protection/TOC.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 6c69dbb154..5f3fdf726a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -112,8 +112,7 @@ ##### [NetworkCommunicationEvents table](microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md) ##### [ProcessCreationEvents table](microsoft-defender-atp/advanced-hunting-processcreationevents-table.md) ##### [RegistryEvents table](microsoft-defender-atp/advanced-hunting-registryevents-table.md) - -##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) +#### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) #### [Custom detections]() ##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md) From 53279882ecfca6d0e854e65dd230c66b78806761 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Fri, 16 Aug 2019 11:26:58 -0700 Subject: [PATCH 38/53] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...nt-changes-to-security-settings-with-tamper-protection.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 2f5b0d9a95..02469ed7c3 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -80,8 +80,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- - Your organization's devices must be managed by [Intune](https://docs.microsoft.com/intune/device-management-capabilities). - Your Windows machines must be running [Windows OS 1903](https://docs.microsoft.com/windows/release-information/status-windows-10-1903) or later. - You must be using Windows security and update [security intelligence](https://www.microsoft.com/wdsi/definitions) to version 1.287.60.0 (or above) - - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above) - + - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). (See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md).) 2. Go to the Microsoft 365 Device Management portal ([https://devicemanagement.microsoft.com](https://devicemanagement.microsoft.com)) and sign in with your work or school account. @@ -160,7 +159,7 @@ In addition, your security operations team can use hunting queries, such as the No. -## Related articles +## Related resources [Windows 10 Enterprise Security](https://docs.microsoft.com/windows/security/index) From ed253077a6c11a2b8e28b4a553842a9d83ef0d0b Mon Sep 17 00:00:00 2001 From: Zachariusz Karwacki Date: Fri, 16 Aug 2019 14:43:25 -0700 Subject: [PATCH 39/53] Fix typo on Microsoft Defender ATP for Mac page --- .../windows-defender-antivirus/microsoft-defender-atp-mac.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index b9d60523ba..8fe52e371e 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -55,7 +55,7 @@ The following table lists the services and their associated URLs that your netwo | ---------------------------------------- | ----------------------- | | Common URLs for all locations | x.cp.wd.microsoft.com
    cdn.x.cp.wd.microsoft.com
    eu-cdn.x.cp.wd.microsoft.com
    wu-cdn.x.cp.wd.microsoft.com
    *.blob.core.windows.net
    officecdn-microsoft-com.akamaized.net | | European Union | europe.x.cp.wd.microsoft.com | -| United Kingdon | unitedkingdom.x.cp.wd.microsoft.com | +| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com | | United States | unitedstates.x.cp.wd.microsoft.com | Microsoft Defender ATP can discover a proxy server by using the following discovery methods: From 571f981a04e67b518dc73297e4a9f34f0f13492e Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Fri, 16 Aug 2019 15:16:41 -0700 Subject: [PATCH 40/53] checkin for new issues (#924) --- .../resolved-issues-windows-10-1709.yml | 2 ++ ...ed-issues-windows-7-and-windows-server-2008-r2-sp1.yml | 2 ++ ...lved-issues-windows-8.1-and-windows-server-2012-r2.yml | 2 ++ .../resolved-issues-windows-server-2008-sp2.yml | 2 ++ .../resolved-issues-windows-server-2012.yml | 2 ++ windows/release-information/status-windows-10-1507.yml | 4 ++-- .../status-windows-10-1607-and-windows-server-2016.yml | 4 ++-- windows/release-information/status-windows-10-1703.yml | 4 ++-- windows/release-information/status-windows-10-1709.yml | 4 ++-- windows/release-information/status-windows-10-1803.yml | 4 ++-- .../status-windows-10-1809-and-windows-server-2019.yml | 6 +++--- windows/release-information/status-windows-10-1903.yml | 6 ++++-- .../status-windows-7-and-windows-server-2008-r2-sp1.yml | 8 ++++---- .../status-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../release-information/status-windows-server-2012.yml | 4 ++-- 16 files changed, 37 insertions(+), 25 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index 36039dceaa..be99ac3e4c 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: "
    MessageDate
    August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows
    The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
    		August 13, 2019
    10:00 AM PT
    Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506)
    On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.)
    		August 13, 2019
    10:00 AM PT
    Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
    On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in the Windows Collaborative Translation Framework (CTF) service that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
    		August 13, 2019
    10:00 AM PT
    Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
    On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in how Windows handles calls to Advanced Local Procedure Call (ALPC) that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
    		August 13, 2019
    10:00 AM PT
    Take action: Install required updates for Windows 7 SP1 and Windows Server 2008 RS2 SP1 for SHA-2 code sign support
    As of August 13, 2019, Windows 7 SP1 and Windows Server 2008 R2 SP1 updates signatures only support SHA-2 code signing. As outlined in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, we are requiring that SHA-2 code signing support be installed. If you have Windows Update enabled and have applied the security updates released in March 2019 (KB4490628) and August 2019 (KB4474419), you are protected automatically; no further configuration is necessary. If you have not installed the March 2019 updates, you will need to do so in order to continue to receive updates on devices running Windows 7 SP1 and Windows Server 2008 R2 SP1.
    		August 13, 2019
    10:00 AM PT
    Take action: Windows 10, version 1803 (the April 2018 Update) reaches end of service on November 12, 2019
    Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running Windows 10, version 1803 to Windows 10, version 1903 (the May 2019 Update) starting July 16, 2019 to help ensure that these devices remain in a serviced and secure state. For more information, see the Windows 10, version 1903 section of the Windows release health dashboard.
    		August 13, 2019
    10:00 AM PT
    Advisory: Windows Kernel Information Disclosure Vulnerability (CVE-2019-1125)
    On July 9, 2019, Microsoft released a security update for a Windows kernel information disclosure vulnerability (CVE-2019-1125). Customers who have Windows Update enabled and have applied the security updates released on July 9, 2019 are protected automatically; no further configuration is necessary. For more information, see CVE-2019-1125 | Windows Kernel Information Disclosure Vulnerability in the Microsoft Security Update Guide. (Note: we are documenting this mitigation publicly today, instead of back in July, as part of a coordinated industry disclosure effort.)
    		August 06, 2019
    10:00 AM PT
    + @@ -64,6 +65,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 16299.1182

    May 28, 2019
    KB4499147    		Resolved
    KB4509477    		June 26, 2019
    04:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 6c32625e16..83c3088ff9 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -67,6 +68,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index c99e109581..f18cadfa85 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -67,6 +68,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499151    		Resolved
    KB4503283    		June 20, 2019
    02:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index b83e9cc1e7..ab89868649 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -57,6 +58,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4503271    		June 20, 2019
    02:00 PM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493471    		Resolved
    		May 14, 2019
    01:21 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 9a3dd8d77a..804f0e47c1 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -64,6 +65,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Some devices and generation 2 Hyper-V VMs may have issues installing updates
    Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499171    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 31a7a6d3e9..4b64489ae0 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Investigating
    		August 16, 2019
    02:11 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 8118608a28..3bb897d5ae 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Investigating
    		August 16, 2019
    02:11 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 1b0889dbd0..09c2eca790 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Investigating
    		August 16, 2019
    02:11 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Mitigated
    		April 25, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 39d57eafaa..70644fcb70 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 3b3b4c6a3a..3e96064949 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		August 16, 2019
    02:11 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 9115ba12a6..0f1d82271e 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Investigating
    		August 16, 2019
    02:11 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		August 01, 2019
    05:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    @@ -118,7 +118,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Devices with some Asian language packs installed may receive an error
    After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Workaround:
    1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
    2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
    Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
      1. Go to Settings app -> Recovery.
      2. Click on Get Started under \"Reset this PC\" recovery option.
      3. Select \"Keep my Files\".
    Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.437

    April 09, 2019
    KB4493509    		Mitigated
    		Last updated:
    May 03, 2019
    10:59 AM PT

    Opened:
    May 02, 2019
    04:36 PM PT
    Devices with some Asian language packs installed may receive an error
    After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Workaround:
    1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
    2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
    Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
    1. Go to Settings app -> Recovery.
    2. Click on Get Started under \"Reset this PC\" recovery option.
    3. Select \"Keep my Files\".
    Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.437

    April 09, 2019
    KB4493509    		Mitigated
    		Last updated:
    May 03, 2019
    10:59 AM PT

    Opened:
    May 02, 2019
    04:36 PM PT
    " diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 4d5a9c2743..7b9a5a06e0 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + + @@ -95,7 +96,8 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 16, 2019
    01:41 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		August 16, 2019
    01:30 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Issues updating when certain versions of Intel storage drivers are installed
    Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		August 09, 2019
    07:03 PM PT
    - + +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 16, 2019
    01:41 PM PT

    Opened:
    August 16, 2019
    01:41 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		Last updated:
    August 16, 2019
    01:30 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 7d9fd8bc15..120e6354b3 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + + - @@ -81,9 +81,9 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 16, 2019
    02:04 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 13, 2019
    06:59 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Mitigated
    		July 10, 2019
    02:59 PM PT
    - + + -
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512506    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 16, 2019
    02:04 PM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 13, 2019
    06:59 PM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 830012240d..eb9d2ad3a4 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512488    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index ffffcc852e..04ed0fc40d 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Mitigated
    		July 10, 2019
    02:59 PM PT
    @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512476    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 187dea5393..9fd8685619 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493462    		Mitigated
    		May 15, 2019
    05:53 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512518    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " From 8cb1108c9687283c87e09b902571e374d413b56e Mon Sep 17 00:00:00 2001 From: huypub <38988242+huypub@users.noreply.github.com> Date: Fri, 16 Aug 2019 15:34:15 -0700 Subject: [PATCH 41/53] checkin for new issues (#924) (#925) --- .../resolved-issues-windows-10-1709.yml | 2 ++ ...ed-issues-windows-7-and-windows-server-2008-r2-sp1.yml | 2 ++ ...lved-issues-windows-8.1-and-windows-server-2012-r2.yml | 2 ++ .../resolved-issues-windows-server-2008-sp2.yml | 2 ++ .../resolved-issues-windows-server-2012.yml | 2 ++ windows/release-information/status-windows-10-1507.yml | 4 ++-- .../status-windows-10-1607-and-windows-server-2016.yml | 4 ++-- windows/release-information/status-windows-10-1703.yml | 4 ++-- windows/release-information/status-windows-10-1709.yml | 4 ++-- windows/release-information/status-windows-10-1803.yml | 4 ++-- .../status-windows-10-1809-and-windows-server-2019.yml | 6 +++--- windows/release-information/status-windows-10-1903.yml | 6 ++++-- .../status-windows-7-and-windows-server-2008-r2-sp1.yml | 8 ++++---- .../status-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../release-information/status-windows-server-2012.yml | 4 ++-- 16 files changed, 37 insertions(+), 25 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index 36039dceaa..be99ac3e4c 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -64,6 +65,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 16299.1182

    May 28, 2019
    KB4499147    		Resolved
    KB4509477    		June 26, 2019
    04:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 6c32625e16..83c3088ff9 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -67,6 +68,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index c99e109581..f18cadfa85 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -67,6 +68,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499151    		Resolved
    KB4503283    		June 20, 2019
    02:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index b83e9cc1e7..ab89868649 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -57,6 +58,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4503271    		June 20, 2019
    02:00 PM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493471    		Resolved
    		May 14, 2019
    01:21 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 9a3dd8d77a..804f0e47c1 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -64,6 +65,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Some devices and generation 2 Hyper-V VMs may have issues installing updates
    Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499171    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 31a7a6d3e9..4b64489ae0 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Investigating
    		August 16, 2019
    02:11 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 8118608a28..3bb897d5ae 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Investigating
    		August 16, 2019
    02:11 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 1b0889dbd0..09c2eca790 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Investigating
    		August 16, 2019
    02:11 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Mitigated
    		April 25, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 39d57eafaa..70644fcb70 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 3b3b4c6a3a..3e96064949 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		August 16, 2019
    02:11 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 9115ba12a6..0f1d82271e 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Investigating
    		August 16, 2019
    02:11 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		August 01, 2019
    05:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    @@ -118,7 +118,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Devices with some Asian language packs installed may receive an error
    After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Workaround:
    1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
    2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
    Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
      1. Go to Settings app -> Recovery.
      2. Click on Get Started under \"Reset this PC\" recovery option.
      3. Select \"Keep my Files\".
    Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.437

    April 09, 2019
    KB4493509    		Mitigated
    		Last updated:
    May 03, 2019
    10:59 AM PT

    Opened:
    May 02, 2019
    04:36 PM PT
    Devices with some Asian language packs installed may receive an error
    After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Workaround:
    1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
    2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
    Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
    1. Go to Settings app -> Recovery.
    2. Click on Get Started under \"Reset this PC\" recovery option.
    3. Select \"Keep my Files\".
    Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.437

    April 09, 2019
    KB4493509    		Mitigated
    		Last updated:
    May 03, 2019
    10:59 AM PT

    Opened:
    May 02, 2019
    04:36 PM PT
    " diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 4d5a9c2743..7b9a5a06e0 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + + @@ -95,7 +96,8 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 16, 2019
    01:41 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		August 16, 2019
    01:30 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Issues updating when certain versions of Intel storage drivers are installed
    Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		August 09, 2019
    07:03 PM PT
    - + +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 16, 2019
    01:41 PM PT

    Opened:
    August 16, 2019
    01:41 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		Last updated:
    August 16, 2019
    01:30 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 7d9fd8bc15..120e6354b3 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + + - @@ -81,9 +81,9 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 16, 2019
    02:04 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 13, 2019
    06:59 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Mitigated
    		July 10, 2019
    02:59 PM PT
    - + + -
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512506    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 16, 2019
    02:04 PM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Windows updates that are SHA-2 signed may not be offered
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 13, 2019
    06:59 PM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 830012240d..eb9d2ad3a4 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512488    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index ffffcc852e..04ed0fc40d 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Mitigated
    		July 10, 2019
    02:59 PM PT
    @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512476    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 187dea5393..9fd8685619 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Acknowledged
    		August 14, 2019
    05:08 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493462    		Mitigated
    		May 15, 2019
    05:53 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is presently investigating this issue and will provide an update when available.

    Back to top    		August 13, 2019
    KB4512518    		Acknowledged
    		Last updated:
    August 14, 2019
    05:08 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " From 1505a4d35fd7875e86499bb62d85263d9627bf73 Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Fri, 16 Aug 2019 17:05:42 -0700 Subject: [PATCH 42/53] New Announcement added (#927) --- windows/release-information/windows-message-center.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 2af37b5b57..6cacd95c0a 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -49,6 +49,7 @@ sections: - type: markdown text: " + From e4d207c5ec3c1b889ebf090940348b4c94809aae Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Fri, 16 Aug 2019 17:26:03 -0700 Subject: [PATCH 43/53] Merge changes from master to live branch (#929) * enterprise get started * navigation * toc * devices and accessories * devices and accessories * fixing build warnings * links * Reviewed A couple of format edits only. Looks good. * Review Metadata edit. Rest is good. * Review Metadata edit. Rest is good. * Review Made a few edits. Rest is good. * Review Edits. * checkin for new issues (#924) * New Announcement added (#927) --- devices/hololens/TOC.md | 45 ++-- devices/hololens/change-history-hololens.md | 11 - devices/hololens/holographic-home.md | 90 ++++++++ .../hololens/holographic-photos-and-video.md | 42 ++++ .../hololens-clicker-restart-recover.md | 2 + devices/hololens/hololens-connect-devices.md | 46 +++++ devices/hololens/hololens-cortana.md | 56 ++++- .../hololens/hololens-find-and-save-files.md | 3 + devices/hololens/hololens-install-apps.md | 19 +- devices/hololens/hololens-network.md | 40 ++++ devices/hololens/hololens-offline.md | 3 + devices/hololens/hololens-requirements.md | 195 ++++++++++++------ devices/hololens/hololens-start.md | 57 +++++ devices/hololens/hololens-status.md | 36 ++++ .../windows-message-center.yml | 1 + 15 files changed, 527 insertions(+), 119 deletions(-) create mode 100644 devices/hololens/holographic-home.md create mode 100644 devices/hololens/holographic-photos-and-video.md create mode 100644 devices/hololens/hololens-connect-devices.md create mode 100644 devices/hololens/hololens-network.md create mode 100644 devices/hololens/hololens-start.md create mode 100644 devices/hololens/hololens-status.md diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 36cbb30a09..fe85d293be 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -1,36 +1,45 @@ -# [Microsoft HoloLens](index.md) -# [What's new in HoloLens](hololens-whats-new.md) -# [Set up HoloLens](hololens-setup.md) +# [HoloLens overview](index.md) +# [Hololens status](hololens-status.md) -# Deploy HoloLens in a commercial environment +# Get started with HoloLens (gen 1) +## [Start your HoloLens (1st gen) for the first time](hololens-start.md) +## [Install localized version of HoloLens](hololens-install-localized.md) + +# Get started with HoloLens in commercial environments ## [Overview and deployment planning](hololens-requirements.md) +## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) ## [Configure HoloLens using a provisioning package](hololens-provisioning.md) ## [Enroll HoloLens in MDM](hololens-enroll-mdm.md) +## [Set up ring based updates for HoloLens](hololens-updates.md) +## [Manage custom enterprise apps](hololens-install-apps.md) +## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) -# Device Management -## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) -## [Install localized version of HoloLens](hololens-install-localized.md) -## [Manage updates to HoloLens](hololens-updates.md) -## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) -## [Use the HoloLens Clicker](hololens-clicker.md) -## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) -## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md) +# Navigating Windows Holographic +## [Windows Mixed Reality home](holographic-home.md) +## [Voice and Cortana](hololens-cortana.md) +## [Find and save files](hololens-find-and-save-files.md) +## [Create, share, and view photos and video](holographic-photos-and-video.md) + +# Accessories and connectivity +## [Connect to Bluetooth and USB-C devices](hololens-connect-devices.md) +## [Restart or recover the HoloLens (1st gen) clicker](hololens-clicker-restart-recover.md) +## [Connect to a network](hololens-network.md) +## [Use HoloLens offline](hololens-offline.md) # Application Management -## [Install apps on HoloLens](hololens-install-apps.md) ## [Share HoloLens with multiple people](hololens-multiple-users.md) -## [Cortana on HoloLens](hololens-cortana.md) ## [Get apps for HoloLens](hololens-get-apps.md) ## [Use apps on HoloLens](hololens-use-apps.md) ## [Use HoloLens offline](hololens-offline.md) ## [Spaces on HoloLens](hololens-spaces-on-hololens.md) +## [How HoloLens stores data for spaces](hololens-spaces.md) + +# Recovery and troubleshooting +## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) +## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) # User/Access Management ## [Set up single application access](hololens-kiosk.md) -## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) -## [How HoloLens stores data for spaces](hololens-spaces.md) -## [Find and save files](hololens-find-and-save-files.md) # [Insider preview for Microsoft HoloLens](hololens-insider.md) # [Change history for Microsoft HoloLens documentation](change-history-hololens.md) - diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index b886719944..a228d800c0 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -50,11 +50,6 @@ New or changed topic | Description --- | --- Insider preview for Microsoft HoloLens | New (topic retired on release of Windows 10, version 1809) -## June 2018 - -New or changed topic | Description ---- | --- -[HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md#pin) | Added instructions for creating a sign-in PIN. ## May 2018 @@ -86,12 +81,6 @@ New or changed topic | Description --- | --- [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | New -## May 2017 - -| New or changed topic | Description | -| --- | --- | -| [Microsoft HoloLens in the enterprise: requirements](hololens-requirements.md) | Changed title to **Microsoft HoloLens in the enterprise: requirements and FAQ**, added questions and answers in new [FAQ section](hololens-requirements.md#faq-for-hololens) | - ## January 2017 | New or changed topic | Description | diff --git a/devices/hololens/holographic-home.md b/devices/hololens/holographic-home.md new file mode 100644 index 0000000000..576866ca2c --- /dev/null +++ b/devices/hololens/holographic-home.md @@ -0,0 +1,90 @@ +--- +title: Navigate the Windows Mixed Reality home +description: Navigate the Windows Mixed Reality home in Windows Holographic. +ms.assetid: 742bc126-7996-4f3a-abb2-cf345dff730c +ms.date: 08/07/2019 +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: scooley +ms.author: scooley +ms.topic: article +ms.localizationpriority: medium +--- + +# Navigate the Windows Mixed Reality home + +## [Navigating MR Home](https://docs.microsoft.com/en-us/windows/mixed-reality/navigating-the-windows-mixed-reality-home) + +## Use the Start menu + +The **Start** menu on HoloLens is where you'll open apps and get to the HoloLens camera. + +Wherever you are in HoloLens, you can always open the **Start** menu by using the [bloom gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) on HoloLens (1st gen) or tapping your wrist on HoloLens 2. Usually, you'll use it once to get to **Start**, but sometimes you might need to use it twice. + +> [!TIP] +> When the **Start** menu is open, use the start gesture to hide it again. + +At the top of the **Start** menu, you'll see status indicators for Wi-Fi, battery, and volume, plus a clock. The tiles are your pinned apps. To talk to Cortana, select her tile, or just say "Hey Cortana" from anywhere on HoloLens. At the bottom you'll find the photo and video icons, which open the camera app. + +To see the rest of your apps, select **All apps**. To get back to **Start** from the **All apps** list, select **Pinned apps**. + +## Use apps on HoloLens + +Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows, and apps with holographic view surround you and become the only app you see. + +### Open apps + +You'll find your apps either pinned to **Start** or in the **All apps** list. To get to the **All apps** list, use the bloom gesture to go to **Start**, then select **All apps**. + +On **Start** or in the **All apps** list, select an app. It will open in a good position for viewing. + +>[!NOTE] +>- Up to three 2D app windows can be active at a time. You can open more, but only three will remain active. +>- Each open app can have one active window at a time, except Microsoft Edge, which can have up to three. +>- If you're having problems with apps, make sure there's enough light in your space, and walk around so HoloLens has a current scan. If you keep having trouble, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq) for more info. + +## Move, resize, and rotate apps + +Moving and resizing apps on HoloLens works a bit differently than it does on a PC. Instead of dragging the app, you'll use your gaze, along with a [gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) or the [clicker](hololens-clicker.md). You can also rotate an app window in 3D space. + +> [!TIP] +> Rearrange apps using your voice—gaze at an app and say "Face me," "Bigger," or "Smaller." Or have Cortana move an app for you: say "Hey Cortana, move <*app name*> here." + +### Move an app + +Gaze at the app, and then do one of the following. + +- Tap and hold to select the app. Move your hand to position the app, and raise your finger to place it. + +- Select **Adjust**, tap and hold, and move your hand to position the app. Raise your finger to place it, then select **Done**. +- Select **Adjust**, click and hold the clicker, and move your hand to position the app. Release the clicker, then select **Done**. + +> [!TIP] +> If you drop apps when you move them, make sure to keep your hand in the gesture frame by following it with your gaze. + +### Resize an app + +Gaze at the app, and then do one of the following. + +- Gaze at a corner or edge of an app window, and tap and hold. Move your hand to change the app's size, and raise your finger when you're done. + +- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, tap and hold, then move your hand to resize the app. Raise your finger to release it, then select **Done**. +- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, click and hold the clicker, then move your hand to resize the app. Release the clicker, then select **Done**. + +> [!TIP] +> In Adjust mode, you can move or resize any hologram. + +### Rotate an app + +Gaze at the app, and tap and hold with both hands to select it. Rotate the app by keeping one hand steady and moving your other hand around it. When you're done, raise both index fingers. + +## Close apps + +To close an app that uses 2D view, gaze at it, then select **Close**. + +To close an app that uses holographic view, use the bloom gesture to leave holographic view, then select **Close**. + +## Pin apps + +Keep your favorite apps handy by pinning them to **Start**. In the **All apps** list, gaze at an app to highlight it. Tap and hold until the menu appears, then select **Pin**. To unpin an app, gaze at the app on **Start**, then tap and hold and select **Unpin**. diff --git a/devices/hololens/holographic-photos-and-video.md b/devices/hololens/holographic-photos-and-video.md new file mode 100644 index 0000000000..25e8d4a104 --- /dev/null +++ b/devices/hololens/holographic-photos-and-video.md @@ -0,0 +1,42 @@ +--- +title: Create, share, and view photos and video +description: Create, share, and view photos and video +ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593 +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +ms.reviewer: +manager: jarrettr +appliesto: +- Hololens (1st gen) +--- + +# Create, share, and view photos and video + +Use your HoloLens to take photos and videos that capture the holograms you've placed in your world. + +To sync your photos and videos to OneDrive, open the OneDrive app and select **Settings** > **Camera upload**, and then turn on **Camera upload**. + +## Take a photo + +Use the [bloom](https://support.microsoft.com/help/12644/hololens-use-gestures) gesture to go to **Start**, then select **Photo**. Use gaze to position the photo frame, then air tap to take the picture. The picture will be saved to your collection in the Photos app.

    + +Want to snap a quick pic? Press the volume up and volume down buttons at the same time. [Where are the buttons?](https://support.microsoft.com/help/12649/hololens-whats-in-the-box) + +## Take a video + +Use the bloom gesture to go to **Start**, then select **Video**. Use gaze to position the video frame, then air tap to start recording. To stop recording, use bloom once. The video will be saved to your collection in the Photos app. + +To start recording more quickly, press and hold the volume up and volume down buttons simultaneously until a 3-second countdown begins. To stop recording, tap both buttons. + +> [!TIP] +> You can always have Cortana take a photo or a video for you. Just say "Hey Cortana, take a photo" or "Hey Cortana, take a video." [What else can I say to Cortana?](hololens-cortana.md) + +[Take + share photos and video with Mixed reality capture](https://docs.microsoft.com/en-us/windows/mixed-reality/mixed-reality-capture) + +[Find and view your photos](https://docs.microsoft.com/en-us/windows/mixed-reality/see-your-photos) diff --git a/devices/hololens/hololens-clicker-restart-recover.md b/devices/hololens/hololens-clicker-restart-recover.md index 81c7ffc704..25e49740c9 100644 --- a/devices/hololens/hololens-clicker-restart-recover.md +++ b/devices/hololens/hololens-clicker-restart-recover.md @@ -16,6 +16,8 @@ ms.localizationpriority: medium # Restart or recover the HoloLens clicker +[Clicker recovery](https://support.microsoft.com/en-us/help/15555) + Here are some things to try if the HoloLens clicker is unresponsive or isn’t working well. ## Restart the clicker diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md new file mode 100644 index 0000000000..c702921e14 --- /dev/null +++ b/devices/hololens/hololens-connect-devices.md @@ -0,0 +1,46 @@ +--- +title: Connect to Bluetooth and USB-C devices +description: This guide walks through connecting to Bluetooth and USB-C devices and accessories. +ms.assetid: 01af0848-3b36-4c13-b797-f38ad3977e30 +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +manager: jarrettr +appliesto: +- HoloLens (1st gen) +- HoloLens 2 +--- + +# Connect devices and accessories + +## Pair Bluetooth devices + +Pair a Bluetooth mouse and keyboard with HoloLens, then use them to interact with holograms and to type anywhere you'd use the holographic keyboard. Pair the HoloLens [clicker](hololens-clicker.md) for a different way to interact with HoloLens. + +> [!NOTE] +> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported. [Learn more](http://go.microsoft.com/fwlink/p/?LinkId=746660). + +### Pair a Bluetooth keyboard or mouse + +1. Turn on your keyboard or mouse and make it discoverable. The way you make it discoverable depends on the device. Check the device or visit the manufacturer's website to learn how. + +1. Go to **Start**, then select **Settings**. +1. Select **Devices** and make sure Bluetooth is on. When you see the device name, select **Pair** and follow the instructions. + +### Pair the clicker + +1. Use the bloom gesture to go to **Start**, then select **Settings**. + +1. Select **Devices** and make sure Bluetooth is on. +1. Use the tip of a pen to press and hold the clicker's pairing button until the status light blinks white. Make sure to hold the button down until the light starts blinking. [Where's the pairing button?](hololens-clicker.md) +1. On the pairing screen, select **Clicker** > **Pair**. + +## Connect USB-C devices + +## Connect to Miracast + +> Applies to HoloLens 2 only. diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index dfe9539b1b..03ad75f637 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -2,26 +2,63 @@ title: Cortana on HoloLens description: Cortana can help you do all kinds of things on your HoloLens ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed -ms.reviewer: jarrettrenshaw -ms.date: 07/01/2019 -manager: v-miegge +ms.date: 08/14/2019 keywords: hololens ms.prod: hololens ms.sitesec: library author: v-miegge ms.author: v-miegge ms.topic: article +manager: jarrettr ms.localizationpriority: medium --- -# Cortana on HoloLens +# Use your voice with HoloLens + +You can use your voice to do many of the same things you do with gestures on HoloLens, like taking a quick photo or opening an app. + +## Voice commands + +Get around HoloLens faster with these basic commands. If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use the following built-in voice commands. + +**Select**. Use this instead of air tap. Gaze at a hologram, then say "Select." + +**Go to start**. Say "Go to Start" anytime to bring up the **Start** menu. Or when you're in an immersive app, say "Go to Start" to get to the quick actions menu. + +**Move this**. Instead of air tapping and dragging an app, say "Move this" and use gaze to move it. + +**Face me**. Gaze at a hologram, and then say "Face me" to turn it your way. + +**Bigger/Smaller**. Gaze at a hologram, and then say "Bigger" or "Smaller" to resize it. + +Many buttons and other elements on HoloLens also respond to your voice—for example, **Adjust** and **Close** on the app bar. To find out if a button is voice-enabled, rest your gaze on it for a moment. If it is, you'll see a voice tip. + +## Dictation mode + +Tired of typing? Switch to dictation mode any time the holographic keyboard is active. Select the microphone icon to get started, or say "Start dictating." To stop dictating, select **Done** or say "Stop dictating." To delete what you just dictated, say "Delete that." + +> [!NOTE] +> You need an Internet connection to use dictation mode. + +HoloLens dictation uses explicit punctuation, meaning that you say the name of the punctuation you want to use. For instance, you might say "Hey **comma** what are you up to **question mark**." + +Here are the punctuation keywords you can use: + +- Period, comma, question mark, exclamation point/exclamation mark +- New line/new paragraph +- Semicolon, colon +- Open quote(s), close quote(s) +- Hashtag, smiley/smiley face, frowny, winky +- Dollar, percent + +Sometimes it's helpful to spell out things like email addresses. For instance, to dictate example@outlook.com, you'd say "E X A M P L E at outlook dot com." + +## Do more with Cortana Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. To get her attention, select Cortana on Start or say "Hey Cortana" anytime. ![Hey Cortana!](images/cortana-on-hololens.png) -## What do I say to Cortana - Here are some things you can try saying (remember to say "Hey Cortana" first): - What can I say? @@ -44,7 +81,8 @@ Here are some things you can try saying (remember to say "Hey Cortana" first): - Tell me a joke. >[!NOTE] ->- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English only, and the Cortana experience may vary among regions. ->- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the All apps list, select Cortana > Settings. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. +> +>- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English-only, and the Cortana experience may vary among regions. +>- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana > Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. >- If Cortana isn't responding to "Hey Cortana," go to Cortana's settings and check to make sure she's on. ->- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (like "Select" and "Place"). +>- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (such as "Select" and "Place"). diff --git a/devices/hololens/hololens-find-and-save-files.md b/devices/hololens/hololens-find-and-save-files.md index ba459eff13..e147ac2845 100644 --- a/devices/hololens/hololens-find-and-save-files.md +++ b/devices/hololens/hololens-find-and-save-files.md @@ -16,6 +16,9 @@ ms.localizationpriority: medium # Find and save files on HoloLens +Add content from [Find and save files](https://docs.microsoft.com/en-us/windows/mixed-reality/saving-and-finding-your-files) + + Files you create on HoloLens, including Office documents, photos, and videos, are saved to your HoloLens. To view and manage them, you can use the File Explorer app on HoloLens or File Explorer on your PC. To sync photos and other files to the cloud, use the OneDrive app on HoloLens. ## View files on HoloLens diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md index c4f9c80521..7ff737a027 100644 --- a/devices/hololens/hololens-install-apps.md +++ b/devices/hololens/hololens-install-apps.md @@ -1,16 +1,15 @@ --- -title: Install apps on HoloLens (HoloLens) +title: Install apps on HoloLens description: The recommended way to install apps on HoloLens is to use Microsoft Store for Business. ms.prod: hololens ms.mktglfcycl: manage ms.sitesec: library -author: dansimp -ms.author: dansimp +author: scooley +ms.author: scooley ms.topic: article ms.localizationpriority: medium ms.date: 10/23/2018 ms.reviewer: -manager: dansimp --- # Install apps on HoloLens @@ -72,9 +71,9 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft. >[!IMPORTANT] >When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode) -1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. +1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. -2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_usb). +2. On a PC, connect to the HoloLens using [Wi-Fi](https://docs.microsoft.com/windows/mixed-reality/connecting-to-wi-fi-on-hololens) or USB. 3. [Create a user name and password](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#creating_a_username_and_password) if this is the first time you connect to the Windows Device Portal, or enter the user name and password that you previously set up. @@ -84,13 +83,7 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft. 4. In the Windows Device Portal, click **Apps**. ![App Manager](images/apps.png) - + 5. In **Install app**, select an **app package** from a folder on your computer or network. If the app package requires additional software, such as dependency frameworks, select **I want to specify framework packages**. 6. In **Deploy**, click **Go** to deploy the app package and added dependencies to the connected HoloLens. - - - - - - diff --git a/devices/hololens/hololens-network.md b/devices/hololens/hololens-network.md new file mode 100644 index 0000000000..6f7cb43370 --- /dev/null +++ b/devices/hololens/hololens-network.md @@ -0,0 +1,40 @@ +--- +title: Connect to a network +description: Connect to a wi-fi or ethernet network with HoloLens. +ms.assetid: 0895606e-96c0-491e-8b1c-52e56b00365d +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +manager: jarrettr +ms.reviewer: +appliesto: +- Hololens +- HoloLens (1st gen) +- HoloLens 2 +--- + +# Connect to a network + +You'll need to be connected to a network to do most things on your HoloLens. [What can I do offline](hololens-offline.md)? + +## Connecting for the first time + +The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks. + +## Connecting to Wi-Fi after setup + +1. Go to **Start**, then select **Settings**. + +1. _HoloLens (1st gen) only_ - Use your gaze to position the Settings app, then air tap to place it, or say "Place." + +1. Select **Network & Internet** > **Wi-Fi**. If you don't see your network, scroll down the list. + +1. Select a network > **Connect**. + +1. Type the network password if asked for one, then select **Next**. + +Also see [Connect to Wifi](https://docs.microsoft.com/en-us/windows/mixed-reality/connecting-to-wi-fi-on-hololens) diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md index 49190e6907..7de0cc1381 100644 --- a/devices/hololens/hololens-offline.md +++ b/devices/hololens/hololens-offline.md @@ -16,6 +16,9 @@ ms.localizationpriority: medium # Use HoloLens offline +[Use offline](https://support.microsoft.com/en-us/help/12645) + + To set up HoloLens, you'll need to connect to a Wi-Fi network—the setup tutorial will show you how. ## HoloLens limitations diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md index 0ff5596fa3..6d0b1dcf12 100644 --- a/devices/hololens/hololens-requirements.md +++ b/devices/hololens/hololens-requirements.md @@ -1,88 +1,147 @@ --- -title: HoloLens in the enterprise requirements and FAQ (HoloLens) -description: Requirements and FAQ for general use, Wi-Fi, and device management for HoloLens in the enterprise. +title: Set up HoloLens in a commercial environment +description: Learn more about deploying and managing HoloLens in enterprise environments. ms.prod: hololens ms.sitesec: library -author: dansimp -ms.author: dansimp +ms.assetid: 88bf50aa-0bac-4142-afa4-20b37c013001 +author: scooley +ms.author: scooley ms.topic: article ms.localizationpriority: medium -ms.date: 06/04/2018 -ms.reviewer: -manager: dansimp +ms.date: 07/15/2019 --- -# Microsoft HoloLens in the enterprise: requirements and FAQ +# Deploy HoloLens in a commercial environment -When you develop for HoloLens, there are [system requirements and tools](https://developer.microsoft.com/windows/mixed-reality/install_the_tools) that you need. In an enterprise environment, there are also a few requirements to use and manage HoloLens which are listed below. +TODO - [Commercial features](https://docs.microsoft.com/en-us/windows/mixed-reality/commercial-features) -## Requirements +Deploy and configure HoloLens at scale in a commercial setting. -### General use -- Microsoft account or Azure Active Directory (Azure AD) account -- Wi-Fi network to set up HoloLens +This article includes: ->[!NOTE] ->After you set up HoloLens, you can use it offline [with some limitations](https://support.microsoft.com/help/12645/hololens-use-hololens-offline). +- infrastructure requirements and recommendations for HoloLens management +- tools for provisioning HoloLens +- instructions for remote device management +- options for application deployment +This guide assumes basic familiarity with HoloLens. Follow the [get started guide](./hololens-setup.md) to set up HoloLens for the first time. + +## Infrastructure for managing HoloLens + +HoloLens are, at their core, a Windows mobile device integrated with Azure. They work best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services. + +Critical cloud services include: + +- Azure active directory (AAD) +- Windows Update (WU) + +Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure in order to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune) as an example though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2. + +HoloLens does support a limited set of cloud disconnected experiences. + +## Initial set up at scale + +The HoloLens out of box experience is great for setting up one or two devices or for experiencing HoloLens for the first time. If you're provisioning many HoloLens devices, however, picking your language and settings manually for each device gets tedious and limits scale. + +This section: + +1. introduces Windows provisioning using provisioning packages +1. walks through applying a provisioning package during first setup + +### Create and apply a provisioning package + +The best way to configure many new HoloLens devices is with Windows provisioning. Using Windows provisioning, you can specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in minutes. + +A [provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) (.ppkg) is a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device. + +### Upgrade to Windows Holographic for Business + +- HoloLens Enterprise license XML file + +Some of the HoloLens configurations that you can apply in a provisioning package: + +- Apply certificates to the device +- Set up a Wi-Fi connection +- Pre-configure out of box questions like language and locale. +- (HoloLens 2) bulk enroll in mobile device management +- (HoloLens v1) Apply key to enable Windows Holographic for Business + +Follow [this guide](https://docs.microsoft.com/hololens/hololens-provisioning) to create and apply a provisioning package to HoloLens. + +### Set up user identity and enroll in device management + +The last step setting up HoloLens for management at scale is to enroll devices with mobile device management infrastructure. There are several ways to enroll: + +1. Bulk enrollment with a security token in a provisioning package. + Pros: this is the most automated approach + Cons: takes initial server-side setup +1. Auto-enroll on user sign in + Pros: easiest approach + Cons: users will need to complete set up after the provisioning package has been applied +1. _not recommended_ - Manually enroll post-setup + Pros: possible to enroll after set up + Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled. + +Learn more about MDM enrollment [here](hololens-enroll-mdm.md). + +## Ongoing device management + +Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely. + +This article outlines [policies and capabilities HoloLens supports](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#hololens). + +[This article](https://docs.microsoft.com/intune/windows-holographic-for-business) talks about Intune's management tools for HoloLens. + +### Push compliance policy via Intune + +[Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are not-compliant. + +For example, you can create a policy that requires Bitlocker be enabled. + +[Create compliance policies with Intune](https://docs.microsoft.com/intune/compliance-policy-create-windows). + +### Manage updates + +Intune includes a feature called update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed. + +For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update. + +Read more about [configuring update rings with Intune](https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure). + +## Application management + +Manage holoLens applications through: + +1. Microsoft Store + The Microsoft Store is the best way to distribute and consume application on HoloLens. There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/en-us/windows/uwp/publish/). + All applications in the store are available publicly to everyone, if that isn't acceptable, checkout the Microsoft Store for Business. + +1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/) + Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It lets you deploy apps that are specific to your commercial environment but not to the world. + +1. Application deployment and management via Intune or another mobile device management solution + Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy). + +1. _not recommended_ Device Portal + Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use device portal. + +Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps). + +## Get support + +Get support through the Microsoft support site. + +[File a support request](https://support.microsoft.com/en-us/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f). + +## Technical Reference + +### Wireless network EAP support -### Supported wireless network EAP methods - PEAP-MS-CHAPv2 - PEAP-TLS -- TLS +- TLS - TTLS-CHAP - TTLS-CHAPv2 - TTLS-MS-CHAPv2 - TTLS-PAP - TTLS-TLS - -### Device management -- Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4) -- Wi-Fi network -- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs - -### Upgrade to Windows Holographic for Business -- HoloLens Enterprise license XML file - - -## FAQ for HoloLens - - -#### Is Windows Hello for Business supported on HoloLens? - -Windows Hello for Business (using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens: - -1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md). -2. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello)) -3. On HoloLens, the user can then set up a PIN from **Settings** > **Sign-in Options** > **Add PIN**. - ->[!NOTE] ->Users who sign in with a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview). - -#### Does the type of account change the sign-in behavior? - -Yes, the behavior for the type of account impacts the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type. - -- Microsoft account: signs in automatically -- Local account: always asks for password, not configurable in **Settings** -- Azure AD: asks for password by default; configurable by **Settings** to no longer ask for password. - ->[!NOTE] ->Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is respected only when the device goes into StandBy. - - -#### How do I remove a HoloLens device from the Intune dashboard? - -You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard. - - -## Related resources - -[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/) - -[Get started with Intune](https://docs.microsoft.com/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune) - -[Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms) - -[Azure AD editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/) - diff --git a/devices/hololens/hololens-start.md b/devices/hololens/hololens-start.md new file mode 100644 index 0000000000..d303ee0c44 --- /dev/null +++ b/devices/hololens/hololens-start.md @@ -0,0 +1,57 @@ +--- +title: HoloLens (1st gen) first start +description: Go through the first start experience for HoloLens (1st gen). +ms.assetid: 0136188e-1305-43be-906e-151d70292e87 +ms.prod: hololens +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.date: 8/12/19 +manager: jarrettr +ms.topic: article +ms.localizationpriority: medium +--- + +# Set up HoloLens for the first time + +The first time you turn on your HoloLens, you'll be guided through calibrating your device, setting up your device, and signing in. This section walks through the HoloLens (1st gen) first start experience. + +In the next section, you'll learn how to work with HoloLens and interact with holograms. Skip ahead to [Get started with HoloLens (1st gen)](holographic-home.md) + +## Before you start + +Before you get started, make sure you have the following available: + +**A Wi-Fi connection**. You'll need to connect your HoloLens to a Wi-Fi network to set it up. The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. After setup, you can [use your device offline](hololens-offline.md). + +**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](http://account.microsoft.com) and set one up for free. + +**A safe, well-lit space with no tripping hazards**. [Health and safety info](http://go.microsoft.com/fwlink/p/?LinkId=746661). + +**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](https://support.microsoft.com/help/12632/hololens-fit-your-hololens). + +> [!NOTE] +> [Cortana](hololens-cortana.md) is already on and ready to guide you the first time you use your HoloLens (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings. + +## Set up your HoloLens + +Set up your HoloLens and your user account. + +1. The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks. +1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**. + - When you choose **My work or school owns it**, you sign in by using an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your organizational account information. + 1. Accept the privacy statement. + 1. Sign in by using your Azure AD credentials. This may redirect to your organization's sign-in page. + 1. Continue with device setup. + - When you choose **I own it**, you sign in by using a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your Microsoft account information. + 1. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. +1. The device sets your time zone based on information obtained from the Wi-Fi network. +1. Follow the first-start guides to learn how to interact with holograms, control the HoloLens with your voice, and access the start menu. + +Congratulations! Setup is complete and you can begin using HoloLens. + +## Next steps + +- [Get started with HoloLens (1st gen)](holographic-home.md) diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md new file mode 100644 index 0000000000..22c5e995db --- /dev/null +++ b/devices/hololens/hololens-status.md @@ -0,0 +1,36 @@ +--- +title: HoloLens status +description: Shows the status of HoloLens online services. +author: todmccoy +ms.author: v-todmc +ms.reviewer: luoreill +manager: jarrettr +audience: Admin +ms.topic: article +ms.prod: hololens +localization_priority: Medium +ms.sitesec: library +--- + +# HoloLens status + +✔️ **All services are active** + +**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical + +Area|HoloLens (1st gen)|HoloLens 2 +----|:----:|:----: +[Azure services](https://status.azure.com/en-us/status)|✔️|✔️ +[Store app](https://www.microsoft.com/en-us/store/collections/hlgettingstarted/hololens)|✔️|✔️ +[Apps](https://www.microsoft.com/en-us/hololens/apps)|✔️|✔️ +[MDM](https://docs.microsoft.com/en-us/hololens/hololens-enroll-mdm)|✔️|✔️ + +## Notes and related topics + +[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/en/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens) + +For more details about the status of the myriad Azure Services that can connect to HoloLens, see [Azure status](https://azure.microsoft.com/en-us/status/). + +For more details about current known issues, see [HoloLens known issues](https://docs.microsoft.com/en-us/windows/mixed-reality/hololens-known-issues). + +Follow HoloLens on [Twitter](https://twitter.com/HoloLens) and subscribe on [Reddit](https://www.reddit.com/r/HoloLens/). diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 2af37b5b57..6cacd95c0a 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -49,6 +49,7 @@ sections: - type: markdown text: "
    MessageDate
    Resolved: Delays starting Internet Explorer 11
    On August 16, 2019 at 7:16 AM a server required for downloading the Internet Explorer 11 (IE11) startup page, went down. As a result of the server outage, IE 11 became unresponsive for some customers who had not yet installed the August 2019 security updates. Customers who had the August 2019 security update installed were not affected. In order to ensure your devices remain in a serviced and secure state, we recommend you install the latest monthly update.

    This issue was resolved on the server side at 1:00 pm PST. 
    		August 16, 2019
    04:00 PM PT
    August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows
    The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
    		August 13, 2019
    10:00 AM PT
    Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506)
    On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.)
    		August 13, 2019
    10:00 AM PT
    Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
    On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in how Windows handles calls to Advanced Local Procedure Call (ALPC) that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
    		August 13, 2019
    10:00 AM PT
    + From 416f7751448a04bf1c16689fa326b6bd99ab6ee7 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Sat, 17 Aug 2019 20:11:06 +0200 Subject: [PATCH 44/53] Update applocker-csp.md Corrected Note field markup. Removed a duplicate Note section. --- windows/client-management/mdm/applocker-csp.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 356fa67a5f..a9b1b89487 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -17,14 +17,6 @@ ms.date: 07/25/2019 The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked. -> **Note** -> When you create a list of allowed apps, all [inbox apps](#inboxappsandcomponents) are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need. -> -> In Windows 10 Mobile, when you create a list of allowed apps, the [settings app that rely on splash apps](#settingssplashapps) are blocked. To unblock these apps, you must include them in your list of allowed apps. -> -> Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node. - - The following diagram shows the AppLocker configuration service provider in tree format. ![applocker csp](images/provisioning-csp-applocker.png) @@ -39,6 +31,9 @@ Defines restrictions for applications. > When you create a list of allowed apps, all [inbox apps](#inboxappsandcomponents) are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need. > > In Windows 10 Mobile, when you create a list of allowed apps, the [settings app that rely on splash apps](#settingssplashapps) are blocked. To unblock these apps, you must include them in your list of allowed apps. +> +> Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node. + Additional information: @@ -363,7 +358,8 @@ The product name is first part of the PackageFullName followed by the version nu The following list shows the apps that may be included in the inbox. -> **Note** This list identifies system apps that ship as part of Windows that you can add to your AppLocker policy to ensure proper functioning of the operating system. If you decide to block some of these apps, we recommend a thorough testing before deploying to your production environment. Failure to do so may result in unexpected failures and can significantly degrade the user experience. +> [!NOTE] +> This list identifies system apps that ship as part of Windows that you can add to your AppLocker policy to ensure proper functioning of the operating system. If you decide to block some of these apps, we recommend a thorough testing before deploying to your production environment. Failure to do so may result in unexpected failures and can significantly degrade the user experience. From 56c76070ce139ff80dab5292c81b7720605bbd9f Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Sat, 17 Aug 2019 14:28:50 -0700 Subject: [PATCH 45/53] Latest change added (#931) --- .../resolved-issues-windows-10-1507.yml | 2 ++ .../resolved-issues-windows-10-1607.yml | 2 ++ .../resolved-issues-windows-10-1703.yml | 2 ++ .../resolved-issues-windows-10-1709.yml | 4 ++-- ...ssues-windows-10-1809-and-windows-server-2019.yml | 2 ++ ...sues-windows-7-and-windows-server-2008-r2-sp1.yml | 6 ++---- ...issues-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../resolved-issues-windows-server-2008-sp2.yml | 4 ++-- .../resolved-issues-windows-server-2012.yml | 4 ++-- .../release-information/status-windows-10-1507.yml | 4 ++-- ...tatus-windows-10-1607-and-windows-server-2016.yml | 4 ++-- .../release-information/status-windows-10-1703.yml | 4 ++-- .../release-information/status-windows-10-1709.yml | 4 ++-- .../release-information/status-windows-10-1803.yml | 4 ++-- ...tatus-windows-10-1809-and-windows-server-2019.yml | 4 ++-- .../release-information/status-windows-10-1903.yml | 8 ++++---- ...atus-windows-7-and-windows-server-2008-r2-sp1.yml | 12 ++++++------ ...status-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- 20 files changed, 46 insertions(+), 40 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml index 798d3fa659..efd586d8b9 100644 --- a/windows/release-information/resolved-issues-windows-10-1507.yml +++ b/windows/release-information/resolved-issues-windows-10-1507.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: "
    MessageDate
    Resolved: Delays starting Internet Explorer 11
    On August 16, 2019 at 7:16 AM a server required for downloading the Internet Explorer 11 (IE11) startup page, went down. As a result of the server outage, IE 11 became unresponsive for some customers who had not yet installed the August 2019 security updates. Customers who had the August 2019 security update installed were not affected. In order to ensure your devices remain in a serviced and secure state, we recommend you install the latest monthly update.

    This issue was resolved on the server side at 1:00 pm PST. 
    		August 16, 2019
    04:00 PM PT
    August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows
    The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
    		August 13, 2019
    10:00 AM PT
    Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506)
    On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.)
    		August 13, 2019
    10:00 AM PT
    Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
    On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in how Windows handles calls to Advanced Local Procedure Call (ALPC) that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
    		August 13, 2019
    10:00 AM PT
    + @@ -57,6 +58,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Resolved
    KB4517276    		August 17, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved
    KB4507458    		July 09, 2019
    10:00 AM PT
    Unable to access some gov.uk websites
    gov.uk websites that don’t support “HSTS” may not be accessible

    See details >    		OS Build 10240.18215

    May 14, 2019
    KB4499154    		Resolved
    KB4505051    		May 19, 2019
    02:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517276. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4517276 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Resolved
    KB4517276    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index e8b0598941..bf1e899bff 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -71,6 +72,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Resolved
    KB4512495    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512495. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512495 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Resolved
    KB4512495    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index 0786837bf2..89d2b4a9f4 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -63,6 +64,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Resolved
    KB4512474    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

    See details >    		OS Build 15063.1805

    May 14, 2019
    KB4499181    		Resolved
    KB4507450    		July 09, 2019
    10:00 AM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512474. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512474 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Resolved
    KB4512474    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index be99ac3e4c..876d623cf2 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 16299.1182

    May 28, 2019
    KB4499147    		Resolved
    KB4509477    		June 26, 2019
    04:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index 2dd93de94b..dc24852730 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -76,6 +77,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 17763.529

    May 21, 2019
    KB4497934    		Resolved
    KB4509479    		June 26, 2019
    04:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512534. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512534 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 83c3088ff9..8ff857cf53 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,8 +32,7 @@ sections: - type: markdown text: " - - + @@ -68,8 +67,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499164    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    - - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index f18cadfa85..3c832e536c 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -68,7 +68,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499151    		Resolved
    KB4503283    		June 20, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index ab89868649..8ca80054e9 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -58,7 +58,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4503271    		June 20, 2019
    02:00 PM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493471    		Resolved
    		May 14, 2019
    01:21 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 804f0e47c1..7725b0bf92 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Some devices and generation 2 Hyper-V VMs may have issues installing updates
    Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499171    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 4b64489ae0..9a8ebe8053 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Investigating
    		August 16, 2019
    02:11 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Resolved
    KB4517276    		August 17, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517276. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4517276 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Resolved
    KB4517276    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 3bb897d5ae..4a6c046585 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Investigating
    		August 16, 2019
    02:11 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Resolved
    KB4512495    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512495. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512495 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Resolved
    KB4512495    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 09c2eca790..0e11306afb 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Investigating
    		August 16, 2019
    02:11 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Resolved
    KB4512474    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Mitigated
    		April 25, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512474. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512474 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Resolved
    KB4512474    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 70644fcb70..22dc09d48a 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 3e96064949..a0e9fb7109 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		August 16, 2019
    02:11 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		August 17, 2019
    01:37 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		Last updated:
    August 17, 2019
    01:37 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 0f1d82271e..9be5808d94 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Investigating
    		August 16, 2019
    02:11 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		August 01, 2019
    05:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512534. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512534 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 7b9a5a06e0..1039a0f7f1 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,8 +65,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - + + @@ -96,8 +96,8 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 16, 2019
    01:41 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		August 16, 2019
    01:30 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		August 17, 2019
    01:38 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 16, 2019
    04:28 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Issues updating when certain versions of Intel storage drivers are installed
    Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		August 09, 2019
    07:03 PM PT
    - - + +
    DetailsOriginating updateStatusHistory
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 16, 2019
    01:41 PM PT

    Opened:
    August 16, 2019
    01:41 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		Last updated:
    August 16, 2019
    01:30 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		Last updated:
    August 17, 2019
    01:38 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 16, 2019
    04:28 PM PT

    Opened:
    August 16, 2019
    01:41 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 120e6354b3..32a79ba231 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - - + + + @@ -81,9 +81,9 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 16, 2019
    02:04 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64 and x64 devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Mitigated
    		August 17, 2019
    12:59 PM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 16, 2019
    04:28 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Mitigated
    		July 10, 2019
    02:59 PM PT
    - - - + + +
    DetailsOriginating updateStatusHistory
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 16, 2019
    02:04 PM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64 and x64 devices may fail to start after installing updates
    IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Take Action: To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.

    Back to top    		August 13, 2019
    KB4512506    		Mitigated
    		Last updated:
    August 17, 2019
    12:59 PM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 16, 2019
    04:28 PM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index eb9d2ad3a4..9d7b7f6c5a 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 04ed0fc40d..b8b9bb20a0 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Mitigated
    		July 10, 2019
    02:59 PM PT
    @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 9fd8685619..df2dfdfbe6 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493462    		Mitigated
    		May 15, 2019
    05:53 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " From b868e2688c4f9ee47f81e17283bc8940869db5de Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Sat, 17 Aug 2019 16:04:49 -0700 Subject: [PATCH 46/53] Resolve conflicts in master (#935) * add message (#791) (#792) * New announcement added (#809) (#810) * new issues (#819) (#820) * 8/6 AM Publish (#843) * updated description of how wdav screens apps * Added new content for auto-enrollment * Updated format * revised to emphasize cfa * Multiple updates * Updated image * refined wording per sccm, intune, security center * corrected link * moved paragraph about ransomeware lower * addtl updates to change name from Definition Update to Security Intelligence Update * More updates * Fixed typo * Update microsoft-recommended-block-rules.md (#838) * Update microsoft-recommended-block-rules.md adding blocks .NET binaries for WDAC work arounds * added in missing 'audience' attribute * pre-release and typos * linted and rfined wording * New Anouncement added in august (#842) * Merge changes from master to live branch (#854) * Add Deprecated tag to 3 deprecated APIs * Status and description updates (#853) * change a message (#867) * add note on office data * add note for oatp * CAT Auto Pulish for Windows Release Messages - 20190808181530 (#866) * add new issues for multiple window platforms (#882) * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update policy-csp-update.md In 1903 we deprecated the value of 32 and combined Semi-Annual Channel (Targeted) with the Semi-Annual Channel. We need to communicate this change in the documentation. * chore: Replace tab after unorderd list marker * Update windows/security/identity-protection/credential-guard/credential-guard-manage.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * markdown syntex issue There was a syntex issue with formating. It has been fixed. * Update MDM Path https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash Issue https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3553 * HTML Tag fix There was issue with HTML tag in live 203 and has been fixed. * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-overview.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update waas-overview.md * Update hello-hybrid-cert-whfb-settings-policy.md removing extra "want" * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update hello-planning-guide.md * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update whiteboard-collaboration.md * Update hello-key-trust-policy-settings.md * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update start-layout-xml-desktop.md Added syntax and note * remove reference about Windows 10 Pro https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3255 * Fixed Typo * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Updated with TVM refs * Emphasize Device Sync https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4401 * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * fix: MD005/list-indent Inconsistent indentation for list items at the same level * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update enable-admx-backed-policies-in-mdm.md Added two links to notes. * Update windows/configuration/start-layout-xml-desktop.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update index.md Corrected typo: 'annd' to 'and' * Update windows/security/identity-protection/hello-for-business/hello-planning-guide.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update devices/surface-hub/whiteboard-collaboration.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Create troubleshooting-agpm40-upgrades.md * Update TOC.md Addition of Troubleshooting AGPM Upgrades top-level link * Update windows-10-upgrade-paths.md * Update white-glove.md Removed a singular reference to WG and replaced with white glove * remove last 3 blocks in IT Admin * Fixes typo issue in line 47 Closes #4557 * Update metadata to replace non-existent author * Update index.md Typo - corrected 'Bitlocker' to 'BitLocker' * Rename windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md to windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md * Update hello-planning-guide.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update kiosk-xml.md * Update kiosk-xml.md * Update waas-servicing-differences.md Removed double use of the word critical * Minor update to properly reflect supported macros * Update applocker-csp.md * Update kiosk-xml.md * Update applocker-csp.md * updated image needed I don't have rights to upload a new file (the updated error image) More details here: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2489 * MDOP May 2019 Servicing Release: new Hotfix Link Microsoft Desktop Optimization Pack May 2019 Servicing Release. Replaces the outdated MDOP link to July 2018 Servicing Release. Thanks to CaptainUnlikely for the Technet blogs information update. Closes #4574 * Creating a WDATP alert requires recommendedAction Otherwise the following will be returned by the API: ``` {"error":{"code":"BadRequest","message":"recommendedAction argument is missing"}} ``` * Update windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update guidelines-for-assigned-access-app.md * Corrected typo Changed "ConnecionSuccess" to "ConnectionSuccess * Update install-wd-app-guard.md * Update self-deploying.md Added additional links. * Update install-wd-app-guard.md * Update hello-hybrid-cert-trust-devreg.md * Update waas-delivery-optimization.md fixed typo * Fixed a small typo Changed "wwitches" to "switches". * Update for the month June 2019 I have added the content for surface hub based on an update KB4503289. There was no update released for a hub for the month of July. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4586 * Update devices/surface-hub/surface-hub-update-history.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * typo typo the Action Sataus column instead of the Action Status column * Correcting small mistake on which version of Win10 displays MBEC Correcting initial mistake when changed docs. * Updated links Hotlink for configuring MTP integration and API support was missing and has been updated. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4569 * Resolves #4620 - typo in command line Issue #4620 Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode should be Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode * HTML to MarkDown in hello-hybrid-aadj-sso-cert.md This is a combined effort to alleviate a translation bug as well as improving the MarkDown codestyle in this document, both for the English (en-us) version of the document as well as the translated versions. This change should in theory close the issue tickets #3451 and #3453 after the scripted translation process has been re-run on this document. This solution is based on a user discussion in issue ticket #4589 . * Update windows/deployment/windows-autopilot/self-deploying.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update index.md * Update waas-configure-wufb.md * Update hello-features.md Removes \ typo * Update windows-analytics-get-started.md adding IE site discovery to GDPR blurb * Update sideload-apps-in-windows-10.md * Update upgrade-readiness-deployment-script.md replacing support email with official support channels * missing bold on GUI element * formatting again - italicize typed word * fixing warnings * restored missing art, somehow * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019080917545405 (#881) * CAT Auto Publish for Windows Release Messages - CAT_AutoPublish Windows Release Changes - CAT_AutoPublish_2019081317494921 (#897) (#898) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081415474726 (#904) (#906) * publish an announcement message (#917) * update troubleshooting topic * CAT Auto Pulish for Windows Release Messages - 20190815200606 (#916) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081517515100 * manual fix * change order of message * change again * checkin for new issues (#924) (#925) * Merge changes from master to live branch (#929) * enterprise get started * navigation * toc * devices and accessories * devices and accessories * fixing build warnings * links * Reviewed A couple of format edits only. Looks good. * Review Metadata edit. Rest is good. * Review Metadata edit. Rest is good. * Review Made a few edits. Rest is good. * Review Edits. * checkin for new issues (#924) * New Announcement added (#927) --- .../status-windows-10-1809-and-windows-server-2019.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 9be5808d94..fe70958c11 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -118,7 +118,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Devices with some Asian language packs installed may receive an error
    After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Workaround:
    1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
    2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
    Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
    1. Go to Settings app -> Recovery.
    2. Click on Get Started under \"Reset this PC\" recovery option.
    3. Select \"Keep my Files\".
    Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.437

    April 09, 2019
    KB4493509    		Mitigated
    		Last updated:
    May 03, 2019
    10:59 AM PT

    Opened:
    May 02, 2019
    04:36 PM PT
    Devices with some Asian language packs installed may receive an error
    After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
    • Server: Windows Server, version 1809; Windows Server 2019
    Workaround:
    1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
    2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
    Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
      1. Go to Settings app -> Recovery.
      2. Click on Get Started under \"Reset this PC\" recovery option.
      3. Select \"Keep my Files\".
    Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.437

    April 09, 2019
    KB4493509    		Mitigated
    		Last updated:
    May 03, 2019
    10:59 AM PT

    Opened:
    May 02, 2019
    04:36 PM PT
    " From 76b087182e0763029ef239fe1ea53230ed65e26f Mon Sep 17 00:00:00 2001 From: jcaparas Date: Sat, 17 Aug 2019 19:31:47 -0700 Subject: [PATCH 47/53] master to live (#937) * enterprise get started * navigation * toc * devices and accessories * devices and accessories * fixing build warnings * links * Reviewed A couple of format edits only. Looks good. * Review Metadata edit. Rest is good. * Review Metadata edit. Rest is good. * Review Made a few edits. Rest is good. * Review Edits. * checkin for new issues (#924) * New Announcement added (#927) * Latest change added (#931) * Resolve conflicts in master (#935) * add message (#791) (#792) * New announcement added (#809) (#810) * new issues (#819) (#820) * 8/6 AM Publish (#843) * updated description of how wdav screens apps * Added new content for auto-enrollment * Updated format * revised to emphasize cfa * Multiple updates * Updated image * refined wording per sccm, intune, security center * corrected link * moved paragraph about ransomeware lower * addtl updates to change name from Definition Update to Security Intelligence Update * More updates * Fixed typo * Update microsoft-recommended-block-rules.md (#838) * Update microsoft-recommended-block-rules.md adding blocks .NET binaries for WDAC work arounds * added in missing 'audience' attribute * pre-release and typos * linted and rfined wording * New Anouncement added in august (#842) * Merge changes from master to live branch (#854) * Add Deprecated tag to 3 deprecated APIs * Status and description updates (#853) * change a message (#867) * add note on office data * add note for oatp * CAT Auto Pulish for Windows Release Messages - 20190808181530 (#866) * add new issues for multiple window platforms (#882) * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update policy-csp-update.md In 1903 we deprecated the value of 32 and combined Semi-Annual Channel (Targeted) with the Semi-Annual Channel. We need to communicate this change in the documentation. * chore: Replace tab after unorderd list marker * Update windows/security/identity-protection/credential-guard/credential-guard-manage.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * markdown syntex issue There was a syntex issue with formating. It has been fixed. * Update MDM Path https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash Issue https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3553 * HTML Tag fix There was issue with HTML tag in live 203 and has been fixed. * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-overview.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update waas-overview.md * Update hello-hybrid-cert-whfb-settings-policy.md removing extra "want" * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update hello-planning-guide.md * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update whiteboard-collaboration.md * Update hello-key-trust-policy-settings.md * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update start-layout-xml-desktop.md Added syntax and note * remove reference about Windows 10 Pro https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3255 * Fixed Typo * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Updated with TVM refs * Emphasize Device Sync https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4401 * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * fix: MD005/list-indent Inconsistent indentation for list items at the same level * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update enable-admx-backed-policies-in-mdm.md Added two links to notes. * Update windows/configuration/start-layout-xml-desktop.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update index.md Corrected typo: 'annd' to 'and' * Update windows/security/identity-protection/hello-for-business/hello-planning-guide.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update devices/surface-hub/whiteboard-collaboration.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Create troubleshooting-agpm40-upgrades.md * Update TOC.md Addition of Troubleshooting AGPM Upgrades top-level link * Update windows-10-upgrade-paths.md * Update white-glove.md Removed a singular reference to WG and replaced with white glove * remove last 3 blocks in IT Admin * Fixes typo issue in line 47 Closes #4557 * Update metadata to replace non-existent author * Update index.md Typo - corrected 'Bitlocker' to 'BitLocker' * Rename windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md to windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md * Update hello-planning-guide.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update kiosk-xml.md * Update kiosk-xml.md * Update waas-servicing-differences.md Removed double use of the word critical * Minor update to properly reflect supported macros * Update applocker-csp.md * Update kiosk-xml.md * Update applocker-csp.md * updated image needed I don't have rights to upload a new file (the updated error image) More details here: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2489 * MDOP May 2019 Servicing Release: new Hotfix Link Microsoft Desktop Optimization Pack May 2019 Servicing Release. Replaces the outdated MDOP link to July 2018 Servicing Release. Thanks to CaptainUnlikely for the Technet blogs information update. Closes #4574 * Creating a WDATP alert requires recommendedAction Otherwise the following will be returned by the API: ``` {"error":{"code":"BadRequest","message":"recommendedAction argument is missing"}} ``` * Update windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update guidelines-for-assigned-access-app.md * Corrected typo Changed "ConnecionSuccess" to "ConnectionSuccess * Update install-wd-app-guard.md * Update self-deploying.md Added additional links. * Update install-wd-app-guard.md * Update hello-hybrid-cert-trust-devreg.md * Update waas-delivery-optimization.md fixed typo * Fixed a small typo Changed "wwitches" to "switches". * Update for the month June 2019 I have added the content for surface hub based on an update KB4503289. There was no update released for a hub for the month of July. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4586 * Update devices/surface-hub/surface-hub-update-history.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * typo typo the Action Sataus column instead of the Action Status column * Correcting small mistake on which version of Win10 displays MBEC Correcting initial mistake when changed docs. * Updated links Hotlink for configuring MTP integration and API support was missing and has been updated. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4569 * Resolves #4620 - typo in command line Issue #4620 Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode should be Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode * HTML to MarkDown in hello-hybrid-aadj-sso-cert.md This is a combined effort to alleviate a translation bug as well as improving the MarkDown codestyle in this document, both for the English (en-us) version of the document as well as the translated versions. This change should in theory close the issue tickets #3451 and #3453 after the scripted translation process has been re-run on this document. This solution is based on a user discussion in issue ticket #4589 . * Update windows/deployment/windows-autopilot/self-deploying.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update index.md * Update waas-configure-wufb.md * Update hello-features.md Removes \ typo * Update windows-analytics-get-started.md adding IE site discovery to GDPR blurb * Update sideload-apps-in-windows-10.md * Update upgrade-readiness-deployment-script.md replacing support email with official support channels * missing bold on GUI element * formatting again - italicize typed word * fixing warnings * restored missing art, somehow * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019080917545405 (#881) * CAT Auto Publish for Windows Release Messages - CAT_AutoPublish Windows Release Changes - CAT_AutoPublish_2019081317494921 (#897) (#898) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081415474726 (#904) (#906) * publish an announcement message (#917) * update troubleshooting topic * CAT Auto Pulish for Windows Release Messages - 20190815200606 (#916) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081517515100 * manual fix * change order of message * change again * checkin for new issues (#924) (#925) * Merge changes from master to live branch (#929) * enterprise get started * navigation * toc * devices and accessories * devices and accessories * fixing build warnings * links * Reviewed A couple of format edits only. Looks good. * Review Metadata edit. Rest is good. * Review Metadata edit. Rest is good. * Review Made a few edits. Rest is good. * Review Edits. * checkin for new issues (#924) * New Announcement added (#927) --- .../resolved-issues-windows-10-1507.yml | 2 ++ .../resolved-issues-windows-10-1607.yml | 2 ++ .../resolved-issues-windows-10-1703.yml | 2 ++ ...ved-issues-windows-10-1809-and-windows-server-2019.yml | 2 ++ ...ed-issues-windows-7-and-windows-server-2008-r2-sp1.yml | 8 -------- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml index 798d3fa659..efd586d8b9 100644 --- a/windows/release-information/resolved-issues-windows-10-1507.yml +++ b/windows/release-information/resolved-issues-windows-10-1507.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -57,6 +58,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Resolved
    KB4517276    		August 17, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved
    KB4507458    		July 09, 2019
    10:00 AM PT
    Unable to access some gov.uk websites
    gov.uk websites that don’t support “HSTS” may not be accessible

    See details >    		OS Build 10240.18215

    May 14, 2019
    KB4499154    		Resolved
    KB4505051    		May 19, 2019
    02:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517276. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4517276 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Resolved
    KB4517276    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index e8b0598941..bf1e899bff 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -71,6 +72,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Resolved
    KB4512495    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512495. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512495 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Resolved
    KB4512495    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index 0786837bf2..89d2b4a9f4 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -63,6 +64,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Resolved
    KB4512474    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
    Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

    See details >    		OS Build 15063.1805

    May 14, 2019
    KB4499181    		Resolved
    KB4507450    		July 09, 2019
    10:00 AM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512474. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512474 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Resolved
    KB4512474    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index 2dd93de94b..dc24852730 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -76,6 +77,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 17763.529

    May 21, 2019
    KB4497934    		Resolved
    KB4509479    		June 26, 2019
    04:00 PM PT
    +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512534. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512534 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 83c3088ff9..0a53f8c2eb 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,16 +32,8 @@ sections: - type: markdown text: " - - - - - - - - From 9a00110a6333a195c93b207b0359bfaa9cd713d4 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Sat, 17 Aug 2019 20:40:32 -0700 Subject: [PATCH 48/53] Publish new issues on 17 August 2019 (#940) --- .../resolved-issues-windows-10-1709.yml | 4 ++-- ...sues-windows-7-and-windows-server-2008-r2-sp1.yml | 10 ++++++++-- ...issues-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../resolved-issues-windows-server-2008-sp2.yml | 4 ++-- .../resolved-issues-windows-server-2012.yml | 4 ++-- .../release-information/status-windows-10-1507.yml | 4 ++-- ...tatus-windows-10-1607-and-windows-server-2016.yml | 4 ++-- .../release-information/status-windows-10-1703.yml | 4 ++-- .../release-information/status-windows-10-1709.yml | 4 ++-- .../release-information/status-windows-10-1803.yml | 4 ++-- ...tatus-windows-10-1809-and-windows-server-2019.yml | 4 ++-- .../release-information/status-windows-10-1903.yml | 8 ++++---- ...atus-windows-7-and-windows-server-2008-r2-sp1.yml | 12 ++++++------ ...status-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- 16 files changed, 44 insertions(+), 38 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index be99ac3e4c..876d623cf2 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499164    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503292    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    Unable to access some gov.uk websites
    gov.uk websites that don’t support “HSTS” may not be accessible

    See details >    		May 14, 2019
    KB4499164    		Resolved
    KB4505050    		May 18, 2019
    02:00 PM PT
    System may be unresponsive after restart if ArcaBit antivirus software installed
    Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		May 14, 2019
    01:23 PM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		May 14, 2019
    01:22 PM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Devices with Avira antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		May 14, 2019
    01:21 PM PT
    Authentication may fail for services after the Kerberos ticket expires
    Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

    See details >    		March 12, 2019
    KB4489878    		Resolved
    KB4499164    		May 14, 2019
    10:00 AM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    See details >    		February 12, 2019
    KB4486563    		Resolved
    KB4493472    		April 09, 2019
    10:00 AM PT
    Devices may not respond at login or Welcome screen if running certain Avast software
    Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		April 25, 2019
    02:00 PM PT
    - + @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 16299.1182

    May 28, 2019
    KB4499147    		Resolved
    KB4509477    		June 26, 2019
    04:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 0a53f8c2eb..8ff857cf53 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,8 +32,15 @@ sections: - type: markdown text: " + + + + + + + @@ -60,8 +67,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499164    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503292    		Resolved
    KB4503277    		June 20, 2019
    02:00 PM PT
    Unable to access some gov.uk websites
    gov.uk websites that don’t support “HSTS” may not be accessible

    See details >    		May 14, 2019
    KB4499164    		Resolved
    KB4505050    		May 18, 2019
    02:00 PM PT
    System may be unresponsive after restart if ArcaBit antivirus software installed
    Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		May 14, 2019
    01:23 PM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		May 14, 2019
    01:22 PM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Devices with Avira antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		May 14, 2019
    01:21 PM PT
    Authentication may fail for services after the Kerberos ticket expires
    Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

    See details >    		March 12, 2019
    KB4489878    		Resolved
    KB4499164    		May 14, 2019
    10:00 AM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    See details >    		February 12, 2019
    KB4486563    		Resolved
    KB4493472    		April 09, 2019
    10:00 AM PT
    Devices may not respond at login or Welcome screen if running certain Avast software
    Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		April 25, 2019
    02:00 PM PT
    - - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index f18cadfa85..3c832e536c 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -68,7 +68,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499151    		Resolved
    KB4503283    		June 20, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index ab89868649..8ca80054e9 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -58,7 +58,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4503271    		June 20, 2019
    02:00 PM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493471    		Resolved
    		May 14, 2019
    01:21 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 804f0e47c1..7725b0bf92 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Some devices and generation 2 Hyper-V VMs may have issues installing updates
    Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    IE11 may stop working when loading or interacting with Power BI reports
    Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

    See details >    		May 14, 2019
    KB4499171    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 4b64489ae0..9a8ebe8053 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Investigating
    		August 16, 2019
    02:11 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Resolved
    KB4517276    		August 17, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 10240.18094

    January 08, 2019
    KB4480962    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517276. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4517276 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 10240.18305

    August 13, 2019
    KB4512497    		Resolved
    KB4517276    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 10240.18244

    June 11, 2019
    KB4503291    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 3bb897d5ae..4a6c046585 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Investigating
    		August 16, 2019
    02:11 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Resolved
    KB4512495    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512495. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512495 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Resolved
    KB4512495    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 09c2eca790..0e11306afb 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Investigating
    		August 16, 2019
    02:11 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Resolved
    KB4512474    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 15063.1955

    July 16, 2019
    KB4507467    		Resolved
    KB4512507    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Mitigated
    		April 25, 2019
    02:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512474. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512474 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 15063.1988

    August 13, 2019
    KB4512507    		Resolved
    KB4512474    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 15063.1868

    June 11, 2019
    KB4503279    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 70644fcb70..22dc09d48a 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 3e96064949..a0e9fb7109 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		August 16, 2019
    02:11 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		August 17, 2019
    01:37 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		Last updated:
    August 17, 2019
    01:37 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 0f1d82271e..9be5808d94 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Investigating
    		August 16, 2019
    02:11 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		August 01, 2019
    05:00 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Investigating
    		Last updated:
    August 16, 2019
    02:11 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512534. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512534 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
     Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

    Affected platforms:
    • Server: Windows Server 2019; Windows Server 2016
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		Last updated:
    August 01, 2019
    05:00 PM PT

    Opened:
    August 01, 2019
    05:00 PM PT
    diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 7b9a5a06e0..1039a0f7f1 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,8 +65,8 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - + + @@ -96,8 +96,8 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 16, 2019
    01:41 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		August 16, 2019
    01:30 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		August 17, 2019
    01:38 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 16, 2019
    04:28 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Issues updating when certain versions of Intel storage drivers are installed
    Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Mitigated External
    		August 09, 2019
    07:03 PM PT
    - - + +
    DetailsOriginating updateStatusHistory
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 16, 2019
    01:41 PM PT

    Opened:
    August 16, 2019
    01:41 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		Last updated:
    August 16, 2019
    01:30 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		Last updated:
    August 17, 2019
    01:38 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 16, 2019
    04:28 PM PT

    Opened:
    August 16, 2019
    01:41 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 120e6354b3..32a79ba231 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - - - + + + @@ -81,9 +81,9 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 16, 2019
    02:04 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64-based devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		August 13, 2019
    10:00 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64 and x64 devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Mitigated
    		August 17, 2019
    12:59 PM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 16, 2019
    04:28 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Mitigated
    		July 10, 2019
    02:59 PM PT
    - - - + + +
    DetailsOriginating updateStatusHistory
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 16, 2019
    02:04 PM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64-based devices may fail to start after installing updates
    After installing KB4512506, IA64-based devices may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

     

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4474419    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    IA64 and x64 devices may fail to start after installing updates
    IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:
    \"File: \\Windows\\system32\\winload.efi
    Status: 0xc0000428
    Info: Windows cannot verify the digital signature for this file.\"

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Take Action: To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.

    Back to top    		August 13, 2019
    KB4512506    		Mitigated
    		Last updated:
    August 17, 2019
    12:59 PM PT

    Opened:
    August 13, 2019
    08:34 AM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    Affected platforms:
    • Client: Windows 7 SP1
    • Server: Windows Server 2008 R2 SP1
    Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

    Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

    Back to top    		August 13, 2019
    KB4512506    		Investigating
    		Last updated:
    August 16, 2019
    04:28 PM PT

    Opened:
    August 13, 2019
    10:05 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503292    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index eb9d2ad3a4..9d7b7f6c5a 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Mitigated
    		July 10, 2019
    07:09 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503276    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 04ed0fc40d..b8b9bb20a0 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - +
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Mitigated
    		July 10, 2019
    02:59 PM PT
    @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503273    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 9fd8685619..df2dfdfbe6 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493462    		Mitigated
    		May 15, 2019
    05:53 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

    Back to top    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		June 11, 2019
    KB4503285    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " From a6d9bf6f692172227a2e25f66889714252fda2e6 Mon Sep 17 00:00:00 2001 From: arcarley <52137849+arcarley@users.noreply.github.com> Date: Sun, 18 Aug 2019 12:06:03 -0700 Subject: [PATCH 49/53] Update policy-csp-update.md We have MDMs who need to be aware that the value of 32 has been deprecated as a supported value for branch readiness level on Win. 10 version 1903 and beyond. Please update ASAP. --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index b0de2a2be1..ed619bd257 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1072,7 +1072,7 @@ The following list shows the supported values: - 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709) - 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709) - 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). -- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903) +- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the Semi-annual Channel and Semi-annual Channel (Targeted) into a single Semi-annual Channel with a value of 16) From 7c704e6272a53c7a8a5d38b124e29d6d33fe8567 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 19 Aug 2019 10:46:47 +0300 Subject: [PATCH 50/53] removed/added info https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4536 --- .../attack-surface-reduction-exploit-guard.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index e78eb77ef5..d4108e91a2 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -267,7 +267,7 @@ This rule blocks processes through PsExec and WMI commands from running, to prev >[!WARNING] >Only use this rule if you're managing your devices with [Intune](https://docs.microsoft.com/intune) or another MDM solution. This rule is incompatible with management through [System Center Configuration Manager](https://docs.microsoft.com/sccm) because this rule blocks WMI commands the SCCM client uses to function correctly. -This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019, SCCM CB 1802 +This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019 Intune name: Process creation from PSExec and WMI commands @@ -297,7 +297,7 @@ This rule prevents Outlook from creating child processes. It protects against so >[!NOTE] >This rule applies to Outlook and Outlook.com only. -This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019, SCCM CB 1810 +This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019 Intune name: Process creation from Office communication products (beta) @@ -309,11 +309,11 @@ GUID: 26190899-1602-49e8-8b27-eb1d0a1ce869 Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. This rule prevents attacks like this by blocking Adobe Reader from creating additional processes. -This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019, SCCM CB 1810 +This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019 Intune name: Process creation from Adobe Reader (beta) -SCCM name: Not applicable +SCCM name: Not yet available GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c @@ -321,6 +321,8 @@ GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. With this rule, admins can prevent threats that abuse WMI to persist and stay hidden in WMI repository. +This rule was introduced in: Windows 10 1903, Windows Server 1903 + Intune name: Block persistence through WMI event subscription SCCM name: Not yet available From f0bc757c831247bff3837f4ab64ea68c6547579d Mon Sep 17 00:00:00 2001 From: Jake Mowrer <28117568+docbrown1981@users.noreply.github.com> Date: Mon, 19 Aug 2019 14:22:46 -0500 Subject: [PATCH 51/53] Update custom-detection-rules.md Adding verbiage about the requirement that the query must return specific fields for each row for it to work. Line 29 --- .../microsoft-defender-atp/custom-detection-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index 55180b158c..9561fe831c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -26,7 +26,7 @@ ms.topic: article Create custom detection rules from [Advanced hunting](overview-hunting.md) queries to automatically check for threat indicators and generate alerts whenever these indicators are found. >[!NOTE] ->To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. +>To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. For the detection rule to work properly and create alerts, the query must return in each row a set of MachineId, ReportId, EventTime which match to an actual event in advanced hunting. 1. In the navigation pane, select **Advanced hunting**. From 68ce895041b14e652e61b48478b2c224d747a187 Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Mon, 19 Aug 2019 14:23:31 -0700 Subject: [PATCH 52/53] Latest changes for publish today (#949) --- .../resolved-issues-windows-10-1607.yml | 8 ++------ .../resolved-issues-windows-10-1703.yml | 6 ------ .../resolved-issues-windows-10-1709.yml | 8 ++------ .../resolved-issues-windows-10-1803.yml | 18 ++++-------------- ...indows-10-1809-and-windows-server-2019.yml | 2 ++ ...ndows-7-and-windows-server-2008-r2-sp1.yml | 19 +++++++++++-------- ...windows-8.1-and-windows-server-2012-r2.yml | 16 ++++++++++------ ...esolved-issues-windows-server-2008-sp2.yml | 14 ++++++++++---- .../resolved-issues-windows-server-2012.yml | 16 ++++++++++------ ...indows-10-1607-and-windows-server-2016.yml | 4 ++-- .../status-windows-10-1709.yml | 4 ++-- .../status-windows-10-1803.yml | 8 ++++---- ...indows-10-1809-and-windows-server-2019.yml | 4 ++-- .../status-windows-10-1903.yml | 4 ++-- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- ...windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- 18 files changed, 71 insertions(+), 76 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index bf1e899bff..08b49123c4 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -52,10 +53,7 @@ sections: - - -
    SummaryOriginating updateStatusDate resolved
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved
    KB4512495    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Resolved
    KB4512495    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    End-user-defined characters (EUDC) may cause blue screen at startup
    If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup.

    See details >    		OS Build 14393.2879

    March 19, 2019
    KB4489889    		Resolved
    KB4493470    		April 09, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >    		OS Build 14393.2724

    January 08, 2019
    KB4480961    		Resolved
    KB4493470    		April 09, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    Users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

    See details >    		OS Build 14393.2791

    February 12, 2019
    KB4487026    		Resolved
    KB4489882    		March 12, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		OS Build 14393.2791

    February 12, 2019
    KB4487026    		Resolved
    KB4487006    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		OS Build 14393.2759

    January 17, 2019
    KB4480977    		Resolved
    KB4487006    		February 19, 2019
    02:00 PM PT
    Custom URI schemes may not start corresponding application
    Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

    See details >    		OS Build 14393.2848

    March 12, 2019
    KB4489882    		Resolved
    KB4493473    		April 25, 2019
    02:00 PM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		OS Build 14393.2791

    February 12, 2019
    KB4487026    		Resolved
    KB4487006    		February 19, 2019
    02:00 PM PT
    Issue hosting multiple terminal server sessions and a user logs off on Windows Server
    In some cases, Windows Server will stop working and restart when hosting multiple terminal server sessions and a user logs off.

    See details >    		OS Build 14393.2828

    February 19, 2019
    KB4487006    		Resolved
    KB4489882    		March 12, 2019
    10:00 AM PT
    " @@ -82,6 +80,7 @@ sections: - type: markdown text: " + @@ -139,8 +138,6 @@ sections:
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512495.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved
    KB4512495    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512517. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

    Affected platforms:
    • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4512517.

    Back to top    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 26, 2019
    04:58 PM PT
    - -
    DetailsOriginating updateStatusHistory
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
     
    For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
     
    Affected platforms:  
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4493470

    Back to top    		OS Build 14393.2791

    February 12, 2019
    KB4487026    		Resolved
    KB4493470    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    After installing KB4487026, users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4489882.

    Back to top    		OS Build 14393.2791

    February 12, 2019
    KB4487026    		Resolved
    KB4489882    		Resolved:
    March 12, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    After installing KB4487026, Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue is resolved in KB4487006.

    Back to top    		OS Build 14393.2791

    February 12, 2019
    KB4487026    		Resolved
    KB4487006    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487006.

    Back to top    		OS Build 14393.2791

    February 12, 2019
    KB4487026    		Resolved
    KB4487006    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Issue hosting multiple terminal server sessions and a user logs off on Windows Server
    In some cases, Windows Server will stop working and restart when hosting multiple terminal server sessions and a user logs off. The faulting driver is win32kbase.sys.

    Affected platforms:
    • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
    • Server: Windows Server 2016
    Resolution: This issue is resolved in KB4489882.

    Back to top    		OS Build 14393.2828

    February 19, 2019
    KB4487006    		Resolved
    KB4489882    		Resolved:
    March 12, 2019
    10:00 AM PT

    Opened:
    February 19, 2019
    02:00 PM PT
    " @@ -152,7 +149,6 @@ sections: -
    DetailsOriginating updateStatusHistory
    Internet Explorer 11 authentication issue with multiple concurrent logons
    After installing KB4480961, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
    • Cache size and location show zero or empty.
    • Keyboard shortcuts may not work properly.
    • Webpages may intermittently fail to load or render correctly.
    • Issues with credential prompts.
    • Issues when downloading files.
    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: This issue was resolved in KB4493470.

    Back to top    		OS Build 14393.2724

    January 08, 2019
    KB4480961    		Resolved
    KB4493470    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    After installing KB4480961, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4493470.

    Back to top    		OS Build 14393.2724

    January 08, 2019
    KB4480961    		Resolved
    KB4493470    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480977, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487006.

    Back to top    		OS Build 14393.2759

    January 17, 2019
    KB4480977    		Resolved
    KB4487006    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 17, 2019
    02:00 PM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index 89d2b4a9f4..22ddb295df 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -45,10 +45,7 @@ sections:
    End-user-defined characters (EUDC) may cause blue screen at startup
    If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

    See details >OS Build 15063.1716

    March 19, 2019
    KB4489888Resolved
    KB4493474April 09, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >OS Build 15063.1563

    January 08, 2019
    KB4480973Resolved
    KB4493474April 09, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    Users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

    See details >OS Build 15063.1659

    February 19, 2019
    KB4487011Resolved
    KB4489871March 12, 2019
    10:00 AM PT -
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >OS Build 15063.1631

    February 12, 2019
    KB4487020Resolved
    KB4487011February 19, 2019
    02:00 PM PT -
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >OS Build 15063.1596

    January 15, 2019
    KB4480959Resolved
    KB4487011February 19, 2019
    02:00 PM PT
    Custom URI schemes may not start corresponding application
    Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

    See details >OS Build 15063.1689

    March 12, 2019
    KB4489871Resolved
    KB4493436April 25, 2019
    02:00 PM PT -
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >OS Build 15063.1631

    February 12, 2019
    KB4487020Resolved
    KB4487011February 19, 2019
    02:00 PM PT " @@ -118,8 +115,6 @@ sections: - -
    DetailsOriginating updateStatusHistory
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
     
    For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
     
    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4493474

    Back to top    		OS Build 15063.1631

    February 12, 2019
    KB4487020    		Resolved
    KB4493474    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    After installing KB4487011, users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4489871.

    Back to top    		OS Build 15063.1659

    February 19, 2019
    KB4487011    		Resolved
    KB4489871    		Resolved:
    March 12, 2019
    10:00 AM PT

    Opened:
    February 19, 2019
    02:00 PM PT
    Internet Explorer may fail to load images
    After installing KB4487020, Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue is resolved in KB4487011.

    Back to top    		OS Build 15063.1631

    February 12, 2019
    KB4487020    		Resolved
    KB4487011    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487011.

    Back to top    		OS Build 15063.1631

    February 12, 2019
    KB4487020    		Resolved
    KB4487011    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    " @@ -129,6 +124,5 @@ sections: text: " -
    DetailsOriginating updateStatusHistory
    MSXML6 may cause applications to stop responding
    After installing KB4480973, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4493474.

    Back to top    		OS Build 15063.1563

    January 08, 2019
    KB4480973    		Resolved
    KB4493474    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480959, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487011.

    Back to top    		OS Build 15063.1596

    January 15, 2019
    KB4480959    		Resolved
    KB4487011    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 15, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index 876d623cf2..9bf77f7d45 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -46,9 +47,6 @@ sections: - - -
    SummaryOriginating updateStatusDate resolved
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    End-user-defined characters (EUDC) may cause blue screen at startup
    If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

    See details >    		OS Build 16299.1059

    March 19, 2019
    KB4489890    		Resolved
    KB4493441    		April 09, 2019
    10:00 AM PT
    MSXML6 causes applications to stop responding if an exception was thrown
    MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Resolved
    KB4493441    		April 09, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    Users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

    See details >    		OS Build 16299.967

    February 12, 2019
    KB4486996    		Resolved
    KB4489886    		March 12, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		OS Build 16299.967

    February 12, 2019
    KB4486996    		Resolved
    KB4487021    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		OS Build 16299.936

    January 15, 2019
    KB4480967    		Resolved
    KB4487021    		February 19, 2019
    02:00 PM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		OS Build 16299.967

    February 12, 2019
    KB4486996    		Resolved
    KB4487021    		February 19, 2019
    02:00 PM PT
    Stop error when attempting to start SSH from WSL
    A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

    See details >    		OS Build 16299.1029

    March 12, 2019
    KB4489886    		Resolved
    KB4493441    		April 09, 2019
    10:00 AM PT
    " @@ -75,6 +73,7 @@ sections: - type: markdown text: " +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512494.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512516. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    @@ -128,8 +127,6 @@ sections: - -
    DetailsOriginating updateStatusHistory
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
     
    For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
     
    Affected platforms:  
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4493441

    Back to top    		OS Build 16299.967

    February 12, 2019
    KB4486996    		Resolved
    KB4493441    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    After installing KB4486996, users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4489886.

    Back to top    		OS Build 16299.967

    February 12, 2019
    KB4486996    		Resolved
    KB4489886    		Resolved:
    March 12, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    After installing KB4486996, Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue is resolved in KB4487021.

    Back to top    		OS Build 16299.967

    February 12, 2019
    KB4486996    		Resolved
    KB4487021    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487021.

    Back to top    		OS Build 16299.967

    February 12, 2019
    KB4486996    		Resolved
    KB4487021    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    " @@ -139,6 +136,5 @@ sections: text: " -
    DetailsOriginating updateStatusHistory
    MSXML6 causes applications to stop responding if an exception was thrown
    After installing KB4480978, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4493441.

    Back to top    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Resolved
    KB4493441    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480967, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487021.

    Back to top    		OS Build 16299.936

    January 15, 2019
    KB4480967    		Resolved
    KB4487021    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 15, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index c94998225d..b3059b9fe8 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -32,6 +32,8 @@ sections: - type: markdown text: " + + @@ -44,10 +46,7 @@ sections: - - -
    SummaryOriginating updateStatusDate resolved
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved
    KB4512509    		August 19, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Resolved
    KB4512509    		August 19, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Difficulty connecting to some iSCSI-based SANs
    Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

    See details >    		OS Build 17134.799

    May 21, 2019
    KB4499183    		Resolved
    KB4509478    		June 26, 2019
    04:00 PM PT
    End-user-defined characters (EUDC) may cause blue screen at startup
    If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

    See details >    		OS Build 17134.677

    March 19, 2019
    KB4489894    		Resolved
    KB4493464    		April 09, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Resolved
    KB4493464    		April 09, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    Users may receive \"Error 1309\" while installing or uninstalling certain types of MSI and MSP files.

    See details >    		OS Build 17134.590

    February 12, 2019
    KB4487017    		Resolved
    KB4489868    		March 12, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		OS Build 17134.590

    February 12, 2019
    KB4487017    		Resolved
    KB4487029    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		OS Build 17134.556

    January 15, 2019
    KB4480976    		Resolved
    KB4487029    		February 19, 2019
    02:00 PM PT
    Custom URI schemes may not start corresponding application
    Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

    See details >    		OS Build 17134.648

    March 12, 2019
    KB4489868    		Resolved
    KB4493437    		April 25, 2019
    02:00 PM PT
    Cannot pin a web link on the Start menu or the taskbar
    Some users cannot pin a web link on the Start menu or the taskbar.

    See details >    		OS Build 17134.471

    December 11, 2018
    KB4471324    		Resolved
    KB4487029    		February 19, 2019
    02:00 PM PT
    Stop error when attempting to start SSH from WSL
    A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

    See details >    		OS Build 17134.648

    March 12, 2019
    KB4489868    		Resolved
    KB4493464    		April 09, 2019
    10:00 AM PT
    " @@ -64,6 +63,7 @@ sections: - type: markdown text: " +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512509. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512509 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Resolved
    KB4512509    		Resolved:
    August 19, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -73,6 +73,7 @@ sections: - type: markdown text: " +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512509.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved
    KB4512509    		Resolved:
    August 19, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512501. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    @@ -126,7 +127,6 @@ sections: -
    DetailsOriginating updateStatusHistory
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
     
    For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
     
    Affected platforms:  
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4493464

    Back to top    		OS Build 17134.590

    February 12, 2019
    KB4487017    		Resolved
    KB4493464    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    After installing KB4487017, users may received \"Error 1309\" while installing or uninstalling certain types of MSI and MSP files. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4489868.

    Back to top    		OS Build 17134.590

    February 12, 2019
    KB4487017    		Resolved
    KB4489868    		Resolved:
    March 12, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    After installing KB4487017, Internet Explorer may fail to load images with a backslash (\\) in their relative source path. 

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
    Resolution: This issue is resolved in KB4487029

    Back to top    		OS Build 17134.590

    February 12, 2019
    KB4487017    		Resolved
    KB4487029    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    " @@ -136,15 +136,5 @@ sections: text: " - -
    DetailsOriginating updateStatusHistory
    MSXML6 may cause applications to stop responding
    After installing KB4480966, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue was resolved in KB4493464

    Back to top    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Resolved
    KB4493464    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    First character of the Japanese era name not recognized
    After installing KB4480976, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487029

    Back to top    		OS Build 17134.556

    January 15, 2019
    KB4480976    		Resolved
    KB4487029    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    - " - -- title: December 2018 -- items: - - type: markdown - text: " - -
    DetailsOriginating updateStatusHistory
    Cannot pin a web link on the Start menu or the taskbar
    After installing KB4471324, some users cannot pin a web link on the Start menu or the taskbar. 

    Affected platforms:
    • Client: Windows 10, version 1803
    • Server: Windows Server, version 1803
    Resolution: This issue is resolved in KB4487029

    Back to top    		OS Build 17134.471

    December 11, 2018
    KB4471324    		Resolved
    KB4487029    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    December 11, 2018
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index dc24852730..c70c55ae78 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -87,6 +88,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusDate resolved
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512534.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved
    KB4512534    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4511553. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 7135d3adff..b30db83a7d 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -40,17 +41,14 @@ sections: + - - - -
    SummaryOriginating updateStatusDate resolved
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Resolved
    KB4512514    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Unable to access some gov.uk websites
    gov.uk websites that don’t support “HSTS” may not be accessible

    See details >    		May 14, 2019
    KB4499164    		Resolved
    KB4505050    		May 18, 2019
    02:00 PM PT
    System may be unresponsive after restart if ArcaBit antivirus software installed
    Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		May 14, 2019
    01:23 PM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		May 14, 2019
    01:22 PM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Devices with Avira antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		May 14, 2019
    01:21 PM PT
    Authentication may fail for services after the Kerberos ticket expires
    Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

    See details >    		March 12, 2019
    KB4489878    		Resolved
    KB4499164    		May 14, 2019
    10:00 AM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    See details >    		February 12, 2019
    KB4486563    		Resolved
    KB4493472    		April 09, 2019
    10:00 AM PT
    Devices may not respond at login or Welcome screen if running certain Avast software
    Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

    See details >    		April 09, 2019
    KB4493472    		Resolved
    		April 25, 2019
    02:00 PM PT
    NETDOM.EXE fails to run
    NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.

    See details >    		March 12, 2019
    KB4489878    		Resolved
    KB4493472    		April 09, 2019
    10:00 AM PT
    Custom URI schemes may not start corresponding application
    Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

    See details >    		March 12, 2019
    KB4489878    		Resolved
    KB4493472    		April 09, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		February 12, 2019
    KB4486563    		Resolved
    KB4486565    		February 19, 2019
    02:00 PM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		February 12, 2019
    KB4486563    		Resolved
    KB4486565    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		January 17, 2019
    KB4480955    		Resolved
    KB4486565    		February 19, 2019
    02:00 PM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

    See details >    		January 08, 2019
    KB4480970    		Resolved
    KB4493472    		April 09, 2019
    10:00 AM PT
    Event Viewer may not show some event descriptions for network interface cards
    The Event Viewer may not show some event descriptions for network interface cards (NIC).

    See details >    		October 18, 2018
    KB4462927    		Resolved
    KB4489878    		March 12, 2019
    10:00 AM PT
    Virtual machines fail to restore
    Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

    See details >    		January 08, 2019
    KB4480970    		Resolved
    KB4490511    		February 19, 2019
    02:00 PM PT
    " @@ -71,6 +69,15 @@ sections: " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503292 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512514.

    Back to top    		June 11, 2019
    KB4503292    		Resolved
    KB4512514    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown @@ -120,8 +127,6 @@ sections: text: " - -
    DetailsOriginating updateStatusHistory
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
     
    For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
     
    Affected platforms:  
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4493472

    Back to top    		February 12, 2019
    KB4486563    		Resolved
    KB4493472    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4486565.

    Back to top    		February 12, 2019
    KB4486563    		Resolved
    KB4486565    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Internet Explorer may fail to load images
    After installing KB4486563, Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1 
    Resolution: This issue is resolved in KB4486565.

    Back to top    		February 12, 2019
    KB4486563    		Resolved
    KB4486565    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    " @@ -130,9 +135,7 @@ sections: - type: markdown text: " - -
    DetailsOriginating updateStatusHistory
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480955, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4486565.

    Back to top    		January 17, 2019
    KB4480955    		Resolved
    KB4486565    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 17, 2019
    10:00 AM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    After installing KB4480970, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
    • Cache size and location show zero or empty.
    • Keyboard shortcuts may not work properly.
    • Webpages may intermittently fail to load or render correctly.
    • Issues with credential prompts.
    • Issues when downloading files.
    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: This issue is resolved in KB4493472.

    Back to top    		January 08, 2019
    KB4480970    		Resolved
    KB4493472    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Virtual machines fail to restore
    After installing KB4480970, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490511.

    Back to top    		January 08, 2019
    KB4480970    		Resolved
    KB4490511    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index 3c832e536c..cee285c22f 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -43,8 +44,6 @@ sections: - - @@ -52,7 +51,6 @@ sections: -
    SummaryOriginating updateStatusDate resolved
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Resolved
    KB4512478    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    System may be unresponsive after restart if ArcaBit antivirus software installed
    Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493446    		Resolved
    		May 14, 2019
    01:22 PM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493446    		Resolved
    		May 14, 2019
    01:22 PM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Devices with Avira antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493446    		Resolved
    		May 14, 2019
    01:21 PM PT
    Internet Explorer may fail to load images
    Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    See details >    		February 12, 2019
    KB4487000    		Resolved
    KB4487016    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		January 15, 2019
    KB4480969    		Resolved
    KB4487016    		February 19, 2019
    02:00 PM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    See details >    		February 12, 2019
    KB4487000    		Resolved
    KB4493446    		April 09, 2019
    10:00 AM PT
    Devices may not respond at login or Welcome screen if running certain Avast software
    Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

    See details >    		April 09, 2019
    KB4493446    		Resolved
    		April 25, 2019
    02:00 PM PT
    Devices with winsock kernel client may receive error
    Devices with a winsock kernel client may receive D1, FC, and other errors.

    See details >    		March 12, 2019
    KB4489881    		Resolved
    KB4489893    		March 19, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    Users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

    See details >    		February 19, 2019
    KB4487016    		Resolved
    KB4489881    		March 12, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding.
    MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >    		January 08, 2019
    KB4480963    		Resolved
    KB4493446    		April 09, 2019
    10:00 AM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

    See details >    		January 08, 2019
    KB4480963    		Resolved
    KB4493446    		April 09, 2019
    10:00 AM PT
    Virtual machines fail to restore
    Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

    See details >    		January 08, 2019
    KB4480963    		Resolved
    KB4490512    		February 19, 2019
    02:00 PM PT
    " @@ -73,6 +71,15 @@ sections: " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503276 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512478.

    Back to top    		June 11, 2019
    KB4503276    		Resolved
    KB4512478    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown @@ -122,7 +129,6 @@ sections: - type: markdown text: " -
    DetailsOriginating updateStatusHistory
    Internet Explorer may fail to load images
    After installing KB4487000, Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1 
    Resolution: This issue is resolved in KB4487016.

    Back to top    		February 12, 2019
    KB4487000    		Resolved
    KB4487016    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.

    Affected platforms 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4493446.

    Back to top    		February 12, 2019
    KB4487000    		Resolved
    KB4493446    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    After installing KB4487016, users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
    Resolution: This issue is resolved in KB4489881.

    Back to top    		February 19, 2019
    KB4487016    		Resolved
    KB4489881    		Resolved:
    March 12, 2019
    10:00 AM PT

    Opened:
    February 19, 2019
    02:00 PM PT
    @@ -133,9 +139,7 @@ sections: - type: markdown text: " - -
    DetailsOriginating updateStatusHistory
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480969, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4487016.

    Back to top    		January 15, 2019
    KB4480969    		Resolved
    KB4487016    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 15, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding.
    After installing KB4480963, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4493446.

    Back to top    		January 08, 2019
    KB4480963    		Resolved
    KB4493446    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    After installing KB4480963, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
    • Cache size and location show zero or empty.
    • Keyboard shortcuts may not work properly.
    • Webpages may intermittently fail to load or render correctly.
    • Issues with credential prompts.
    • Issues when downloading files.
    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: This issue is resolved in KB4493446.

    Back to top    		January 08, 2019
    KB4480963    		Resolved
    KB4493446    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Virtual machines fail to restore
    After installing KB4480963, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490512.

    Back to top    		January 08, 2019
    KB4480963    		Resolved
    KB4490512    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index 8ca80054e9..df7f82cfb2 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -39,10 +40,8 @@ sections: - -
    SummaryOriginating updateStatusDate resolved
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4512499    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Event Viewer may close or you may receive an error when using Custom Views
    When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4503271    		June 20, 2019
    02:00 PM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Devices with Avira antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493471    		Resolved
    		May 14, 2019
    01:19 PM PT
    Authentication may fail for services after the Kerberos ticket expires
    Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

    See details >    		March 12, 2019
    KB4489880    		Resolved
    KB4499149    		May 14, 2019
    10:00 AM PT
    NETDOM.EXE fails to run
    NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.

    See details >    		March 12, 2019
    KB4489880    		Resolved
    KB4493471    		April 09, 2019
    10:00 AM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		February 12, 2019
    KB4487023    		Resolved
    KB4487022    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		January 17, 2019
    KB4480974    		Resolved
    KB4489880    		March 12, 2019
    10:00 AM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    See details >    		February 12, 2019
    KB4487023    		Resolved
    KB4493471    		April 09, 2019
    10:00 AM PT
    Virtual machines fail to restore
    Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

    See details >    		January 08, 2019
    KB4480968    		Resolved
    KB4490514    		February 19, 2019
    02:00 PM PT
    " @@ -63,6 +62,15 @@ sections: " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503273 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512499.

    Back to top    		June 11, 2019
    KB4503273    		Resolved
    KB4512499    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown @@ -97,7 +105,6 @@ sections: - type: markdown text: " -
    DetailsOriginating updateStatusHistory
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487022.

    Back to top    		February 12, 2019
    KB4487023    		Resolved
    KB4487022    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.

    Affected platforms 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4493471.

    Back to top    		February 12, 2019
    KB4487023    		Resolved
    KB4493471    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    " @@ -108,6 +115,5 @@ sections: text: " -
    DetailsOriginating updateStatusHistory
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480974, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4489880.

    Back to top    		January 17, 2019
    KB4480974    		Resolved
    KB4489880    		Resolved:
    March 12, 2019
    10:00 AM PT

    Opened:
    January 17, 2019
    10:00 AM PT
    Virtual machines fail to restore
    After installing KB4480968, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490514.

    Back to top    		January 08, 2019
    KB4480968    		Resolved
    KB4490514    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 7725b0bf92..4bd64240b8 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -42,13 +43,10 @@ sections: - - -
    SummaryOriginating updateStatusDate resolved
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4512512    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Some devices and generation 2 Hyper-V VMs may have issues installing updates
    Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4503295    		June 21, 2019
    02:00 PM PT
    Layout and cell size of Excel sheets may change when using MS UI Gothic
    When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

    See details >    		April 25, 2019
    KB4493462    		Resolved
    KB4499171    		May 14, 2019
    10:00 AM PT
    System unresponsive after restart if Sophos Endpoint Protection installed
    Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493451    		Resolved
    		May 14, 2019
    01:21 PM PT
    System may be unresponsive after restart if Avira antivirus software installed
    Devices with Avira antivirus software installed may become unresponsive upon restart.

    See details >    		April 09, 2019
    KB4493451    		Resolved
    		May 14, 2019
    01:19 PM PT
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    See details >    		February 12, 2019
    KB4487025    		Resolved
    KB4487024    		February 19, 2019
    02:00 PM PT
    First character of the Japanese era name not recognized as an abbreviation
    The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    See details >    		January 15, 2019
    KB4480971    		Resolved
    KB4487024    		February 19, 2019
    02:00 PM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    See details >    		February 12, 2019
    KB4487025    		Resolved
    KB4493451    		April 09, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    Users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

    See details >    		February 12, 2019
    KB4487025    		Resolved
    KB4489891    		March 12, 2019
    10:00 AM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

    See details >    		January 08, 2019
    KB4480975    		Resolved
    KB4493451    		April 09, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    See details >    		January 08, 2019
    KB4480975    		Resolved
    KB4493451    		April 09, 2019
    10:00 AM PT
    Virtual machines fail to restore
    Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

    See details >    		January 08, 2019
    KB4480975    		Resolved
    KB4490516    		February 19, 2019
    02:00 PM PT
    Event Viewer may not show some event descriptions for network interface cards
    The Event Viewer may not show some event descriptions for network interface cards (NIC).

    See details >    		September 11, 2018
    KB4457135    		Resolved
    KB4489891    		March 12, 2019
    10:00 AM PT
    " @@ -70,6 +68,15 @@ sections: " +- title: July 2019 +- items: + - type: markdown + text: " + + +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503285 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512512.

    Back to top    		June 11, 2019
    KB4503285    		Resolved
    KB4512512    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    + " + - title: June 2019 - items: - type: markdown @@ -115,7 +122,6 @@ sections: - type: markdown text: " -
    DetailsOriginating updateStatusHistory
    Applications using Microsoft Jet database and Access 95 file format stop working
    Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487024.

    Back to top    		February 12, 2019
    KB4487025    		Resolved
    KB4487024    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Embedded objects may display incorrectly
    Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

    For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.

    Affected platforms 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
    Resolution: This issue is resolved in KB4493451.

    Back to top    		February 12, 2019
    KB4487025    		Resolved
    KB4493451    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    Error 1309 when installing/uninstalling MSI or MSP files
    After installing KB4487025, users may receive \"Error 1309\" while installing or uninstalling certain types of MSI and MSP files.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4489891.

    Back to top    		February 12, 2019
    KB4487025    		Resolved
    KB4489891    		Resolved:
    March 12, 2019
    10:00 AM PT

    Opened:
    February 12, 2019
    10:00 AM PT
    @@ -126,10 +132,8 @@ sections: - type: markdown text: " - -
    DetailsOriginating updateStatusHistory
    First character of the Japanese era name not recognized as an abbreviation
    After installing KB4480971, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4487024.

    Back to top    		January 15, 2019
    KB4480971    		Resolved
    KB4487024    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 15, 2019
    10:00 AM PT
    Internet Explorer 11 authentication issue with multiple concurrent logons
    After installing KB4480975, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
    • Cache size and location show zero or empty.
    • Keyboard shortcuts may not work properly.
    • Webpages may intermittently fail to load or render correctly.
    • Issues with credential prompts.
    • Issues when downloading files.
    Affected platforms: 
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Resolution: This issue is resolved in KB4493451.

    Back to top    		January 08, 2019
    KB4480975    		Resolved
    KB4493451    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    MSXML6 may cause applications to stop responding
    After installing KB4480975, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

    The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
    Resolution: This issue is resolved in KB4493451.

    Back to top    		January 08, 2019
    KB4480975    		Resolved
    KB4493451    		Resolved:
    April 09, 2019
    10:00 AM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    Virtual machines fail to restore
    After installing KB4480975, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, \"Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).\"

    This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

    Affected platforms: 
    • Client: Windows 8.1; Windows 7 SP1 
    • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue is resolved in KB4490516.

    Back to top    		January 08, 2019
    KB4480975    		Resolved
    KB4490516    		Resolved:
    February 19, 2019
    02:00 PM PT

    Opened:
    January 08, 2019
    10:00 AM PT
    " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 4a6c046585..cca3c91d12 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,13 +60,13 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + - @@ -96,10 +96,10 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved
    KB4512495    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 14393.3144

    August 13, 2019
    KB4512517    		Resolved
    KB4512495    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

    See details >    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 14393.3053

    June 18, 2019
    KB4503294    		Investigating
    		August 01, 2019
    05:00 PM PT
    SCVMM cannot enumerate and manage logical switches deployed on the host
    For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

    See details >    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Resolved
    KB4507459    		July 16, 2019
    10:00 AM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 14393.2724

    January 08, 2019
    KB4480961    		Mitigated
    		April 25, 2019
    02:00 PM PT
    Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
    Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

    See details >    		OS Build 14393.2608

    November 13, 2018
    KB4467691    		Mitigated
    		February 19, 2019
    10:00 AM PT
    Cluster service may fail if the minimum password length is set to greater than 14
    The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

    See details >    		OS Build 14393.2639

    November 27, 2018
    KB4467684    		Mitigated
    		April 25, 2019
    02:00 PM PT
    + -
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512495.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Resolved
    KB4512495    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512517. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 14393.3115

    July 16, 2019
    KB4507459    		Resolved
    KB4512517    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Internet Explorer 11 and apps using the WebBrowser control may fail to render
    Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

    Affected platforms:
    • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server 2016
    Resolution: This issue was resolved in KB4512517.

    Back to top    		OS Build 14393.3085

    July 09, 2019
    KB4507460    		Resolved
    KB4512517    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 26, 2019
    04:58 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 14393.3025

    June 11, 2019
    KB4503267    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 22dc09d48a..9fa8392574 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 16299.1331

    August 13, 2019
    KB4512516    		Resolved
    KB4512494    		August 16, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 16299.904

    January 08, 2019
    KB4480978    		Mitigated
    		April 25, 2019
    02:00 PM PT
    " @@ -90,9 +90,9 @@ sections: - type: markdown text: " + -
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512494.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Resolved
    KB4512494    		Resolved:
    August 16, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512516. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 16299.1296

    July 16, 2019
    KB4507465    		Resolved
    KB4512516    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 16299.1217

    June 11, 2019
    KB4503284    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index a0e9fb7109..c9f0739b5a 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,10 +65,10 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + + -
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		August 17, 2019
    01:37 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved
    KB4512509    		August 19, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Resolved
    KB4512509    		August 19, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Startup to a black screen after installing updates
    Your device may startup to a black screen during the first logon after installing updates.

    See details >    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		June 14, 2019
    04:41 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 17134.523

    January 08, 2019
    KB4480966    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -86,7 +86,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

    The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Investigating
    		Last updated:
    August 17, 2019
    01:37 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: This issue was resolved in KB4512509. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512509 and install. For instructions, see Update Windows 10.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 17134.950

    August 13, 2019
    KB4512501    		Resolved
    KB4512509    		Resolved:
    August 19, 2019
    02:00 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    " @@ -96,9 +96,9 @@ sections: - type: markdown text: " + -
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512509.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Resolved
    KB4512509    		Resolved:
    August 19, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4512501. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 17134.915

    July 16, 2019
    KB4507466    		Resolved
    KB4512501    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17134.829

    June 11, 2019
    KB4503286    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 9be5808d94..4c3dfc4364 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,11 +64,11 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + - @@ -98,9 +98,9 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 17763.678

    August 13, 2019
    KB4511553    		Resolved
    KB4512534    		August 17, 2019
    02:00 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		August 13, 2019
    10:00 AM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Apps and scripts using the NetQueryDisplayInformation API may fail with error
    Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

    See details >    		OS Build 17763.55

    October 09, 2018
    KB4464330    		Investigating
    		August 01, 2019
    05:00 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Startup to a black screen after installing updates
    Your device may startup to a black screen during the first logon after installing updates.

    See details >    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Mitigated
    		June 14, 2019
    04:41 PM PT
    Devices with some Asian language packs installed may receive an error
    After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F

    See details >    		OS Build 17763.437

    April 09, 2019
    KB4493509    		Mitigated
    		May 03, 2019
    10:59 AM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

    See details >    		OS Build 17763.253

    January 08, 2019
    KB4480116    		Mitigated
    		April 09, 2019
    10:00 AM PT
    + -
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512534.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Resolved
    KB4512534    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

    To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

    Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
    HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
    Resolution: This issue was resolved in KB4511553. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

    Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

    Back to top    		OS Build 17763.652

    July 22, 2019
    KB4505658    		Resolved
    KB4511553    		Resolved:
    August 13, 2019
    10:00 AM PT

    Opened:
    July 25, 2019
    06:10 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 17763.557

    June 11, 2019
    KB4503327    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 1039a0f7f1..1d23df7da7 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    - + @@ -96,7 +96,7 @@ sections: - type: markdown text: "
    SummaryOriginating updateStatusLast updated
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		August 17, 2019
    01:38 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		August 17, 2019
    01:49 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 16, 2019
    04:28 PM PT
    Domain connected devices that use MIT Kerberos realms will not start up
    Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

    See details >    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		August 09, 2019
    07:03 PM PT
    - +
    DetailsOriginating updateStatusHistory
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		Last updated:
    August 17, 2019
    01:38 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

    Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

    Back to top    		OS Build 18362.295

    August 13, 2019
    KB4512508    		Investigating
    		Last updated:
    August 17, 2019
    01:49 PM PT

    Opened:
    August 14, 2019
    03:34 PM PT
    Updates may fail to install and you may receive Error 0x80073701
    Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

    Affected platforms:
    • Client: Windows 10, version 1903
    • Server: Windows Server, version 1903
    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		OS Build 18362.145

    May 29, 2019
    KB4497935    		Investigating
    		Last updated:
    August 16, 2019
    04:28 PM PT

    Opened:
    August 16, 2019
    01:41 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

    Affected platforms:
    • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
    Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

    Back to top    		OS Build 18362.175

    June 11, 2019
    KB4503293    		Resolved External
    		Last updated:
    August 09, 2019
    07:03 PM PT

    Opened:
    August 09, 2019
    04:25 PM PT
    diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 32a79ba231..15f5bd4ccc 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,12 +60,12 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Resolved
    KB4512514    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512506    		Resolved
    KB4517297    		August 16, 2019
    02:00 PM PT
    IA64 and x64 devices may fail to start after installing updates
    After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

    See details >    		August 13, 2019
    KB4512506    		Mitigated
    		August 17, 2019
    12:59 PM PT
    Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
    Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

    See details >    		August 13, 2019
    KB4512506    		Investigating
    		August 16, 2019
    04:28 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493472    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503292    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503292    		Mitigated
    		July 10, 2019
    02:59 PM PT
    " @@ -93,7 +93,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503292 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server, set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.

    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    2. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		June 11, 2019
    KB4503292    		Mitigated
    		Last updated:
    July 10, 2019
    02:59 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503292 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512514.

    Back to top    		June 11, 2019
    KB4503292    		Resolved
    KB4512514    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 9d7b7f6c5a..3efbd362b4 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Resolved
    KB4512478    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512488    		Resolved
    KB4517298    		August 16, 2019
    02:00 PM PT
    System may be unresponsive after restart with certain McAfee antivirus products
    Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

    See details >    		April 09, 2019
    KB4493446    		Resolved External
    		August 13, 2019
    06:59 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503276    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503276    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493443    		Mitigated
    		May 15, 2019
    05:53 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

    See details >    		January 08, 2019
    KB4480963    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -91,7 +91,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503276 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		June 11, 2019
    KB4503276    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503276 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512478.

    Back to top    		June 11, 2019
    KB4503276    		Resolved
    KB4512478    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index b8b9bb20a0..d1010bdae7 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Resolved
    KB4512499    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512476    		Resolved
    KB4517301    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503273    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503273    		Mitigated
    		July 10, 2019
    02:59 PM PT
    " @@ -88,6 +88,6 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503273 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server, set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.

    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    2. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		June 11, 2019
    KB4503273    		Mitigated
    		Last updated:
    July 10, 2019
    02:59 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503273 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512499.

    Back to top    		June 11, 2019
    KB4503273    		Resolved
    KB4512499    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index df2dfdfbe6..055acb57ff 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
    This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

    + -
    SummaryOriginating updateStatusLast updated
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Resolved
    KB4512512    		August 17, 2019
    02:00 PM PT
    Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
    Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

    See details >    		August 13, 2019
    KB4512518    		Resolved
    KB4517302    		August 16, 2019
    02:00 PM PT
    MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
    You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

    See details >    		June 11, 2019
    KB4503285    		Resolved External
    		August 09, 2019
    07:03 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

    See details >    		June 11, 2019
    KB4503285    		Mitigated
    		July 10, 2019
    07:09 PM PT
    Japanese IME doesn't show the new Japanese Era name as a text input option
    If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

    See details >    		April 25, 2019
    KB4493462    		Mitigated
    		May 15, 2019
    05:53 PM PT
    Certain operations performed on a Cluster Shared Volume may fail
    Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

    See details >    		January 08, 2019
    KB4480975    		Mitigated
    		April 25, 2019
    02:00 PM PT
    @@ -90,7 +90,7 @@ sections: - type: markdown text: " - +
    DetailsOriginating updateStatusHistory
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503285 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Workaround:
    To mitigate this issue on an SCCM server:
    1. Verify Variable Window Extension is enabled.
    2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
    Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

    To mitigate this issue on a WDS server without SCCM:
    1. In WDS TFTP settings, verify Variable Window Extension is enabled.
    2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
    3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
    Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

    Next steps: We are working on a resolution and will provide an update in an upcoming release.

    Back to top    		June 11, 2019
    KB4503285    		Mitigated
    		Last updated:
    July 10, 2019
    07:09 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    Devices starting using PXE from a WDS or SCCM servers may fail to start
    Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503285 on a WDS server.

    Affected platforms:
    • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
    Resolution: This issue was resolved in KB4512512.

    Back to top    		June 11, 2019
    KB4503285    		Resolved
    KB4512512    		Resolved:
    August 17, 2019
    02:00 PM PT

    Opened:
    July 10, 2019
    02:51 PM PT
    " From c60ebe4b1ed5e13c50a8b77d60d4b637c5887afd Mon Sep 17 00:00:00 2001 From: lomayor Date: Mon, 19 Aug 2019 14:28:25 -0700 Subject: [PATCH 53/53] Update microsoft-defender-atp-mac-install-manually.md --- .../microsoft-defender-atp-mac-install-manually.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index 872f7f0588..e3142e03ef 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -148,7 +148,7 @@ realTimeProtectionEnabled : true mdatp --health orgId ``` -2. Install the configuration file on a client machine: +2. Run the Python script to install the configuration file: ```bash /usr/bin/python WindowsDefenderATPOnboarding.py